Home/ Questions/Q 933019
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T20:45:51+00:00

I have to pass some strings from a java servlet to a php script.

  • 0

I have to pass some strings from a java servlet to a php script. What options are there for encrypting the strings? I’d need a method that is implemented for both java and php (like..a caesar cipher…). Is there any standard encryption method I should be able to get a library for both java and php?

I want to encrypt the strings on the java side, pass to the php script, then let the php script decrypt them.

I can’t use https due to the limitations of the provider I’m using.

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Hopefully this can get you started. Error handling is missing and the secret key is hard coded. Both of those would need to be addressed for production quality code. From the Java side you can use the Java Cryptography Architecture (JCA):

    import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;

public final void testTesting() throws Exception {
    final String plainText = "plain text";
    final String result = encrypt(plainText);
    System.out.println(result);
}

public String encrypt(final String plainText) throws Exception {
    final byte[] data = plainText.getBytes("UTF-8");
    final byte[] encoded = encrypt(data);
    final String result = new String(encoded);
    return result;
}

public byte[] encrypt(final byte[] data) throws Exception {
    // this is just an example key, real code should use a properly generated shared secret
    final byte[] secret = new byte[] {42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42};
    final SecretKeySpec key = new SecretKeySpec(secret, "AES");

    final Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    encryptCipher.init(Cipher.ENCRYPT_MODE, key);
    final byte[] iv = encryptCipher.getIV();
    final byte[] encrypted = encryptCipher.doFinal(data);

    final int outputLength = encrypted.length;
    final int ivLength = iv.length;

    final byte[] results = new byte[outputLength + ivLength];
    System.arraycopy(iv, 0, results, 0, ivLength);
    System.arraycopy(encrypted, 0, results, ivLength, outputLength);

    return DatatypeConverter.printBase64Binary(encoded);
}

    From the PHP side, you are going to need Mcrypt.

    <?php
$key = base64_decode('KioqKioqKioqKioqKioqKg==');
$input = base64_decode($_GET['input']);
$plain_text = substr($input, 16);
$initialization_vector = substr($input, 0, 16);
echo pkcs5_unpad(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $plain_text, MCRYPT_MODE_CBC, $initialization_vector));

function pkcs5_unpad($text) {
    $pad = ord($text{strlen($text)-1});
    if ($pad > strlen($text)) {
        return false;
    }
    if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) {
        return false;
    }
    return substr($text, 0, -1 * $pad);
}
?>

    The function pkcs5_unpad was copied from here since it seems that PHP Mcrypt doesn’t include support for PKCS5 padding. The Java code prefixes the data with the initialization vector used to encrypt it. Subsequently the PHP code splits it into two, the initialization vector and the encrypted data.

    This code uses 128 bit AES (Rijndael) in CBC mode which should be secure enough for most uses. In addition to the simple encryption, I recommend using an HMAC as described here to ensure the data isn’t tampered with. To perform the HMAC in Java, use the Mac class. For PHP, see Mhash.

    • 0