I am converting an image into base64 string and then sending it over HTTP. I want to encrypt the string and then decrypt the string at the server side, please provide me with some guidelines with respect to the encryption techniques so that the technique is platform independent at the client side. The client now uses Android technology, but there are plans for iPhone as well. The server side is PHP.
Asked
Active
Viewed 306 times
1
-
2http://stackoverflow.com/questions/1582894/how-to-send-password-securely-over-http – Tilak Madichetti Apr 27 '16 at 13:34
-
1Yes, this is what HTTPS is for. – Alex K. Apr 27 '16 at 13:38
-
If you are planning for iOS you have to use HTTPS. HTTP is forbidden in apps on iOS. – Robert Apr 27 '16 at 17:37
-
Is HTTPS completely secure method? What are the chances that a hacker hacks and gets the information? – Sreekanth Karumanaghat Apr 28 '16 at 05:01
1 Answers
0
If you're trying to protect from traffic capturing, use HTTPS.
If you must use HTTP, use a public RSA key to encrypt a generated AES key, and encrypt your string using the AES key. Then, on your server, use matched private RSA key to decrypt the AES key and decrypt your string with the AES key.
Daniel
- 573
- 6
- 14
-
How secure is HTTPS? What are the chances that some one hacks and gets information while using HTTPS? – Sreekanth Karumanaghat Apr 28 '16 at 05:09
-
If SSL is configured properly, chances are low. You can also use techniques like SSL Pinning to lower the chances even more. Note that SSL protects your data only in the transition, so when it come to server it's already decrypted. If you want to protect the data on the server, you can use both HTTPS and encryption as above, and decrypt the string to non persistent storage only. – Daniel Apr 28 '16 at 05:52