I have a requirement where I need to move a string from one place to another via GET. e.g. example.com?string=ENCRYPTED_STRING
Is there a algorithm or some other method to encrypt the string so it is URL safe?
By that I mean it will not have characters like = or & ...
I have tried openssl with AES-256-CBC but no luck.
The data is not overly very sensitive but I would prefer to obfuscate it in someway.
The code below allow you to encrypt (alpha/num) and decrypt a string. But you need Mcrypt php module installed to make it run.
static public function encrypt($text){
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$key = "useasuperkey";
return (bin2hex(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv)));
}
static public function decrypt($text){
$len = strlen($text);
$text = pack("H" . $len, $text);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$key = "useasuperkey";
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv));
}
Oh hey, I've actually done this in one of my applications. My code looks a lot different (because of my custom tools, it's a one-liner), but works basically like this (uses defuse/php-encryption):
use \Defuse\Crypto\Crypto;
$url = "/my/endpoint?".http_build_query([
'something' => base64_encode(
Crypto::encrypt('my_secret_info', CRYPTO_SECRET_KEY)
)
]);
// Then you can either use $url in header('Location: '.$url) or in an HTML link safely.
Further reading:
base64_encode()http_build_query()urlencode() (if you don't want to use http_build_query())Footnote: If you (or anyone else) want a short encrypted URL parameter, read this answer instead. (I know what's not what you were asking for, but just in case someone finds this question years down the line...)