clauddiu wrote:
> I have to send to a php script some sensitive data and I have to encrypt
> it, i try DCPcrypt and madCrypt (I here that is working) but no one work,
> at last I was not able to implement it.
>
> here is my madCrypt code:
>
> procedure TForm1.Button1Click(Sender: TObject);
> var
> data : AnsiString;
> begin
> data := memo1.Text;
> madCrypt.Encrypt(data,'pass',12345678);
> memo2.Text := encode(data);
> end;
The iv parameter is an Int64 not because you're expected to supply
numbers, but because you're expected to provide an 8-byte value. Keep that
in mind while we consider the PHP code...
> and here is my php script:
>
> <?
> function EncryptBlow($text)
> {
> $key = sha1("pass");
> return
> base64_encode(mcrypt_cbc(MCRYPT_BLOWFISH,$key,$text,MCRYPT_ENCRYPT,'12345678'));
> }
There you've provided an 8-character string for the iv parameter. The
eight bytes in that string are not the same as the eight bytes you
provided in the Int64 value in Delphi.
Try passing this value for your iv parameter in Delphi so it matches the
8-character string:
const
iv = $3132333435363738;
Experiment with different orderings of those bytes to get the right
little-endian or big-endian value.
Also, instead of the password, you're supplying your PHP code the SHA-1
hash of the password. You need to provide the same value in both versions
of the code.
--
Rob
