By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,375 Members | 1,095 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,375 IT Pros & Developers. It's quick & easy.

Encryption between Python & PHP

P: n/a
Hi folks,

I am looking for a practical way of sending encrypted strings back and
forth between a Python HTTP client on Windoze and an Apache/PHP server
on Linux. I am looking for a simple, lightweight symmetrical solution
using, say, blowfish: SSL would be a last resort as I suspect it will
cause fairly major installation issues on the client.

Encryption in PHP uses a wrapper around the mcrypt C library.

There is a wrapper for mcrypt in Python, but I am having trouble
getting it installed on Windows: I have contacted the author for help.

Meanwhile, I do have SSLcrypto installed: this is a very neat and fast
library. Is there any way for SSLcrypto on Python to talk to mcrypt on
PHP? My first attempts have been unsuccessful.

I have little crypto knowledge, and at first I though that something
like blowfish was a standard and different libraries should be
compatible. Now I suspect that internal implementation varies between
libraries and you have to encrypt/decrypt with the same library. Can
anyone enlighten me?

------------------
Geoff Caplan
Vario Software Ltd
(+44) 121-515 1154

Jul 18 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
On Sun, 8 Aug 2004 14:00:32 +0100,
Geoff Caplan <ge***@variosoft.com> wrote:
I have little crypto knowledge, and at first I though that something
like blowfish was a standard and different libraries should be
compatible. Now I suspect that internal implementation varies between
libraries and you have to encrypt/decrypt with the same library. Can
anyone enlighten me?


I can't help much with your other questions, but I do know about this
one. By definition, blowfish is blowfish is blowfish. Any (properly
implemented) blowfish library will be compatible with another; if you
encode something with one library, you will be able to decode it with
the other. It is up to you to use the same key and to make sense of the
information once you decrypt it.

That said, yes, it is possible that the internal implementation details
may vary slightly between libraries, but not in ways that the user will
notice. Think of this like calculators: although calculators use
different hardware and different display devices, they all (should) give
the same answer to the same multiplication problem (keeping the
multiplications in question simple enough so as not to cause some sort
of underflow or overflow error or loss of precision; thankfully,
blowfish implementations do not suffer even this limitation).

HTH,
Dan

--
Dan Sommers
<http://www.tombstonezero.net/dan/>
Never play leapfrog with a unicorn.
Jul 18 '05 #2

P: n/a
Dan,

DS> I can't help much with your other questions, but I do know about this
DS> one. By definition, blowfish is blowfish is blowfish. Any (properly
DS> implemented) blowfish library will be compatible with another; if you
DS> encode something with one library, you will be able to decode it with
DS> the other.

Thanks for that. Looks like I should persist and track down the
problem. Perhaps something to do with the keys? When I try to
decrypt I am getting binary garbage out instead of an ascii string.

Any pointers about where to start looking would be welcome!
------------------
Geoff Caplan
Vario Software Ltd
(+44) 121-515 1154

Jul 18 '05 #3

P: n/a
On Sun, 8 Aug 2004 16:37:33 +0100,
Geoff Caplan <ge***@variosoft.com> wrote:
Dan,
Not just me, thank goodness. The entire Python community. ;-)

DS> I can't help much with your other questions, but I do know about this
DS> one. By definition, blowfish is blowfish is blowfish. Any (properly
DS> implemented) blowfish library will be compatible with another; if you
DS> encode something with one library, you will be able to decode it with
DS> the other.
Thanks for that. Looks like I should persist and track down the
problem. Perhaps something to do with the keys? When I try to
decrypt I am getting binary garbage out instead of an ascii string. Any pointers about where to start looking would be welcome!


I guess the usual pointers apply: Create the absolute smallest program
that fails. Ask the vendors/authors of the library and/or programming
language you're using. Post/Email the code, the input, the actual
output, what you expected to be the output, and why you expected that
output.

I'm pretty sure that counterpane (blowfish' creator, IIRC) has test
vectors, too. If you can encrypt *or* decrypt them, but not both, that
points at one part of your application or another as well.

Regards,
Dan

--
Dan Sommers
<http://www.tombstonezero.net/dan/>
Never play leapfrog with a unicorn.
Jul 18 '05 #4

P: n/a
Geoff Caplan wrote:
Looks like I should persist and track down the
problem. Perhaps something to do with the keys? When I try to
decrypt I am getting binary garbage out instead of an ascii string.

Any pointers about where to start looking would be welcome!


First check the obvious: do you have exactly the same
key/IV/ciphertext.

If that's not it, the most popular bug in Blowfish
implementations is an endian dependency. It causes
implementations to be self-consistent, but ciphertext is not
portable between big-endian and little-endian machines. Bruce
Schneier's original implementation had the bug, and many others
followed.
--
--Bryan
Jul 18 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.