Skip to main content

Using Base64 Encryption for PHP APIs


Introduction:
This tutorial is on how to use encryption to transfer data securely, or at least more seucrely than plain text, from a Visual Basic application (or other source) to a PHP API.

Why Cryptography?
Cryptography should be used for all sensitive information being used in public release applications, or if the data is sent cross-networks. This is because any attackers or hackers would have to work that little bit extra in order to decrypt any information they manage to receive/intercept.

PHP?
PHP has a couple of cryptography functions built in to it, including; Base64 and MD5. We will be using Base64 for this tutorial since it is decodable while MD5 is a one way encryption.

Source:
So, to decode the base 64 data in the PHP API, the receiving data must be base 64 encrypted/encoded. I will be using Visual Basic for my example of uploading POST information. (refer to this tutorial for uploading plain text POST information; http://www.sourcecodester.com/tutorials/visual-basic-net/7704/uploading-post-data-php-visual-basicnet.html).

Visual Basic .NET also has a Base64 function included within it's .NET framework which makes it easy for us to encode the data just before sending, to do this we simply use the 'ToBase64String' function from the 'Convert' namespace. We convert the plain text information to a base64 encrypted/encoded string, from there we get the bytes and send those the our PHP API.

OLD:

  1. Dim byteData As Byte() = Encoding.Default.GetBytes(Convert.ToBase64String(p))

NEW:

  1. Dim byteData As Byte() = p

FULL:

  1. Private Function sendPost(ByVal p As Byte()) As String
  2. Dim encoding As New UTF8Encoding
  3. Dim byteData As Byte() = Encoding.Default.GetBytes(Convert.ToBase64String(p))
  4. Dim postReq As HttpWebRequest = DirectCast(WebRequest.Create("http://www.website.com/upload.php"), HttpWebRequest)
  5. postReq.Method = "POST"
  6. postReq.KeepAlive = True
  7. postReq.ContentType = "application/x-www-form-urlencoded"
  8. postReq.UserAgent = "Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)"
  9. postReq.ContentLength = byteData.Length
  10. End Function

Destination:
Again, please refer to this tutorial, for PHP plain text POST uploading via Visual Basic .NET; .

To enable base64 decryption on to our PHP API, we want to use the simple 'DecodeBase64' function PHP has bulit in to it. The function accepts one base64 string, and returns it decoded; this means we can simply output the value straight from the function;

  1. <?php
  2. if (isSet($_POST['message'])) {
  3. echo base64_decode($_POST['message']); //Output the message decoded to plain text from base64 encryption.
  4. }else
  5. echo 'No message POST data found.';
  6. ?>

Conculsion:
To conclude this tutorial, our modified scripts above from my reference and previously uploaded tutorial now transfers base64 encoded data from the .NET application to the PHP server file. This stops attackers from simply sniffing network packets and catching plain text passwords as easily.

Finished!

Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. After downloading it, you will need a program like Winzip to decompress it.

Virus note: All files are scanned once-a-day by SourceCodester.com for viruses, but new viruses come out every day, so no prevention program can catch 100% of them.

FOR YOUR OWN SAFETY, PLEASE:

1. Re-scan downloaded files using your personal virus checker before using it.
2. NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.

Add new comment

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.