How to encrypt & decrypt URL using AES algorithm.?

Question

0.00/5 (No votes)

See more:

Hi,

I am developing a website for Online recharge in which i need to send a request to the remote server by encrypting the URL.

Recharge Request Foramt is:

http:// www.remoteServerName.in /recharge.ashx?uid=<user_id>&pwd=<password>
&mobileno=<mobile_number>&amt=<recharge_amount>&transid=<transacti
on_id>

How can i encrypt and decrypt the URL without sharing the Key as i am generating Random Key and IV automatically ?

Kindly suggest coding related to this.

Posted 6-Aug-13 1:56am

Mahesh1220

Updated 12-Dec-20 3:18am

Add a Solution

Comments

ZurdoDev 6-Aug-13 7:58am

Why are you generating a random key? How will the other end decrypt it without the key?

Mahesh1220 6-Aug-13 8:02am

I have used the code from below MSDN:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.rijndaelmanaged.aspx

Suggest me how to encrypt in my web page & decrypting at remote server.

ZurdoDev 6-Aug-13 8:04am

Just encrypt the values. So it will look like ?uid=dfgkldjfh3465gskjldfhkjgsdh63456&pwd=34lhdfg8345hsv84hdfg for example. But to decrypt you have to have the key.

Mahesh1220 6-Aug-13 8:14am

thank you...

So I have to give the Key and Decrypt method also.

But i want to generate New Key every time i made a recharge request. How can i implement this?

or any other alternatives to this...?

ZurdoDev 6-Aug-13 8:15am

Why do you need to give the key?

Mahesh1220 6-Aug-13 8:17am

In order to decrypt the URL, we need Key.
I have not implemented this kind of application previously. So kindly suggest the approach in implementing this.

ZurdoDev 6-Aug-13 8:24am

Are you writing the server portion too? If so, you know the key. You need to give more details. You can't possibly provide the key in the url because then you lost the whole purpose of encrypting so the key needs to be known on both ends ahead of time.

Mahesh1220 6-Aug-13 8:30am

Suppose i have encrypted and passed the URL, it should be decrypted at server.For this, server end requires Decryptor method right?

ZurdoDev 6-Aug-13 8:36am

Yes, of course. But it has to use the same key you used. That's why you need to decide up front what the key is. You can't be generating random keys.

Mahesh1220 6-Aug-13 8:42am

As i have to pass my account credentials( User ID & Password), anyone from server end can also decrypt my uid, pwd and can make a transaction on behalf of me . How can i prevent this?

There is a possibility of misuse of my credentials at server end..

ZurdoDev 6-Aug-13 8:45am

Perhaps you need to explain more how things are setup. The "server" end is likely a page that you are visiting right? Or it is a web service so there is no person that can decrypt your info.

Mahesh1220 6-Aug-13 8:53am

I am sending request to recharge.ashx with the details of UID, Pwd, Mobile No, Amount etc.

ZurdoDev 6-Aug-13 8:56am

And did you write the code for recharge?

Mahesh1220 6-Aug-13 8:58am

No i will send request to :

www.remoteserverIP.in/recharge.ashx?uid=<user_id>&pwd=<password>
&mobileno=<mobile_number>&amt=<recharge_amount>&rcode=<recharge_code>&transid=<transacti
on_id>

ZurdoDev 6-Aug-13 9:09am

So, are they expecting the parameters to be encrypted?

Mahesh1220 6-Aug-13 9:11am

Yes, Obviously as i have to pass User name and Password...

ZurdoDev 6-Aug-13 9:12am

So, ask them what key to use. Because they have to decrypt it.

Mahesh1220 6-Aug-13 9:14am

Thank you.....

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

ZurdoDev · Answer 1 · 2013-08-06T03:20:00

Since you are sending encrypted values to a server that you do not control you will have to ask them what key to use. You will need to use the same key to encrypt the values that they will use to decrypt the values so you will need to agree on a shared key. You won't want to do random keys.