|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
Encrypt URL Query ParametersDemonstrates how to encrypt URL query parameters. Query parameter values are encrypted using AES encryption and then base64 encoded. Base64 encoding is the most efficient means of transforming binary data into printable chars. In Base64 encoding, 4 printable chars represent 3 binary bytes. Therefore, the size of the output is expanded by 4/3rds. In addition, the output of AES encryption is always padded to a multiple of 16 bytes (prior to base64 encoding). One issue with Base64 encoding is that the following alphabet is used: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/ The "+" and "/" characters would disrupt a URL. Therefore, you'll want to URL-encode the base64 output. This example shows how to do it, and then how to reverse the process. PS> The Base64 encoding algorithm may also include one or two "=" characters at the very end of the encoded data, and this would also disrupt a URL...
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body> <% set crypt = Server.CreateObject("Chilkat_9_5_0.Crypt2") ' We want to arrive at a URL with encrypted query parameter ' values, such as: ' www.chilkatsoft.com/login?fieldOne=xxxxxxxxxxxx&fieldTwo=xxxxxxxxxxxx&fieldThree=xxxxxxxxxxx&fieldFour=xxxxxxxxxxx ' Any string argument automatically begins the 30-day trial. success = crypt.UnlockComponent("30-day trial") If (success <> 1) Then Response.Write "<pre>" & Server.HTMLEncode(crypt.LastErrorText) & "</pre>" End If fieldOne = "This is a test" crypt.CryptAlgorithm = "aes" ' The default cipher mode is CBC (Cipher Block Chaining) ' We'll use ECB here because the amount of data to be ' encrypted is small anyway... crypt.CipherMode = "ecb" ' AES supports 128, 192, and 256-bit encryption. crypt.KeyLength = 128 ' We need a 16-byte secret key (i.e. 128 bits) crypt.SetEncodedKey "000102030405060708090A0B0C0D0E0F","hex" crypt.EncodingMode = "base64" e1 = crypt.EncryptStringENC(fieldOne) Response.Write "<pre>" & Server.HTMLEncode( e1) & "</pre>" ' Let's URL encode it: crypt.CryptAlgorithm = "none" crypt.EncodingMode = "url" ' Because the encryption algorithm = "none", it's a simple ' pass-through with encoding... e2 = crypt.EncryptStringENC(e1) Response.Write "<pre>" & Server.HTMLEncode( e2) & "</pre>" ' Now form the URL: url = "http://www.chilkatsoft.com/login?fieldOne=" & e2 Response.Write "<pre>" & Server.HTMLEncode( url) & "</pre>" ' Now reverse the process: crypt.CryptAlgorithm = "none" crypt.EncodingMode = "url" d2 = crypt.DecryptStringENC(e2) ' Back to base64: Response.Write "<pre>" & Server.HTMLEncode( d2) & "</pre>" ' Now back to the original string: crypt.CryptAlgorithm = "aes" crypt.EncodingMode = "base64" d1 = crypt.DecryptStringENC(d2) Response.Write "<pre>" & Server.HTMLEncode( d1) & "</pre>" ' A final note: If decrypting in ASP or ASP.NET, ' depending on what you're doing, ' you may not need the explicit URL-decoding step. ' It may be that ASP already did the URL decoding when you ' fetch the query parameter value. If so, you only need ' to decrypt using base64 for the encoding mode. %> </body> </html> |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.