Tutorial: Using the OpenSSL plugin

Tutorial: Using the OpenSSL plugin

Today’s guest tutorial comes to you courtesy of Mark Eberhardt, the founder of Minion Multimedia, an independent app development studio based in the Pacific Northwest. Mark has been a Corona developer for the last several years, releasing a variety of cross-platform apps for iOS and Android.


When Corona Labs introduced Corona Plugins, I was excited to learn that OpenSSL was one of the first in the initial batch. In this tutorial, I’ll show you how to initialize the appropriate plugin module, then to do some basic encryption and decryption.

Additions to “build.settings”

The first step is to add a couple of lines to the build.settings file to support the OpenSSL plugin:

Setup

Next, you need to require the plugin in the main project file:

Next, we’ll create a cipher object. The method can be a variety of encryption methods. For the sake of this tutorial, we’ll use "aes-256-cbc".

Encryption

To encrypt a string of text, we’ll use the following line of code:

The text is a string that you want encrypted, and key is a string containing a passphrase, which can be anything.

If you want the user to be able to select their own passphrase, a simple native text field could be used to get their input. Additionally, you could have that input hashed using the crypto functions.

Encoding the text for transport

I also like to apply a base64 encode on the encrypted text. This allows for easier storage or data sharing. To encode the text as base64 is really simple. We enable the mime functions then call b64 to encode the text.

Now the encrypted data is stored as a base64 string.

Decryption

If we want to decrypt something, it’s just as easy!

Just replace text with the encrypted text, and key with the the string that was used to encrypt the text with. If the encrypted text is base64 encoded, it’s easy to undo the encoding — just use mime.unb64.

Overall code

Here’s the overall code up to this point:

PHP

If you want to take things further and if your web host has the OpenSSL module installed, you can create a PHP script that can encode/decode text sent to/from your app:

This will return a base64-encoded string that can be decoded with OpenSSL — and decryption is just as simple:

So the full scope of the php script would be:

In practical use, if you’re sending encrypted data to the script, you could replace the $source variable with:

In summary

As you can see, setting up Corona’s OpenSSL plugin is fast and easy. In just a few lines of code, you can be encrypting and decrypting data! For further reference, please review the documentation.


Brent Sorrentino
brent@coronalabs.com

Brent Sorrentino is a full-time Developer Evangelist and technical writer who assists others with game development, code, and in overcoming other challenges to help them bring their app dreams to life.

23 Comments
  • Jens
    Posted at 00:07h, 13 June

    Very interesting! Has anyone tried this out in regard to performance? Kan you expect to encrypt/decrypt kbytes of data in under a second on a device? I have tried another (plain) lua-implemententation of aes and it was not very fast. I think it was the bit manipulation that was the main hindrance.

  • Roman
    Posted at 03:25h, 13 June

    Is there a list for the encryption methods / cyphers ?

  • Mark
    Posted at 10:21h, 13 June

    @Jens encrypt/decrypt does work pretty fast… I have myself tried a lua-implemententation of aes that wasn’t fast… I haven’t done massive text lengths of text->aes encryption. But again before even small text lengths seem to take forever.

  • Simon Fearby
    Posted at 05:18h, 17 June

    Error: Warning: openssl_encrypt() [function.openssl-encrypt]: Using an empty Initialization Vector (iv) is potentially insecure and not recommended

    Workaround here: http://php.net/manual/en/function.openssl-encrypt.php

    dont forget the 2 further parameters. $iv needs to be sent during decryption too.

    php:
    $source = ‘Your Encrypted Text Here’;
    $pass = ‘yourpasswordhere’;
    $method = ‘aes-256-cbc’;
    $raw_output = false;
    $iv = “1721597321565789”;

    $encrypted = base64_encode ( openssl_encrypt ( $source, $method, $pass, $raw_output, $iv) );

  • tgl87
    Posted at 01:56h, 08 August

    Thank you for this tutorial

    Writing this line
    local cipher = openssl.get_cipher ( “aes-256-cbc” ), I was wondering which other methods are available? I tried to find a list somewhere, but no such luck.

    It seems from what you say, that other arguments are available:
    “Next, we’ll create a cipher object. The method can be a variety of encryption methods. For the sake of this tutorial, we’ll use “aes-256-cbc”.”

    I need the encryption to use the sha1 algorithm.

    • Aaron
      Posted at 11:57h, 29 October

      Hi @tgl87,

      According to this:

      https://github.com/coronalabs/plugins-sample-openssl/blob/master/General/main.lua

      there seem to be a few more methods, including “des3,” “des,” “bf,” and “aes-256-ecb.” (Not sure if the last one is different from “aes-256-cbc”)

      However, I too would like confirmation of whatever other methods there are.

      • Amy
        Posted at 09:21h, 26 August

        Did you get confirmation on support ciphers?
        Is there support for AES (“AES-128-CBC”, “AES-256-CBC”, etc.)

        • Brent Sorrentino
          Posted at 17:55h, 26 August

          Hello Amy,
          Our engineers tell me that this should be supported.

  • Leonardo Borsten
    Posted at 03:47h, 19 November

    I’m having difficulty using the examples of the PHP decryption script. I am trying this:
    $decrypted = openssl_decrypt ( base64_decode ( $_REQUEST ), $method, $pass );
    I am assuming that the encrypted data is carried in the $_REQUEST. The $_REQUEST appears to be an array. The key part of the array looks like the encrypted data and the value part of the array is empty.

    What is the proper way to receive and parse the posted encryption in PHP?

  • yosu
    Posted at 18:46h, 26 December

    Pls note that in PHP, openSSL automatically performs base64 on it. So, the example above needs to be updated as such :

    $encrypted = base64_encode ( openssl_encrypt ( $source, $method, $pass ) );
    TO
    $encrypted = ( openssl_encrypt ( $source, $method, $pass ) );

    • Renato
      Posted at 00:42h, 08 October

      Thanks for the info @yosu. Indeed the tutorial has that mistake.

  • Romowski
    Posted at 22:59h, 22 June

    Thank you for great tutorial!!! Unfortunately I have an error in line

    Can somebody help me to solve this issue?

    Error: “module ‘plugin_openssl’ not found:resource (plugin_openssl.lu) does not exist in archive
    no field package.preload[‘plugin_openssl’]
    no file ‘/Users/Apple/Library/Application Support/Corona/Simulator/Plugins/plugin_openssl.lua’
    no file ‘/Users/Apple/Library/Application Support/luaglider2/dev/ProjectBuilds/MyGreatSteppe(Builds)/MyGreatSteppe(default)/MyGreatSteppe/plugin_openssl.lua’
    no file ‘/Applications/CoronaSDK/Corona Simulator.app/Contents/Resources/plugin_openssl.lua’
    no file ‘/Users/Apple/Library/Application Support/Corona/Simulator/Plugins/plugin_openssl.dylib’
    no file ‘./plugin_openssl.dylib’
    no file ‘/Applications/CoronaSDK/Corona Simulator.app/Contents/Resources/plugin_openssl.dylib'”

  • Edwin
    Posted at 16:15h, 30 June

    it looks like you need to be PRO in order to use openSSL right?

    • Brent Sorrentino
      Posted at 14:45h, 01 July

      Hi Edwin,
      Yes, OpenSSL is restricted to Pro/Enterprise users.

      Best regards,
      Brent

  • Samuel
    Posted at 04:07h, 29 September

    Hi, I followed step by step this tutorial to use SSL in both local and remote, but the results of encryption are completely different:

    ———–
    At local:

    local openssl = require “plugin.openssl”

    local cipher = openssl.get_cipher ( “aes-256-cbc” )
    local mime = require ( “mime” )

    local encryptedData = mime.b64 ( cipher:encrypt ( “test”, “test” ) )
    local decryptedData = cipher:decrypt ( mime.unb64 ( encryptedData ), “test” )

    print ( “Encrypted Text: ” .. encryptedData ) — 33zefe1wMVR3XvkzkVBo9Q==
    print ( “Decrypted Text: ” .. decryptedData ) — test

    local testParams = {body = “encryptedData=” .. encryptedData}

    network.request( url .. “test.php”, “POST”, networkListener, testParams)

    —————–
    At remote:

    Any idea of what I’m doing wrong? 🙁

    • Samuel
      Posted at 04:08h, 29 September

      *At remote:

      • Samuel
        Posted at 04:08h, 29 September

        *Oops, triple post. Sorry about this.

        $source = ‘test’;
        $pass = ‘test’;
        $method = ‘aes-256-cbc’;

        $encrypted = base64_encode ( openssl_encrypt ( $source, $method, $pass ) );
        echo “encrypted : ” .$encrypted; // MzN6ZWZlMXdNVlIzWHZremtWQm85UT09

        $decrypted = openssl_decrypt ( base64_decode ( $encrypted ), $method, $pass );
        echo “decrypted : ” .$decrypted; // ‘test’

        $encryptedData = $_POST[‘encryptedData’];
        echo ‘source : ‘ .$encryptedData; // 33zefe1wMVR3XvkzkVBo9Q==

        $decryptedData = openssl_decrypt ( base64_decode ( $encryptedData ), $method, $pass );
        echo “decryptedData : ” .$decryptedData; // ” (empty)

        • Brent
          Posted at 10:32h, 29 September

          Hi Samuel,
          Can you please post this in the forums? It’s easier to track and get assistance for specific cases in that venue.

          http://forums.coronalabs.com/index.php

          Thanks,
          Brent

        • Renato
          Posted at 00:46h, 08 October

          I will reply here since it is a typo on the tutorial.

          As @yosu noted, the encrypt/decrypt functions on php already do the base64 encode/decode. So,

          WHERE YOU SEE:
          $encrypted = base64_encode ( openssl_encrypt ( $source, $method, $pass ) );
          SHOUD BE:
          $encrypted = ( openssl_encrypt ( $source, $method, $pass ) );

          Same here for decrypt.
          WHERE YOU SEE:
          $decrypted = openssl_decrypt ( base64_decode ( $encrypted ), $method, $pass );
          SHOUD BE:
          $decrypted = openssl_decrypt ( $encrypted, $method, $pass );

  • Ravi
    Posted at 23:35h, 27 July

    can you please help me to make 3des encrypt/decrypt using Luacrypto library.

  • Gregor
    Posted at 09:23h, 20 January

    Is there any way that i can use the key and iv as hex also?

  • Yut
    Posted at 21:47h, 15 May

    How to used X509 function in OpenSSL?

    • Rob Miracle
      Posted at 11:11h, 16 May

      You should be able to do the same X.509 things with the plugin that you can do with OpenSSL itself. If you have an issues, you can submit a test case that has the problem as a bug report.