déc 16

AS3 + PHP Crypto classes – secured exchanges between Flash and PHP

Non classé 27 Comments »

The facts :

As you may know, some tools like firebug helps you tracing incoming and outcoming data between flash and scripts, even if you use POST data.

See below how firebug can trace all variables sent through the POST data :

firebug tracing

firebug tracing

So i tried to figure out how to implement a crypted system to secure (a little bit more) these data, with an encryption key if possible.

I found the useful project on the web : as3crypto project

Thanks to this class, you can crypt/decrypt in flash but as far as i looked the sources, there was no information about crypt/decrypt on php side.

But i found another message in a forum where a php code was given, so i mixed both to provide you a simple way to set both sides.

In my example, flash send some data to php using crypted message and PHP answer another crypted message (+ the original decrypted flash message for verification):

pnm_preview

  • Using the php class : cryptlib.php

  1. create an instance of the class, and call the init with the crypted key as parameter
  2. decrypt the sent message (using POST object)
include_once "lib/cryptlib.php";

// init a new instance of Crypto Class
$crypto = new Crypt;

// init with the encryption key
$result = $crypto->init("PASSWORD");

// get the POST data
$messagefromflash = $_POST ["message"];

// decrypt data
$decrypted_messagefromflash = $crypto->decrypt(utf8_decode($messagefromflash));

but you can also send back crypted data to flash using the "encrypt" method

// return a crypted result to flash
$resultmsg = "Ok, i received your data, everything is fine !";
echo "result=".$crypto->encrypt(utf8_encode($resultmsg));

  • Using the as3 class : CryptoCode.as

  1. in your main class, create an instance of the CryptoCode class that will crypt/decrypt your data.
  2. call the init method with the same key as PHP (just like PHP code)
  3. then call "encrypt(s:String)" or ""decrypt(s:String)" methods through your crypto instance
// instance of crypto class
 private var _crypto : CryptoCode;
 public var myLoader : URLLoader;

// create instance with encryption key
 _crypto = new CryptoCode("PASSWORD");

// send crypted string to php script
 var variables : URLVariables = new URLVariables();
 variables.message = _crypto.encrypt(tosend_in.text);

// create request with POST method
 var request : URLRequest = new URLRequest("http://www.lecrabe.net/wordpress/demo/crypt/scripts/testcrypto.php");
 request.method = URLRequestMethod.POST;
 request.data = variables;

 // send request
 myLoader.load(request);

If you want to get the whole example, please download the sources.

Enjoy.