What encryption algorithm would be best for data transfer between Python and Php?
Question:
I am writing a client / server based program, Server side is with Php and Client is with Python, and I need to make sure the transfer data is safe both way.
So, My question is
What encryption algorithm would be best for data transfer between Python and Php?
- I couldn’t use Https
- Need to decrypt/encrypt with key on both Python and Php
- I would’t need to have
shared public key, key could be set in both Python and Php manually
- Since I don’t know how to implement algorithm myself, examples on both language would be great.
- My data are not serious like banking site, but just want to encrypt to be safe on the wire from sniffing
I’ve tried to check this question but I couldn’t find suitable answer for me
Compatible encryption between C# and PHP, ColdFusion, Ruby, Python
Thanks in advance.
Answers:
Do not attempt to invent an encryption scheme yourself. This is extremely difficult to get right (even professionals can’t do this correctly on a regular basis). The SSL suite of security protocols embodies literally decades of research and implementation experience that you will not be able to reinvent.
For protection of private data over HTTP, the only correct answer is SSL. Anything else is doing yourself a disservice.
The answer is usually "it depends". If all you’re looking for is symmetric encryption of sufficient quantities of data you’ll probably want something like AES. There are however many ways in which you could use encryption that can turn out to be insecure in the end, which is why using https is a good idea since it’s a bit higher level and harder to get badly wrong. I am not a security researcher, but this is just going on general advice I’ve been given in regard to security.
Anyways, there’s a python library (edit: link removed, see comments) and you can apparently use mcrypt to handle encryption/decryption in PHP itself.
Greg Hewgill is correct and has the best advice. I tried to invent my own token system, while somewhat successful, it is not what it could be. So i believe SSL is the best way to go.
PHP has openssl built into it and such you can easily use that, which is what i am currently using. If you phone your hosting provider and ask them to enable openssl that shouldn’t be difficult, that is if it is not activated already.
As for Python, im not 100% about what is available, but just to encrypt with a public key will be sufficient as your server will decrypt this data with a private key.
Public and private keys can be generated using your command line. Here is a link to that:
He does use a javascript library for client side encryption, however there should be options for Python.
I am writing a client / server based program, Server side is with Php and Client is with Python, and I need to make sure the transfer data is safe both way.
So, My question is
What encryption algorithm would be best for data transfer between Python and Php?
- I couldn’t use Https
- Need to decrypt/encrypt with key on both Python and Php
- I would’t need to have
sharedpublic key, key could be set in both Python and Php manually - Since I don’t know how to implement algorithm myself, examples on both language would be great.
- My data are not serious like banking site, but just want to encrypt to be safe on the wire from sniffing
I’ve tried to check this question but I couldn’t find suitable answer for me
Compatible encryption between C# and PHP, ColdFusion, Ruby, Python
Thanks in advance.
Do not attempt to invent an encryption scheme yourself. This is extremely difficult to get right (even professionals can’t do this correctly on a regular basis). The SSL suite of security protocols embodies literally decades of research and implementation experience that you will not be able to reinvent.
For protection of private data over HTTP, the only correct answer is SSL. Anything else is doing yourself a disservice.
The answer is usually "it depends". If all you’re looking for is symmetric encryption of sufficient quantities of data you’ll probably want something like AES. There are however many ways in which you could use encryption that can turn out to be insecure in the end, which is why using https is a good idea since it’s a bit higher level and harder to get badly wrong. I am not a security researcher, but this is just going on general advice I’ve been given in regard to security.
Anyways, there’s a python library (edit: link removed, see comments) and you can apparently use mcrypt to handle encryption/decryption in PHP itself.
Greg Hewgill is correct and has the best advice. I tried to invent my own token system, while somewhat successful, it is not what it could be. So i believe SSL is the best way to go.
PHP has openssl built into it and such you can easily use that, which is what i am currently using. If you phone your hosting provider and ask them to enable openssl that shouldn’t be difficult, that is if it is not activated already.
As for Python, im not 100% about what is available, but just to encrypt with a public key will be sufficient as your server will decrypt this data with a private key.
Public and private keys can be generated using your command line. Here is a link to that:
He does use a javascript library for client side encryption, however there should be options for Python.