Here is an easy way to encrypt and then decrypt the data. Note, I don't print the binary encrypted string because it won't be printable.
use Crypt::Blowfish; my $Blowfish_Key = "An extremely dumb password you should change."; my $Blowfish_Cipher = new Crypt::Blowfish $Blowfish_Key; ### Remember, sentence has to be 8 long my $Sentence = "DumbWord"; my $Encrypted = $Blowfish_Cipher->encrypt($Sentence); my $Decrypted = $Blowfish_Cipher->decrypt($Encrypted); print "Do the next two lines match?\n"; print "$Sentence\n"; print "$Decrypted\n";
All we want to do is convert binary data to hex data. Why is hex data important? It is alphanumeric and won't screw up a browser with weird characters. There is no security using hex, but it is compact, and it is always a fixed length. It converts each character into a 2 hex characters (or numbers). Always having an exact length per character makes it easy to convert back to binary data.
Here is a simple command to convert a sentence to hex, and then converting it back to text.
my $Sentence = "This is a dumb sentence.\n"; print "$Sentence\n"; my $Hex = unpack("H*",$Sentence); print "$Hex\n"; my $Sentence2 = pack("H*",$Hex); print "$Sentence2\n";
First, I assume you are using mod_perl. In your root directory for the apache webserver, create this directory,
mkdir -p lib/perl/MyPackageThen copy the module below to the location lib/perl/MyPackage/Misc.pm.
To encrypt data,
use MyPackage::Misc; my $Data = "Just a dumb sentence I want to encrypt"; my $Encrypted = MyPackage::Misc->Encrypt($Data);
use MyPackage::Misc; my $Decrypted = MyPackage::Misc->Decrypt($Encrypted);
And here are the methods. You should really customize these modules for your needs. I kept $Blowfish_Cipher as a global variable for the package so that it only needs to get compiled once. I guess I might as well copyright it with the GPL just to promote GPL. Here is the GNU GPL license. (text version of this listing)
#!/usr/bin/perl # Copyright (C) 2000 Mark E. Nielsen at GNUJobs.com # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # Web-Encrypt-Example version 0, Copyright (C) 2000 Mark E. Nielsen at GNUJobs.com # Web-Encrypt-Example comes with ABSOLUTELY NO WARRANTY. # This is free software, and you are welcome # to redistribute it under certain conditions. # The Computer Underground, Inc., hereby disclaims all copyright # interest in the program `Web-Encrypt-Example' # written by Mark E. Nielsen. # Mark E. Nielsen, President of The Computer Underground package MyPackage::Misc; use strict; use Crypt::Blowfish; my $Blowfish_Key = "An extremely dumb password you should change."; my $Blowfish_Cipher = new Crypt::Blowfish $Blowfish_Key; #----------------------------------- sub Encrypt { my $self = shift; my $String = shift; my $Temp = $String; my $Encrypted = ""; while (length $Temp > 0) { ### If less than 8 characters, padd it with tabs while (length $Temp < 8) {$Temp .= "\t";} ### Ecnrypt the 8 length segment my $Temp2 = $Blowfish_Cipher->encrypt(substr($Temp,0,8)); ### Add it to the end $Encrypted .= $Temp2; ### If it is 8 or less, abort, otherwise get the next segment if (length $Temp > 8) {$Temp = substr($Temp,8);} else {$Temp = "";} } my $Unpacked = unpack("H*",$Encrypted); return ($Unpacked); } #-------------------------------- sub Decrypt { my $self = shift; my $String = shift; my $Packed = pack("H*",$String); my $Temp = $Packed; my $Decrypted = ""; while (length $Temp > 0) { my $Temp2 = substr($Temp,0,8); ### In theory, we could up with less than 8 characters, check if (length $Temp2 == 8) { my $Temp3 = $Blowfish_Cipher->decrypt($Temp2); $Decrypted .= $Temp3; } if (length $Temp > 8) {$Temp = substr($Temp,8);} else {$Temp = "";} } ### Getting rid of tabs at the end, which could be a bad thing ### but is how I did it. $Decrypted =~ s/\t+$//g; return ($Decrypted); }
NOTE: There is one special thing you ought to do when decrypting information. Check to see if it contains valid data. If it is numeric, make sure it is a number.Usually a smart idea is to always assume the number is positive and less than a billion, and do something like this,
my $Error = 1; if (($Value >0) && ($Value < 1000000000)) {$Error = 0;} if ($Error == 1) {print "Darn it, this sucks, no valid data, bye bye!"; exit;}
Also, if correctly setup, the encrypted data won't interfere with the person's web experience if you keep the encrypted data in hidden fields in the webpage.
If you wish to send out an email message to a user to view data on your website, sending an email with a link that contains encrypted data can be a way to protect people from understanding how your web pages work. It doesn't protect you too much, but the more irritating you make it, the more likely it is for someone to just not bother trying to figure out how you do things.
I haven't tested PHP or Python to see if they have an easy module for encrypting data. The only module that was easy to use in Perl was Blowfish. It was painful to get any others for Perl installed. If you come across any that were as easy to use, or easier than Blowish, please let me know at [email protected].