I am trying to create my own torrent tracker but dont know how to generate info_hash that is used xbtt to track torrents.
Is this possible with php?
I am using this function to bencode and decode http://paste.lisp.org/display/17178
Is this the correct hash?
$nn = file_get_contents('my.torrent');
$file = bdecode($nn);
$hash = sha1( bencode($file[info]) );
Thank You.
According to the bittorrent specification the info_hash is an urlencoded 20-byte SHA1 hash of the value of the info key from the Metainfo file.
You can calculate the sha1 hash of a string in php using the sha1 function and url encode ot with the urlencode function.
UPDATE:
Your method is not correct. You need to bdecode the torrent file, which you have already done. But you need to calculate the info_hash based on the value of the info key from the Metainfo (torrent) file.
When you have done that, you still need to urlencode the result, which it seems is also missing from your current implementation.
Related
I am trying to send over an encrypted URL and then decode it at the other end. Now the call I make is passed over but my decryption returns null.
Here's some of my code.
$this->_app_url . '?key=' . $this->_api_key . '&request=' .base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->_api_key, json_encode($url), MCRYPT_MODE_ECB));
The url is just a standard url, the key is a 32bit string so you can imagine it as anything. The $url variable is an array of stuff to be sent over. So that when I decrypt I have that array outright.
So at the other end I am trying to decode:
$key = $_REQUEST["key"];
$encrypted = $_REQUEST["request"];
$decrypted = json_decode(rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($encrypted), MCRYPT_MODE_ECB)));
This simply returns NULL, I can echo out the key and request and I get what i'm expecting but I just can't decrypt it.
This question has been asked a lot, with different word choice (which makes it difficult to say, "Just search for it!"). This fact prompted a blog post titled, The Comprehensive Guide to URL Parameter Encryption in PHP .
What People Want To Do Here
What People Should Do Instead
Explanation
Typically, people want short random-looking URLs. This doesn't allow you much room to encrypt then authenticate the database record ID you wish to obfuscate. Doing so would require a minimum URL length of 32 bytes (for HMAC-SHA256), which is 44 characters when encoded in base64.
A simpler strategy is to generate a random string (see random_compat for a PHP5 implementation of random_bytes() and random_int() for generating these strings) and reference that column instead.
If you must encrypt data (very much NOT recommended), don't use a homegrown design (and don't use mcrypt either!). Use a trustworthy library instead.
Let's say we need to store in a crypted way some confidential data into a db. And say that we need them into json format as will be more suitable for data reconstruction.
There's something that I miss that is driving me crazy.
Take that json for instance
$json = {"customer":{"customer_address":"Fake address 123","customer_city":"Fake City","customer_company":"","customer_countrycode":"it","customer_email":"","customer_telephone":"+39.347.xxxxxxx","customer_zip":"yyyyy"},"currency_code":"EUR","commision_amount":"84"}
now I want to crypt this json and I do the following
$pubKey = openssl_pkey_get_public($puk);
openssl_public_encrypt($json, $json_crypted, $pubKey);
if I echo $json_crypted it doesn't show anything, but if I remove some field (like customer_company, that is empty) all seems to work. I've tried to find something into documentation about this strange behaviour but I can't find anything.
Is someone aware of the reason behind that result?
Edit
Even if I remove other field (not an empty one) all seems to work. I'm speechless because it has to be a silly thing that I can't understand
From the comments in documentation:
http://www.php.net/manual/en/function.openssl-public-encrypt.php#95307
openssl_private_encrypt() has a low limit for the length of the data
it can encrypt due to the nature of the algorithm.
To encrypt the larger data you can use openssl_encrypt() with a random
password (like sha1(microtime(true))), and encrypt the password with
openssl_public_encrypt(). This way the data can be encrypted with a
public key and decrypted with the private one.
Your json must exceed the length limit...
I'm working with an application that requires sha1 encoding for certain form values.
The problem is that when I use the following
<?php echo(hash("sha1","par1=".$_POST['p1']."&par2=".$_POST['p2'])); ?>
It gives me a sha1 encoding of the actual string, while I want to get a sha1 encoding of the posted values, so in this example I want to get
<?php echo(hash("sha1","par1=firstvalue&par2=secondvalue")); ?>
How can I realize this? Is it actually that simple and am I thinking way to difficult?
That because it identifies that para1=some_value as string not para1 as variable and some_value string
To achieve what you want you should hash every variable alone
Or I suggest that you implement your own encoding algorithm
Why not do it like this? Though I would have though either way would result in the same thing....
$hash_this = "par1=".$_POST['p1']."&par2=".$_POST['p2'];
echo sha1($hash_this);
Though that will do it if you want to hash the string of the values all together, rather than the values, if you want to store the values - then you should probably hash each value, so you could at least compare them later. Useful for a login system where you want to save a password to a database, which is more secure than literally just storing the password...
$password = sha1($_POST['password']);
If you hash the string, you have no idea which value is wrong
I was attempting to
encrypt de cookie data with md5, but I can not validate the hash back.
It has got to do, with the fact that cookie_data is a serialized array, because normal stringvalues work ok.
It's actually from a codeigniter class, but it does not work??
Does anyone know what the problem might be?
$hash = substr($session, strlen($session)-32);
$session= substr($session, 0, strlen($session)-32);
if ($hash !== md5($session.$this->encrypt_key))
{........
and the cookie value is encrypted like this
$cookie_data = $cookie_data.md5($cookie_data.$this->encrypt_key);
EDIT
I found that the answer is to use urlencode en urldecode in the proces of creating and validate
md5 hashes, because setcookie does urlencode automaticly, and thereby possibly changing the hash.
thanks, Richard
You have a typo:
md5($sessie.$this->encrypt_key))
should be
md5($session.$this->encrypt_key))
If you develop with notices turned on you'll catch this kind of thing much more easily.
You're not encrypting your data, you're signing it.
md5 is a oneway function. It is not a reversible one, so you can't decrypt the data.
The only thing you can do is encrypt the original data (if you saved it elsewhere) and check the result of this second computation.
If the value retrieved and the new value calculated are the same, the hash you received is valid (As you are doing in your code).
EDIT
You know, with just three lines of code I will guess some possible causes:
$session doesn't contains at the beginning of your code the same value of cookie_data.
you are using multibyte strings and strlen is not mb aware (use the idioms substr($session,0,-32) to get the payload part of the string.
maybe substr doesn't cope with multibyte strings too, use explicitally mb_substr (or whatever it is called).
To me the first case is the more probable. For what I can see.
I was attempting to encrypt de cookie
data with md5, but I can not decrypt
it back for validation.
md5 isnt an encryption method. it creates a one-way hash that cant be turned back into the original data.
If you want to encrypt data try mcrypt
I need to create a simple hashing method for passing some data in a URL. It doesn't need to be very secure, it just shouldn't be obvious to most people.
The hash needs to contains the numerical id of the sender and the id of the recipient and I should be able to decode the data after reading the appended hash.
Any ideas? I'd like the hash to be a short as possible, simply because this url is meant to be shared via IM, email, etc..
Hash is one way only. If you want to decrypt it, you have to encrypt it. Try mcrypt with one of these.
For non secure stuff you can try base64_encode, You can also base_convert each numeric id from 10 to 36 digits or so. Multiplying the numbers with a secret constant could also help.
$obscurity = base_convert($recipientId * 42, 10, 36) . ':' . base_convert($senderId * 42, 10, 36)
Try base64 encoding/decoding. put together with the apache option "Multiviews" or apache mod_rewrite, would make your urls look like:
http://mysite.com/messages/[encoded string here]
base64 definitely should do the trick if you want to decode it again.
Note that this is not a 'hash', a hash generally means one-way encryption.
$senderId = 1234;
$recipientId = 5678;
$myString = $senderId . ":" . $recipientId;
echo base64_encode($myString);
You could use encryption, as mentioned by #OIS.
Or you could use a hash and store the hash values in a database keyed to sender id and recipient id. PHP has md5() and sha1() built in.