blog:spring2016:cjann:journal
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| blog:spring2016:cjann:journal [2016/04/15 18:34] – [April 15th 2016] cjann | blog:spring2016:cjann:journal [2016/05/02 17:44] (current) – [May 2nd 2016] cjann | ||
|---|---|---|---|
| Line 604: | Line 604: | ||
| At the bottom I have echoed out a link to the decryption html page “decrypt_app.html. | At the bottom I have echoed out a link to the decryption html page “decrypt_app.html. | ||
| + | ====April 19th 2016==== | ||
| + | |||
| + | Time is winding down, and I’ve not had the dedication to my journal entries that I wish I had. Catching up with my journal, cranking out EoCE, and other coursework will be a herculean task. I live for the frantic mad dash intensity that the end of the semester provides. Bring it on. | ||
| + | |||
| + | I’ll begin by covering the second part of my encryption code: the decryption part. This may not take much space, so when I get to the end I’ll hit the ground running with something else. The file is called decryptapp.html | ||
| + | |||
| + | The decryption HTML page is much the same as the encryption page. Simple text entry forms that point to a php file for their action. Originally, this file had only one text input for the ciphertext that needs to be decrypted. Subsequent testing and iterations, as mentioned earlier, found that I needed to be using the same IV. A text input was added, and now the user has to enter both the IV and the ciphertext for the encryption to function. Note: not entering an IV throws an error. Error handling could be a feature to include in another iteration of this code. Surely php must have error handling code like java (and I’m not calling you Shirley). | ||
| + | |||
| + | Indeed, all the code in the decrypt.php file is stuff we’ve seen before. 1. The input is brought in using $_POST. 2. The key is packed and stored. 3. The IV is decoded back into binary from base 64. 4. Mcrypt_Decrypt uses all previously discussed variables / constants to decrypt the ciphertext. 5. The decoded text is printed to the page for the user. | ||
| + | |||
| + | If we follow Yogi’s creed of “Build something, scale it up, and make it better”, what are some features to include in a future iteration? I have noticed that the code will allow you to encrypt an empty string. Perhaps some kind of if /else statement could be included to check whether or not the user has entered text, and output an error message in the event the text field is bupkis? The aforementioned error handling would be another thing. Also, a way to transfer over the IV to the decryption app would be great. The copy and pasting is a bit laborious for a simple web widget. | ||
| + | |||
| + | Okay, so I’ve totally covered the functional prototype (which, from here on out will be known as the “beta test”). I’ve also been experimenting with some other functions that could make the beta test a bit more elegant and interesting, | ||
| + | |||
| + | In my mighty quest of epic php stuffs I stumbled onto a few functions. I was looking for a solution to generating a random key for my decryption app, instead of using a fixed key every time. I ran into someone suggesting “microtime()” in conjunction with rand (I think, it’s been awhile and the page has been lost in the sands of forgetfulness). Some combination of rand and microtime was used to generate a pseudorandom number. Microtime simply prints out the current unix timestamp in microseconds. I abandoned this method after experimentation, | ||
| + | |||
| + | |||
| + | |||
| + | In microtime’s place, I have instead been experimenting with a function that seems purpose built for my purposes: openssl_random_pseudo_bytes(). This lovely named function generates a random string of bytes. In its simplest form, it takes only one parameter: a number indicating the size in bytes of the random string generated. This is perfect for my purposes, as I can simply plug in 16 to get the corresponding length for my selected encryption algorithm. Note: I would, at some point, like to include some kind of if / else code so the user could select several features for the encryption process. Algorithm used, method used, etc… I feel this would strengthen my understanding of conditional statements (a loop would be nice too), and logical statements are currently my biggest weakness. Basic if / else not so much, but more complicated conditionals such as nested if / else statements, and loops, have been my Achilles heel since last spring when I was taking Joe’s object oriented programming course. Time willing… | ||
| + | |||
| + | Efforts to use this function in conjunction with previous functions yielded no dysfunction at this junction, therefore my compunction to explore malfunctions was not met with injunction (I cheated and used rhymezone.com). The only roadblock now is to implement this into a finished product elegantly. Again, I have yet to implement a way to transport information from the encryption files into the decryption files. Matt suggested that I use the same POST stuff we’ve been using. But… how do I do that if the content I wish to transport is coming from a php file? How would one transport content from a php file, at the very least, into another HTML file? Let alone possibly transferring the key, IV, and ciphertext from one php file to another. | ||
| + | |||
| + | All these possibilities will be explored at a later date. I’ve yet to even get started on the research for the topic, so the task seems daunting. Hopefully by next entry I’ll have something. | ||
| + | |||
| + | ====April 21st 2016==== | ||
| + | |||
| + | I’ve discovered that my chosen encryption function has actually been abandoned since 2007. A kind fellow at the bottom of the mcrypt_encrypt page explains this, and links to a very compelling article on why mcrypt_encrypt is bad: | ||
| + | |||
| + | https:// | ||
| + | |||
| + | The article suggests a different encryption method: open_ssl. Most of the article over my head at this point, but there are a few takeaways. Most notable, the open_ssl method is easier to read and implement. Open ssl automatically pads the plain text you are decrypting. | ||
| + | |||
| + | I was running out of steam regarding this project, but this may just be the boost I need. I'll take a look at this and see if there' | ||
| + | |||
| + | I've decided to add some simple error handling to my encryption and decryption prototypes in the event I abandon them in the future. At first glance (I've done like, two seconds of research) php errors are handled using if / else statements. So, I threw an if / else statement into my decryption page testing whether or not the IV is an empty string. If the IV is an empty string, I am echoing out an error message and a link back the the decryption page. A few notes: the comparison for the IV looks like this | ||
| + | |||
| + | if($iv = " "). It appears that there must be a space between the quotes for the interpreter to see it as an empty string. I tried an iteration where it was just two quotes with no space, and the error message for no IV was printed out. | ||
| + | |||
| + | Secondly, the echoed out link back to the decryption page (the one that prints as a result of the error) doesn' | ||
| + | |||
| + | I'm in the mood for more testing and error handling, but I've gotta eat and wrap up the systems analysis presentation for tomorrow. It's a strange thing that I've come to prefer tinkering with code than any other coursework. Probably because coding is more problem solving and discovery, and the other stuff is monotonous busywork. | ||
| + | |||
| + | Note: Oldschool blues (Blues Roots genre on spotify) seems to be the least distracting music to code to. Excellent finding, because any music or video is usually too distracting. I've been craving background noise, so hopefully this works out. | ||
| + | |||
| + | ====April 22nd 2016==== | ||
| + | |||
| + | Tumbling down the rabbit hole of research. Started researching ssl_encrypt, | ||
| + | |||
| + | At present moment, I am playing with print_r and how it differs from echo. | ||
| + | |||
| + | In the file " | ||
| + | |||
| + | Crawling the web for differences led me here: | ||
| + | http:// | ||
| + | |||
| + | Print and echo are almost functionally identical, with a few subtle differences. Print has a return value of 1, which allows it to be used in calculations / functions (?). Echo actually has room for multiple parameters. | ||
| + | |||
| + | http:// | ||
| + | ^The documentation for echo. The refer to it as something called an " | ||
| + | |||
| + | Okay, back to open_ssl versus mcrypt_encrypt. We've covered a few reasons why open_ssl is better, let's see if I can discover some on my own. | ||
| + | |||
| + | Firstly, there is no difference between the number of parameters taken. Openssl takes the data, method, password, options, and password. Mcrypt takes cipher, key, data, mode, and IV. | ||
| + | |||
| + | ====April 25th 2016==== | ||
| + | |||
| + | Openssl_get_ciphermethods is the first openssl type thinger I’ve experimented with. The method is used on line one of the sslex.php file. Apparently, it accesses all available cipher methods. I’ve stored them in a variable, and I’m printing them out using print_r. What we get is a massive array with 164 entries. Das a lot of cipher methds! Most of which I have yet to see anywhere. This really reveals the scope of encryption technology, and the depth of what is out there. I’m finding this topic more interesting as I go along with this research. | ||
| + | |||
| + | I’ve noticed that openssl_encrypt takes a parameter called “password”. What is this nonsense about? Research to follow. | ||
| + | |||
| + | NOTE: Some of the contributor notes at the bottom have me thinking- would it be possible to encrypt an entire file using php? I have to assume it is possible! How else are files shared between servers and clients securely? This could be an idea for an end of semester project, instead of this research wheel-spinning rut I’m stuck in. I think I’m going to pop smoke on this research paper trail and begin exploring this idea right away. Ho! What about some double encryption action? Could I write php code that encrypts text entered by a user and outputs it into a file, and then some code to encrypt the file? That would be pretty stellar. Side note: from here on out this entry is going to be injected with as much military slang as I can remember from my serving days. | ||
| + | |||
| + | Alright, after plugging away for a bit here’s what I have. I’m currently trying to get a string printed out to an existing file using to file_put_contents. When this code attempts to run, I get a permissions error. The same type of error was encountered when I tried to use fopen to create a file when the code is run instead of using a preset file. These methods will be covered later in detail once I get them functioning, | ||
| + | |||
| + | Thanks to Matt and his chmod hooyah, the output works now. chmod 606 was used to change the permissions on the output file to allow write access (along with some awkward command " | ||
| + | |||
| + | NOTE: In my most recent iteration / experimentation of my previous encryption work, I was using openssl_random to generate a key for mcrypt. Openssl encryption was under my nose the whole time?! | ||
| + | |||
| + | ====April 27th 2016==== | ||
| + | |||
| + | Hunger induced stupor has left me unable to write code very well (forgot my lunch and too busy to hit the cafeteria). So instead of writing code I will document my current progress on my ssl encryption playground. Fun! | ||
| + | |||
| + | Open ssl seems a smidge more convenient than the mcrypt method. It uses the previously documented objects as parameters. I was getting a very frustrating error for some of it. It was "Error on line 37: open_sslencrypt() expects parameter 4 to be long, string given in ' | ||
| + | |||
| + | It turns out, I was missing a parameter. I thought one of them was optional, the " | ||
| + | |||
| + | My initial idea of encrypting text, dumping it into a file, and then encrypting the file may be too ambitious this late in the game. It could have been a potential project had I intercepted this idea earlier, but as it stands the code requires quite a bit of moving parts. I'm afraid that I wouldn' | ||
| + | |||
| + | I have figured out how to write data into an existing file. The code for creating the file and printing text to the new file doesn' | ||
| + | |||
| + | The current method used for writing to an existing file is actually pretty easy at the basic level, I've been using file_put_contents. It takes only two parameters: the data to be written and the file object. | ||
| + | |||
| + | ====May 2nd 2016==== | ||
| + | |||
| + | Well, half of my dream has been realized. I've successfully used openssl encryption to encrypt a string and output it to an existing file. Using all the same output functions previously covered: open_sslencrypt and file_put_contents. As it stands, the new string overtires the old. If one were so inclined there is probably a constant or different method that appends new text after the text that was previously there. | ||
| + | |||
| + | Yep, after looking at the documentation there is a parameter constant that can be used to append data to the file instead of overwriting it (the documentation calls it a " | ||
| + | |||
| + | Interestingly, | ||
| + | |||
| + | I did throw down some quick php code in windows to test fopen outside of our unix environment. I wasn't able to use php to create a file because of write permissions. So I whipped up some fast code to create a file with fopen and dump some plain text into it. There must be something more to writing and interpreting php code in windows. When I use the file address in the address bar of a browser all I see is a text version of the file. No output file is created. | ||
| + | |||
| + | I did attempt to use the command here http:// | ||
| + | To execute the code from the command line. I got the error message " | ||
| + | |||
| + | Well obviously there' | ||
| + | |||
| + | I'll have to attempt to install required PHP tools when I get home. | ||
| + | |||
| + | Also, I may have potentially found a solution to my file permissions issue. There is a PHP function that changes the chmod values of a file! So, potentially, | ||
blog/spring2016/cjann/journal.1460745274.txt.gz · Last modified: 2016/04/15 18:34 by cjann
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
