as3Crypto and php, what a fun ride!

Actually not so fun, but I did manage (I should say we because I wasn’t alone in this). Cryptography is not my thing, eh, not everything can be your thing so I accept it. There is just too much to learn: hash functions, public keys, symmetric ciphers, etc. Want we wanted to do was to encrypt data on the As3 side and decrypt it on the php side. I was aware that there was some cryptographic algorythms in the as3corelib, but none of them (MD5, SHA-1) fitted our needs. There is another great cryptography library out there and it is as3Crypto; the problem is that it is a bit hard to get around, there is a lot to choose from. We settled on AES (Advanced Encryption Standard). After 2 hours of trying to get it to work, we found this great post on Google groups(about middle of the page). I am copying the content here to make it easier for people to find. I have to give all the credit for this post to Jason Foglia who posted his code.

Here is the As3 Class:

 package{        import flash.display.Sprite;        import flash.utils.ByteArray;         import com.hurlant.crypto.symmetric.ICipher;        import com.hurlant.crypto.symmetric.IVMode;        import com.hurlant.crypto.symmetric.IMode;        import com.hurlant.crypto.symmetric.NullPad;        import com.hurlant.crypto.symmetric.PKCS5;        import com.hurlant.crypto.symmetric.IPad;        import com.hurlant.util.Base64;        import com.hurlant.util.Hex;        import com.hurlant.crypto.Crypto;         public class CryptoCode extends Sprite        {                private var type:String='simple-des-ecb';                private var key:ByteArray;                 public function CryptoCode()                {                        init();                }                 private function init():void                {                        key = Hex.toArray(Hex.fromString('TESTTEST'));// can only be 8 characters long                         trace(encrypt('TEST TEST'));                        trace(decrypt(encrypt('TEST TEST'));                }                 private function encrypt(txt:String = ''):String                {                        var data:ByteArray = Hex.toArray(Hex.fromString(txt));                         var pad:IPad = new PKCS5;                        var mode:ICipher = Crypto.getCipher(type, key, pad);                        pad.setBlockSize(mode.getBlockSize());                        mode.encrypt(data);                        return Base64.encodeByteArray(data);                }                private function decrypt(txt:String = ''):String                {                        var data:ByteArray = Base64.decodeToByteArray(txt);                        var pad:IPad = new PKCS5;                        var mode:ICipher = Crypto.getCipher(type, key, pad);                        pad.setBlockSize(mode.getBlockSize());                        mode.decrypt(data);                        return Hex.toString(Hex.fromArray(data));                }        } }

Here is the php class:

 init();        }         function init($key = "")        {                $this->key = ($key != "") ? $key : "";                 $this->algorithm = MCRYPT_DES;                $this->mode = MCRYPT_MODE_ECB;                 $this->iv_size = mcrypt_get_iv_size($this->algorithm, $this->mode);                $this->iv = mcrypt_create_iv($this->iv_size, MCRYPT_RAND);        }         function encrypt($data)        {                $size = mcrypt_get_block_size($this->algorithm, $this->mode);                $data = $this->pkcs5_pad($data, $size);                return base64_encode(mcrypt_encrypt($this->algorithm, $this->key, $data, $this->mode, $this->iv));        }         function decrypt($data)        {                return $this->pkcs5_unpad(rtrim(mcrypt_decrypt($this->algorithm, $this->key, base64_decode($data), $this->mode, $this->iv)));        }         function pkcs5_pad($text, $blocksize)        {                $pad = $blocksize - (strlen($text) % $blocksize);                return $text . str_repeat(chr($pad), $pad);        }         function pkcs5_unpad($text)        {                $pad = ord($text{strlen($text)-1});                if ($pad > strlen($text)) return false;                if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false;                return substr($text, 0, -1 * $pad);        }} ?>

Now if you use the encrypt method of one you can send the data to the other one and decrypt it in the other language if you use the same key. Works like a charm. There is a mention that the key can only be 8 characters long but I haven’t tested it out.

