NewsForumsCodeLogsGallerySpecsSearch

AES Encryption Module

Monkey Forums/User Modules/AES Encryption Module

Skn3(Posted 2013) [#1]
Hey hey, more Monkey Module Madness!

This time the kind fellow Lee Wade (CopperCircle) backed a module to do AES encryption. Please give much praise and thanks to him :D

Monkey Module
https://github.com/skn3/aes

Original javascript lib
The monkey module was ported from the gibberish javascript lib
https://github.com/mdp/gibberish-aes

Enjoy, for free :D



ziggy(Posted 2013) [#2]
Me likes


Playniax(Posted 2013) [#3]
Me too!


Raz(Posted 2013) [#4]
Pardon the simpleton question, but... I could use AES.Encode(text,key) to encrypt stuff before sending it to a PHP server and then decrypt it server side with the same key, right?


Goodlookinguy(Posted 2013) [#5]
Yes.

As a side note, if you don't already know this, it'd be best to generate a key for the session. A static key would be pointless as someone could decode all of the data once they found it.


Raz(Posted 2013) [#6]
Thanks :D

Is there a particularly clever way of sending the key to the server to start with then? Unless I keep a static key, to encrypt the generated key?


Goodlookinguy(Posted 2013) [#7]
If you want to be sneaky, mind you there's no perfect way of hiding this data, send out a request for a key from the server. Then generate a key, encrypt it with the key sent from the server, and send it to the server. Then have the server decrypt the second key using the first key. Now both have the second key and it was transferred across the net relatively safe.

A quick note: I used to work in web security and cryptography, so this stuff is like second nature to me. \(*w*)/

Edit: Hey, I just thought, you could also have them both send data back and forth using two entirely different keys. Just puttin' that out there.


Trion(Posted 2013) [#8]
I want to ask. I heard - on apple store you can't use cryptography mothods except allowed by apple... Is AES allowed there?


Skn3(Posted 2013) [#9]
Not sure on that one. I guess it would be fine as long as a standard encryption method is being used?


Soap(Posted 2013) [#10]
It depends on how you use it and what you use it for. Many devs use AES - you need to go through the steps they give if what you do qualifies your app. Worth it to CYA!

http://tigelane.blogspot.com/2011/01/apple-itunes-export-restrictions-on.html

http://developer.apple.com/library/mac/#documentation/LanguagesUtilities/Conceptual/iTunesConnect_Guide/2_BeforeYouBegin/BeforeYouBegin.html

http://stackoverflow.com/questions/2135081/does-my-application-contain-encryption