I'm trying to encrypt some data using crypt::encrypt in Laravel. I need to decrypt this encryption in iOS and Android apps. Any idea?
Asked
Active
Viewed 2,226 times
1
-
I would make a request to the laravel app in HTTPS to decrypt using crypt::decrypt. Otherwise, if you provide some decryption technique on the client side, I think that would be a huge security mistake. However, I am not a professional – Hammerbot Feb 22 '17 at 15:25
-
**Laravel's encrypter uses OpenSSL to provide AES-256 and AES-128 encryption** So you need to decrypt it in your apps the same way. http://stackoverflow.com/questions/21627863/decrypt-aes256-encrypted-bytes and http://stackoverflow.com/questions/27072021/aes-encrypt-and-decrypt – online Thomas Feb 22 '17 at 15:53
-
Possible duplicate of [How to decrypt in Java (Android) text that was encrypted with Crypt in Laravel?](https://stackoverflow.com/questions/32975822/how-to-decrypt-in-java-android-text-that-was-encrypted-with-crypt-in-laravel) – Rick Sanchez Jun 17 '19 at 18:19
1 Answers
6
Short answer: it is a bad idea, do not do it.
A little more detailed: It makes no sense. Laravel uses AES for encryption, which is a symmetric key algorithm: the same key is required for encryption and decryption. If you want to decrypt anything on the client side, you need the key to be known to the client - this basically renders the whole server-side encryption useless. To give advice on what to do instead, we need to know what you're trying to achieve:
- To transport the data securely between the Laravel-based server and the app? Use HTTPS.
- For anything else, the most likely answer is to use asymmetric encryption like RSA.
nxu
- 2,202
- 1
- 22
- 34
-
1A better solution might be to encrypt the file on the server with a public key generated by the client: http://php.net/manual/en/function.openssl-public-encrypt.php And decrypt it with the private key known by the client. – online Thomas Feb 23 '17 at 13:27