Cross language reversible encryption (PHP, Python) [closed]

https://stackoverflow.com/questions/18317343

25-06-2022
|

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.

Closed 8 years ago.

Improve this question

I have a PHP driven web form that I would like to be able to input a password, encrypt it, and load it into a database. Then, using Python, query that password, decrypt it, and then use it to authenticate to a Microsoft Exchange email server with SMTPLIB. The rest of the authentication information will be stored in plain text. My main goal is to not store the password in plain text.

The only reason I am trying to use both languages is that the rest of the 'work' for my program is done in Python. I only use PHP for a simple interface. It is only for consistency.

Is there a simple to use, cross language reversible encryption library that can be used for this?

Would I be better off making my email script in PHP? If this is the case what library would be recommended for this task?

Solution

If you need to read the password back, do encryption at the Database layer rather than the application layer - just ensure that you're connecting to the database either locally or over SSL.

To store the password the steps would be something like:

Computer >>
HTTPS >>
Web server (PHP form) >>
(HTTPS if on a different server >>)
database (AES Encryption)

Depending on the database you're using the syntax will probably change, but with MySQL you can do something like:

INSERT INTO `table` (`password`) 
VALUES (AES_ENCRYPT('{$sPassword}', '{$sEncryptionKey}'))

Since PHP is writing this to the database you can use a PDO prepared statement to get the data in there...

To retrieve the password with your Python script you'll simply need to run a SELECT statement on the SQL server with something like (assuming the data is in an AES encrypted BLOB) this:

SELECT CONVERT(AES_DECRYPT(`table`.`password`, '{$sEncryptionKey}') USING 'utf8')
AS `password`

This way the only common data you need between PHP and Python is the encryption key (which is just a string). As long as you maintain an SSL connection whenever you're passing this data across the Internet, you should be OK.

OTHER TIPS

AES symmetric encryption:

python you need pycrypto (https://www.dlitz.net/software/pycrypto/)
PHP does have AES support trough mcrypt (http://php.net/manual/en/book.mcrypt.php) or there are some pure PHP implementations ex: http://phpseclib.sourceforge.net/

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow