-1

I have an APP (Android) and a service made in PHP. I send information between them and now there is a security problem that I need to encrypt the data very much. I need to encrypt in java and when I get to the service (PHP) I need to decrypt the content that has arrived.

Is there any native function in JAVA and PHP that already does this?

I found some examples in Google and here in stackoverflow, but nothing that I described in PHP

William
  • 294
  • 3
  • 16
  • 2
    What you had tried so far? – Simmant Oct 27 '17 at 10:52
  • 3
    This is a very broad question. Do you need end-to-end encryption or just transport layer encryption? Do you want to use shared keys or public key crypto? What does "encrypt the data very much" mean? – jurez Oct 27 '17 at 10:53
  • I found this example and I'm implementing it, but I thought there was something different. http://www.androidsnippets.com/encrypt-decrypt-between-android-and-php.html – William Oct 27 '17 at 10:55
  • Just a suggestion about how you can describe your question, I will be great if you can give clear information about ecpyt/decpt you are implementing and code examples what you had tried so far. – Simmant Oct 27 '17 at 12:07
  • If you only need to have the data encryption in transit just use HTTPS. – zaph Oct 27 '17 at 14:44
  • It is best not to use PHP mcrypt, it is abandonware, has not been updated in years and does not support standard PKCS#7 (née PKCS#5) padding, only non-standard null padding that can't even be used with binary data. mcrypt has many outstanding [bugs](https://sourceforge.net/p/mcrypt/bugs/) dating back to 2003. The mcrypt-extension is deprecated will be removed in PHP 7.2. Instead consider using [defuse](https://github.com/defuse/php-encryption) or [RNCryptor](https://github.com/RNCryptor), they provide a complete solution and are being maintained and is correct. – zaph Oct 27 '17 at 16:41

1 Answers1

1

Ok, 1st if you consider encryption or decryption depends on any specific language or vice-versa, then It's not true. Any encryption/decryption is a concept which available in all languages and surely support by one another.

Now come to your question, as far as I can understand your question, you are looking for approach which encrypt data in JAVA and decrypt same in PHP. Please correct me if I m wrong.

Below I am sharing process/approach which may help you to design/setup your architecture about it.

1) Let's assume you are aming to implement MD5 encryption/description in your application.

2) In java you can achieve all publicly available encryption either inbuilt or by third party jars, just create utility class and create separate bean with required fields, then add required logic in utils class and pass same information to bean.

3) Now Pass that bean data to web-api which is written in PHP (method you prefer get/post), most of the time in PHP it is String only.

4) Inside PHP code pass that information in fashion which describe in below link:

Encp/Decp in php

And in the end just follow below answer, I guess it is bit close to what you are looking for.

Note: I use MD5 just to explain how to setup an architecture and kick-off for base, but in real environment avoid using MD5 as now n-number way available to bypass this one, best use some strong encpy/decpy technique/algorithm like triple DES, RSA, AES etc.

Java and Php relation for encp/decpt

Simmant
  • 1,477
  • 25
  • 39
  • 1. MD5 is not encryption. 2.MD5 is a one-way function from which the original data can not be recovered. 3. MD5 is a poor choice because for a cryptographic has function, it is essentially not secure. – zaph Oct 27 '17 at 14:46
  • Yup that is, but As per question he need idea how things get work between Java and Php so I use MD5 just an example to explain how kick-start the aiming work flow. MD5 is cryptographic hash function, and mostly developer know how to deal with it, that's why I pick MD5 for quick overview of entire working. – Simmant Oct 27 '17 at 15:20
  • You are helping the attackers with MD5 information, it that really your aim? No where in the answer do you even mention that MD5 should not be used in new work. OK, I know that there are organizations that intensionally provide bad security guidance but IMO that is a bad concept. – zaph Oct 27 '17 at 16:33
  • Thanks for pointing my missing pointer, and updated answer is available with note. Now coming to the point, this is not my aim to serve easy making to attackers, but what my aim with my answer is, person get quick idea how to setup base architecture, so he/she can make a quick start. And reason why use MD5, just because mostly people know this thing. Also now I add informatory note in my answer, so hope now it's fine. – Simmant Oct 29 '17 at 19:38
  • 1. The first point in the answer makes no sense because there is no such thing as "MD5 encryption/description". 2. Triple DES/DES should not be used in new work. RSA and AES are for completely different uses being asymmetric and symmetric methods. – zaph Oct 29 '17 at 20:31