Mailing List Archive

Web servers will do a conversion of = to =3D and + to =2B in the <a href> portion. If your decode_base64 is not set to verbosely pedantic, it may silently truncate your encoded cipher at that point.

I believe there's a standard alternate encoding for base64 for use with webpages, but I don't recall it off-hand; it's been about a decade since I worked on that part of our webpages.

--
Ed Grimm
Identity Services

From: Donavon [mailto:donl@mycopanet.com]
Sent: Tuesday, January 31, 2017 5:49 PM
To: embperl@perl.apache.org
Subject: Passing encrypted base64 encoded value via href and then decode and decrypt on receiving page not working


I am trying to do the following:

encode_json() -> $cipher->encrypt() -> encode_base64() -> <a href> -> decode_base64() -> $cipher->decrypt() -> decode_json() -> Dumper()

It seems pretty straight forward but for some reason it is not working.

It breaks down at the $cipher->decrypt() part.

Any suggestions? Could it be an embperl issue or perl issue?
Thank You,
~Donavon







temp.epl

[.-

use JSON; # imports encode_json, decode_json, to_json and from_json.



use MIME::Base64;



use Mycopa::Encrypt;

$encrypt = new Mycopa::Encrypt();





# set up json

%json = ();

$json{TOR} = time;



# set up options

%opts = ();

$opts{option1} = "Option 1";

$opts{option2} = "Option 2";

$opts{option3} = "Option 3";

push(@{ $json{opts} }, {%opts} );



$json = encode_json(\%json);



$escmode = 0;

print OUT $json . "<br />";









# encrypt

$cipher = Crypt::CBC->new(

-literal_key => 1,

-key => "95A8EE8E89979B9EFDCBC6EB9797528D",

-header => 'none',

-iv => "1234567890abcdef",

-cipher => 'Crypt::OpenSSL::AES'

);



$plaintext = $cipher->encrypt($json);



$escmode = 0;

print OUT $plaintext . "<br />";





# encode

$plaintextbase64 = encode_base64($plaintext);



# make URL friendly

$plaintextbase64 =~ s/\+/-/g;

$plaintextbase64 =~ s/\//_/g;

$plaintextbase64 =~ s/=/,/g;

$plaintextbase64 =~ s/\n//g;





$escmode = 0;

print OUT $plaintextbase64 . "<br />";



-]



<a href="temp1.epl?plaintextbase64=[+ $plaintextbase64 +]">Click Me!!!</a>







temp1.epl



[.-

use JSON; # imports encode_json, decode_json, to_json and from_json.



use MIME::Base64;



use Mycopa::Encrypt;

$encrypt = new Mycopa::Encrypt();



$escmode = 0;

print OUT $fdat{plaintextbase64} . "<br />";





# decode

$plaintextbase64 = decode_base64($fdat{plaintextbase64});



$escmode = 0;

print OUT $plaintextbase64 . "<br />";







# decrypt

$cipher = Crypt::CBC->new(

-literal_key => 1,

-key => "95A8EE8E89979B9EFDCBC6EB9797528D",

-header => 'none',

-iv => "1234567890abcdef",

-cipher => 'Crypt::OpenSSL::AES'

);



$plaintext = $cipher->decrypt($plaintextbase64);



$escmode = 0;

print OUT $plaintext . "<br />";





$json = decode_json($plaintext);





use Data::Dumper;

$Data::Dumper::Sortkeys = 1;

$escmode = 0;

print OUT "<pre>";

print OUT Dumper(\$json);

print OUT "</pre>";









-]

Reading http://search.cpan.org/~gaas/MIME-Base64-3.15/Base64.pm it seems you
would need to use decode_base64url( $str ) which handles your replaced characters.

You could then also use encode_base64url( $bytes ) which would use the alternate
characters already.

--
---> Dirk Jagdmann
----> http://cubic.org/~doj
-----> http://llg.cubic.org

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org