blog:spring2016:cjann:journal
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| blog:spring2016:cjann:journal [2016/04/20 02:43] – [April 19th 2016] cjann | blog:spring2016:cjann:journal [2016/05/02 17:44] (current) – [May 2nd 2016] cjann | ||
|---|---|---|---|
| Line 628: | Line 628: | ||
| All these possibilities will be explored at a later date. I’ve yet to even get started on the research for the topic, so the task seems daunting. Hopefully by next entry I’ll have something. | All these possibilities will be explored at a later date. I’ve yet to even get started on the research for the topic, so the task seems daunting. Hopefully by next entry I’ll have something. | ||
| + | ====April 21st 2016==== | ||
| + | |||
| + | I’ve discovered that my chosen encryption function has actually been abandoned since 2007. A kind fellow at the bottom of the mcrypt_encrypt page explains this, and links to a very compelling article on why mcrypt_encrypt is bad: | ||
| + | |||
| + | https:// | ||
| + | |||
| + | The article suggests a different encryption method: open_ssl. Most of the article over my head at this point, but there are a few takeaways. Most notable, the open_ssl method is easier to read and implement. Open ssl automatically pads the plain text you are decrypting. | ||
| + | |||
| + | I was running out of steam regarding this project, but this may just be the boost I need. I'll take a look at this and see if there' | ||
| + | |||
| + | I've decided to add some simple error handling to my encryption and decryption prototypes in the event I abandon them in the future. At first glance (I've done like, two seconds of research) php errors are handled using if / else statements. So, I threw an if / else statement into my decryption page testing whether or not the IV is an empty string. If the IV is an empty string, I am echoing out an error message and a link back the the decryption page. A few notes: the comparison for the IV looks like this | ||
| + | |||
| + | if($iv = " "). It appears that there must be a space between the quotes for the interpreter to see it as an empty string. I tried an iteration where it was just two quotes with no space, and the error message for no IV was printed out. | ||
| + | |||
| + | Secondly, the echoed out link back to the decryption page (the one that prints as a result of the error) doesn' | ||
| + | |||
| + | I'm in the mood for more testing and error handling, but I've gotta eat and wrap up the systems analysis presentation for tomorrow. It's a strange thing that I've come to prefer tinkering with code than any other coursework. Probably because coding is more problem solving and discovery, and the other stuff is monotonous busywork. | ||
| + | |||
| + | Note: Oldschool blues (Blues Roots genre on spotify) seems to be the least distracting music to code to. Excellent finding, because any music or video is usually too distracting. I've been craving background noise, so hopefully this works out. | ||
| + | |||
| + | ====April 22nd 2016==== | ||
| + | |||
| + | Tumbling down the rabbit hole of research. Started researching ssl_encrypt, | ||
| + | |||
| + | At present moment, I am playing with print_r and how it differs from echo. | ||
| + | |||
| + | In the file " | ||
| + | |||
| + | Crawling the web for differences led me here: | ||
| + | http:// | ||
| + | |||
| + | Print and echo are almost functionally identical, with a few subtle differences. Print has a return value of 1, which allows it to be used in calculations / functions (?). Echo actually has room for multiple parameters. | ||
| + | |||
| + | http:// | ||
| + | ^The documentation for echo. The refer to it as something called an " | ||
| + | |||
| + | Okay, back to open_ssl versus mcrypt_encrypt. We've covered a few reasons why open_ssl is better, let's see if I can discover some on my own. | ||
| + | |||
| + | Firstly, there is no difference between the number of parameters taken. Openssl takes the data, method, password, options, and password. Mcrypt takes cipher, key, data, mode, and IV. | ||
| + | |||
| + | ====April 25th 2016==== | ||
| + | |||
| + | Openssl_get_ciphermethods is the first openssl type thinger I’ve experimented with. The method is used on line one of the sslex.php file. Apparently, it accesses all available cipher methods. I’ve stored them in a variable, and I’m printing them out using print_r. What we get is a massive array with 164 entries. Das a lot of cipher methds! Most of which I have yet to see anywhere. This really reveals the scope of encryption technology, and the depth of what is out there. I’m finding this topic more interesting as I go along with this research. | ||
| + | |||
| + | I’ve noticed that openssl_encrypt takes a parameter called “password”. What is this nonsense about? Research to follow. | ||
| + | |||
| + | NOTE: Some of the contributor notes at the bottom have me thinking- would it be possible to encrypt an entire file using php? I have to assume it is possible! How else are files shared between servers and clients securely? This could be an idea for an end of semester project, instead of this research wheel-spinning rut I’m stuck in. I think I’m going to pop smoke on this research paper trail and begin exploring this idea right away. Ho! What about some double encryption action? Could I write php code that encrypts text entered by a user and outputs it into a file, and then some code to encrypt the file? That would be pretty stellar. Side note: from here on out this entry is going to be injected with as much military slang as I can remember from my serving days. | ||
| + | |||
| + | Alright, after plugging away for a bit here’s what I have. I’m currently trying to get a string printed out to an existing file using to file_put_contents. When this code attempts to run, I get a permissions error. The same type of error was encountered when I tried to use fopen to create a file when the code is run instead of using a preset file. These methods will be covered later in detail once I get them functioning, | ||
| + | |||
| + | Thanks to Matt and his chmod hooyah, the output works now. chmod 606 was used to change the permissions on the output file to allow write access (along with some awkward command " | ||
| + | |||
| + | NOTE: In my most recent iteration / experimentation of my previous encryption work, I was using openssl_random to generate a key for mcrypt. Openssl encryption was under my nose the whole time?! | ||
| + | |||
| + | ====April 27th 2016==== | ||
| + | |||
| + | Hunger induced stupor has left me unable to write code very well (forgot my lunch and too busy to hit the cafeteria). So instead of writing code I will document my current progress on my ssl encryption playground. Fun! | ||
| + | |||
| + | Open ssl seems a smidge more convenient than the mcrypt method. It uses the previously documented objects as parameters. I was getting a very frustrating error for some of it. It was "Error on line 37: open_sslencrypt() expects parameter 4 to be long, string given in ' | ||
| + | |||
| + | It turns out, I was missing a parameter. I thought one of them was optional, the " | ||
| + | |||
| + | My initial idea of encrypting text, dumping it into a file, and then encrypting the file may be too ambitious this late in the game. It could have been a potential project had I intercepted this idea earlier, but as it stands the code requires quite a bit of moving parts. I'm afraid that I wouldn' | ||
| + | |||
| + | I have figured out how to write data into an existing file. The code for creating the file and printing text to the new file doesn' | ||
| + | |||
| + | The current method used for writing to an existing file is actually pretty easy at the basic level, I've been using file_put_contents. It takes only two parameters: the data to be written and the file object. | ||
| + | |||
| + | ====May 2nd 2016==== | ||
| + | |||
| + | Well, half of my dream has been realized. I've successfully used openssl encryption to encrypt a string and output it to an existing file. Using all the same output functions previously covered: open_sslencrypt and file_put_contents. As it stands, the new string overtires the old. If one were so inclined there is probably a constant or different method that appends new text after the text that was previously there. | ||
| + | |||
| + | Yep, after looking at the documentation there is a parameter constant that can be used to append data to the file instead of overwriting it (the documentation calls it a " | ||
| + | |||
| + | Interestingly, | ||
| + | |||
| + | I did throw down some quick php code in windows to test fopen outside of our unix environment. I wasn't able to use php to create a file because of write permissions. So I whipped up some fast code to create a file with fopen and dump some plain text into it. There must be something more to writing and interpreting php code in windows. When I use the file address in the address bar of a browser all I see is a text version of the file. No output file is created. | ||
| + | |||
| + | I did attempt to use the command here http:// | ||
| + | To execute the code from the command line. I got the error message " | ||
| + | |||
| + | Well obviously there' | ||
| + | |||
| + | I'll have to attempt to install required PHP tools when I get home. | ||
| + | |||
| + | Also, I may have potentially found a solution to my file permissions issue. There is a PHP function that changes the chmod values of a file! So, potentially, | ||
blog/spring2016/cjann/journal.1461120189.txt.gz · Last modified: 2016/04/20 02:43 by cjann
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
