encrypt in php then decrypt in javascript with same key
problem: I need php to encrypt using a key then javascript decrypt with same key
reason: trying to encrypt 99% of my javascript in my adobe air app.
what I have so far is this: after purchase and download on the first run of t开发者_StackOverflow社区he program the client sends server its mac address. Then php uses mac address to encrypt a txt file that is really a html file with all the javscript (basically the rest of the program) this is then stored client side. no further internet connection will be needed to run the program. On each startup the not encypted javascript will decode the stored file using the mac address and then display it by way of htmlLoader.loadString this way each copy of the program issued will be married to its machine and that machine only. will not open on other machines. I know its crackable but its enough for me. All is tested and working except the encryption method.
I have found ways to encrypt/decrypt in both javascript and php but without a key. The key is the key...
many thanks in advance.
You will love RSA: http://en.wikipedia.org/wiki/RSA.
A quick Google search also yielded a problem that is almost exactly the same as yours: http://www.sematopia.com/2008/10/rsa-encrypting-in-javascript-and-decrypting-in-php/.
Basically, you want to do something that derives a public key from a MAC address, as it's the only shared piece of information. This is really easy to crack (all an attacker needs is the MAC address of the client, which is insanely easy to obtain if they are using WiFi, and the address remains virtually static), though.
well not just 'a' key it will be the only key for that document. This is an offline program and each download is encrypted just for that computer. yes an attacker that has a valid copy of the program can extract the info. If its an invalid copy on another computer then the mac address will not work. This is not to protect during download, it is to make it not possible for the non code reading user to copy the program to another computer, which is enough security for this project. No point trying to protect a program from the same people we get advise from on these forums. If info is extracted and the code rewritten to run it it will be quickly outdated. On program update the the same method is used and the given mac address will be verified server side and only allowed maybe 2 of the exact same update. But thanks for the info on RSA i am about to try it out
精彩评论