I'm trying to encrypt some data using crypt::encrypt in Laravel. I need to decrypt this encryption in iOS and Android apps. Any idea?
3
- I would make a request to the laravel app in HTTPS to decrypt using crypt::decrypt. Otherwise, if you provide some decryption technique on the client side, I think that would be a huge security mistake. However, I am not a professionalHammerbot– Hammerbot2017-02-22 15:25:39 +00:00Commented Feb 22, 2017 at 15:25
- Laravel's encrypter uses OpenSSL to provide AES-256 and AES-128 encryption So you need to decrypt it in your apps the same way. stackoverflow.com/questions/21627863/… and stackoverflow.com/questions/27072021/aes-encrypt-and-decryptonline Thomas– online Thomas2017-02-22 15:53:21 +00:00Commented Feb 22, 2017 at 15:53
- Possible duplicate of How to decrypt in Java (Android) text that was encrypted with Crypt in Laravel?Rick Sanchez– Rick Sanchez2019-06-17 18:19:31 +00:00Commented Jun 17, 2019 at 18:19
Add a comment |
1 Answer
Short answer: it is a bad idea, do not do it.
A little more detailed: It makes no sense. Laravel uses AES for encryption, which is a symmetric key algorithm: the same key is required for encryption and decryption. If you want to decrypt anything on the client side, you need the key to be known to the client - this basically renders the whole server-side encryption useless. To give advice on what to do instead, we need to know what you're trying to achieve:
- To transport the data securely between the Laravel-based server and the app? Use HTTPS.
- For anything else, the most likely answer is to use asymmetric encryption like RSA.
1 Comment
online Thomas
A better solution might be to encrypt the file on the server with a public key generated by the client: php.net/manual/en/function.openssl-public-encrypt.php And decrypt it with the private key known by the client.