1

Iam trying to send EmployeeId in another page using query string but I want to send it in encrypted format.

If anyone knows the answer, any help is a great help.

Improve this question
1
  • This link may help you. Commented Feb 19, 2011 at 7:51

3 Answers 3

Reset to default
1

From http://www.infoexpediters.com/SecureQueryString.cs:

public string encrypt(string serializedQueryString)
    {
        byte[] buffer = Encoding.ASCII.GetBytes(serializedQueryString);
        TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();
        MD5CryptoServiceProvider MD5 = new MD5CryptoServiceProvider();
        des.Key = MD5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(cryptoKey));
        des.IV = IV;
        return Convert.ToBase64String(
            des.CreateEncryptor().TransformFinalBlock(
                buffer,
                0,
                buffer.Length
            )
        );
    }

    public string decrypt(string encryptedQueryString)
    {
        try
        {
            byte[] buffer = Convert.FromBase64String(encryptedQueryString);
            TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();
            MD5CryptoServiceProvider MD5 = new MD5CryptoServiceProvider();
            des.Key = MD5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(cryptoKey));
            des.IV = IV;
            return Encoding.ASCII.GetString(
                des.CreateDecryptor().TransformFinalBlock(
                    buffer,
                    0,
                    buffer.Length
                )
            );
        }
        catch (CryptographicException)
        {
            throw new InvalidQueryStringException();
        }
        catch (FormatException)
        {
            throw new InvalidQueryStringException();
        }
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The link is the full code and use the code on the link for correct solution. Only encrypt and decrypt give errors if you place them on url !
0

Use a POST not a GET, that way it is not visible in the url. Implement some small encryption done on the POST body before sending, and decrypt upon receiving.

I assume you are using javascript on the pages? Provide more info on what languages you are using (php/python etc?) for something more specific (and code)

Improve this answer

Comments

0

You may or may not really need encryption, but assuming you do, you can do this in PHP using triple des (or whatever you want) like this:

// Init mcrypt stuff
$descriptor = mcrypt_module_open('tripledes', '', MCRYPT_MODE_ECB, '');
$key = substr(md5('put your secret here'), 0, mcrypt_enc_get_key_size($descriptor));
$vector = mcrypt_create_iv(mcrypt_enc_get_iv_size($descriptor), MCRYPT_RAND);
mcrypt_generic_init($descriptor, $key, $vector);

// Encrypt id
$encryptedEmployeeId = mcrypt_generic($descriptor, $_GET['EmployeeId']);

// Clean up mcrypt
mcrypt_generic_deinit($descriptor);
mcrypt_module_close($descriptor);

The reverse process is similar except using mdecrypt_generic(). Of course, I've made the assumption that you're using PHP :).

Improve this answer

1 Comment

This is asp.net, in the faq its say clear that you must answer in asp.net and not in other languages.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.