Android Question Encrypt HTTP without SSL

Shay

Well-Known Member
Licensed User
Hi

Since I cannot use SSL due to lack of support with SNI
I wish to encrypt my http post data, and php code to decrypt it on server side
and vise versa (php encrypt, phone to decrypt)

What is the best way doing it, while the code need to work also from Iphone using B4I (not mandatory)
 

sorex

Expert
Licensed User
if the data is using plain ascii chars and not some weird stuff you could just work with a char replacement table.

or you could use multiple ones and send the number of the one you used together with the request.

not ideal for full utf-8 text tho.

or zip it with or without password encryption.
 

Shay

Well-Known Member
Licensed User
I have no choice but to use php (hosted server)
So I will check the Encryption library (I guess this means using openssl)

Is there any pimplier solution such as doing MD5/hash on the post/response?
 

sorex

Expert
Licensed User
try that char replacement method I wrote about last week.

it's easy, will work on any system and your text will be scrambled thus unreadable, you can even replace the chars with ascii save signs like ,;:?./()&@#'! etc
 

KMatle

Expert
Licensed User
I can help. I've done an App to App communication (RSA) with Agrahams library. On the php side I know how to use RSA, too.

What I don't know is to convert the keys (lib vs. Server). I need assistance here. Just a small step away...

Will post further details tomorrow...
 

sorex

Expert
Licensed User
notice that he aims for IOS aswell and there's not much available besides Erel's libs :)

that's why I opted for a simple scramble.
 

Shay

Well-Known Member
Licensed User
if I use B4XEncryption, how do I decrypt the POST on the PHP server? (and then encrypt it back to the app)
 

KMatle

Expert
Licensed User
What we really need here is RSA because it's a problem to communicate with more than one client and even worse to exchange the keys with other methods like AES or DES.

RSA is standard for Server encryption (SSL AND non SSL). So it will be a huge step to implement this.

@Erel: I got stuck to make the keys (b4a and Server) byte compatible. Will need some help here and post some examples at the weekend.
 

aeric

Well-Known Member
Licensed User
Can we use any open source but secure SSL to transfer clear text password or information through http?
 
Top