Tutorial: Using the OpenSSL plugin

open-ssl-feat
Share on Facebook0Share on Google+2Tweet about this on TwitterShare on LinkedIn0

Today’s guest tutorial comes to you courtesy of Mark Eberhardt, the founder of Minion Multimedia, an independent app development studio based in the Pacific Northwest. Mark has been a Corona developer for the last several years, releasing a variety of cross-platform apps for iOS and Android.


When Corona Labs introduced Corona Plugins, I was excited to learn that OpenSSL was one of the first in the initial batch. In this tutorial, I’ll show you how to initialize the appropriate plugin module, then to do some basic encryption and decryption.

Additions to “build.settings”

The first step is to add a couple of lines to the build.settings file to support the OpenSSL plugin:

Setup

Next, you need to require the plugin in the main project file:

Next, we’ll create a cipher object. The method can be a variety of encryption methods. For the sake of this tutorial, we’ll use "aes-256-cbc".

Encryption

To encrypt a string of text, we’ll use the following line of code:

The text is a string that you want encrypted, and key is a string containing a passphrase, which can be anything.

If you want the user to be able to select their own passphrase, a simple native text field could be used to get their input. Additionally, you could have that input hashed using the crypto functions.

Encoding the text for transport

I also like to apply a base64 encode on the encrypted text. This allows for easier storage or data sharing. To encode the text as base64 is really simple. We enable the mime functions then call b64 to encode the text.

Now the encrypted data is stored as a base64 string.

Decryption

If we want to decrypt something, it’s just as easy!

Just replace text with the encrypted text, and key with the the string that was used to encrypt the text with. If the encrypted text is base64 encoded, it’s easy to undo the encoding — just use mime.unb64.

Overall code

Here’s the overall code up to this point:

PHP

If you want to take things further and if your web host has the OpenSSL module installed, you can create a PHP script that can encode/decode text sent to/from your app:

This will return a base64-encoded string that can be decoded with OpenSSL — and decryption is just as simple:

So the full scope of the php script would be:

In practical use, if you’re sending encrypted data to the script, you could replace the $source variable with:

In summary

As you can see, setting up Corona’s OpenSSL plugin is fast and easy. In just a few lines of code, you can be encrypting and decrypting data! For further reference, please review the documentation.


Share on Facebook0Share on Google+2Tweet about this on TwitterShare on LinkedIn0
Brent

Brent Sorrentino serves as a full-time Developer Evangelist for Corona Labs, assisting developers in the forums, maintaining documentation/guides, and creating samples which highlight core features of Corona SDK.

This entry has 23 replies

  1. Jens says:

    Very interesting! Has anyone tried this out in regard to performance? Kan you expect to encrypt/decrypt kbytes of data in under a second on a device? I have tried another (plain) lua-implemententation of aes and it was not very fast. I think it was the bit manipulation that was the main hindrance.

  2. Roman says:

    Is there a list for the encryption methods / cyphers ?

  3. Mark says:

    @Jens encrypt/decrypt does work pretty fast… I have myself tried a lua-implemententation of aes that wasn’t fast… I haven’t done massive text lengths of text->aes encryption. But again before even small text lengths seem to take forever.

  4. Simon Fearby says:

    Error: Warning: openssl_encrypt() [function.openssl-encrypt]: Using an empty Initialization Vector (iv) is potentially insecure and not recommended

    Workaround here: http://php.net/manual/en/function.openssl-encrypt.php

    dont forget the 2 further parameters. $iv needs to be sent during decryption too.

    php:
    $source = ‘Your Encrypted Text Here’;
    $pass = ‘yourpasswordhere’;
    $method = ‘aes-256-cbc’;
    $raw_output = false;
    $iv = “1721597321565789”;

    $encrypted = base64_encode ( openssl_encrypt ( $source, $method, $pass, $raw_output, $iv) );

  5. tgl87 says:

    Thank you for this tutorial

    Writing this line
    local cipher = openssl.get_cipher ( “aes-256-cbc” ), I was wondering which other methods are available? I tried to find a list somewhere, but no such luck.

    It seems from what you say, that other arguments are available:
    “Next, we’ll create a cipher object. The method can be a variety of encryption methods. For the sake of this tutorial, we’ll use “aes-256-cbc”.”

    I need the encryption to use the sha1 algorithm.

    • Aaron says:

      Hi @tgl87,

      According to this:

      https://github.com/coronalabs/plugins-sample-openssl/blob/master/General/main.lua

      there seem to be a few more methods, including “des3,” “des,” “bf,” and “aes-256-ecb.” (Not sure if the last one is different from “aes-256-cbc”)

      However, I too would like confirmation of whatever other methods there are.

      • Amy says:

        Did you get confirmation on support ciphers?
        Is there support for AES (“AES-128-CBC”, “AES-256-CBC”, etc.)

        • Brent Sorrentino says:

          Hello Amy,
          Our engineers tell me that this should be supported.

  6. Leonardo Borsten says:

    I’m having difficulty using the examples of the PHP decryption script. I am trying this:
    $decrypted = openssl_decrypt ( base64_decode ( $_REQUEST ), $method, $pass );
    I am assuming that the encrypted data is carried in the $_REQUEST. The $_REQUEST appears to be an array. The key part of the array looks like the encrypted data and the value part of the array is empty.

    What is the proper way to receive and parse the posted encryption in PHP?

  7. yosu says:

    Pls note that in PHP, openSSL automatically performs base64 on it. So, the example above needs to be updated as such :

    $encrypted = base64_encode ( openssl_encrypt ( $source, $method, $pass ) );
    TO
    $encrypted = ( openssl_encrypt ( $source, $method, $pass ) );

    • Renato says:

      Thanks for the info @yosu. Indeed the tutorial has that mistake.

  8. Romowski says:

    Thank you for great tutorial!!! Unfortunately I have an error in line

    Can somebody help me to solve this issue?

    Error: “module ‘plugin_openssl’ not found:resource (plugin_openssl.lu) does not exist in archive
    no field package.preload[‘plugin_openssl’]
    no file ‘/Users/Apple/Library/Application Support/Corona/Simulator/Plugins/plugin_openssl.lua’
    no file ‘/Users/Apple/Library/Application Support/luaglider2/dev/ProjectBuilds/MyGreatSteppe(Builds)/MyGreatSteppe(default)/MyGreatSteppe/plugin_openssl.lua’
    no file ‘/Applications/CoronaSDK/Corona Simulator.app/Contents/Resources/plugin_openssl.lua’
    no file ‘/Users/Apple/Library/Application Support/Corona/Simulator/Plugins/plugin_openssl.dylib’
    no file ‘./plugin_openssl.dylib’
    no file ‘/Applications/CoronaSDK/Corona Simulator.app/Contents/Resources/plugin_openssl.dylib'”

  9. Edwin says:

    it looks like you need to be PRO in order to use openSSL right?

    • Brent Sorrentino says:

      Hi Edwin,
      Yes, OpenSSL is restricted to Pro/Enterprise users.

      Best regards,
      Brent

  10. Samuel says:

    Hi, I followed step by step this tutorial to use SSL in both local and remote, but the results of encryption are completely different:

    ———–
    At local:

    local openssl = require “plugin.openssl”

    local cipher = openssl.get_cipher ( “aes-256-cbc” )
    local mime = require ( “mime” )

    local encryptedData = mime.b64 ( cipher:encrypt ( “test”, “test” ) )
    local decryptedData = cipher:decrypt ( mime.unb64 ( encryptedData ), “test” )

    print ( “Encrypted Text: ” .. encryptedData ) — 33zefe1wMVR3XvkzkVBo9Q==
    print ( “Decrypted Text: ” .. decryptedData ) — test

    local testParams = {body = “encryptedData=” .. encryptedData}

    network.request( url .. “test.php”, “POST”, networkListener, testParams)

    —————–
    At remote:

    Any idea of what I’m doing wrong? 🙁

    • Samuel says:

      *At remote:

      • Samuel says:

        *Oops, triple post. Sorry about this.

        $source = ‘test’;
        $pass = ‘test’;
        $method = ‘aes-256-cbc’;

        $encrypted = base64_encode ( openssl_encrypt ( $source, $method, $pass ) );
        echo “encrypted : ” .$encrypted; // MzN6ZWZlMXdNVlIzWHZremtWQm85UT09

        $decrypted = openssl_decrypt ( base64_decode ( $encrypted ), $method, $pass );
        echo “decrypted : ” .$decrypted; // ‘test’

        $encryptedData = $_POST[‘encryptedData’];
        echo ‘source : ‘ .$encryptedData; // 33zefe1wMVR3XvkzkVBo9Q==

        $decryptedData = openssl_decrypt ( base64_decode ( $encryptedData ), $method, $pass );
        echo “decryptedData : ” .$decryptedData; // ” (empty)

        • Brent says:

          Hi Samuel,
          Can you please post this in the forums? It’s easier to track and get assistance for specific cases in that venue.

          http://forums.coronalabs.com/index.php

          Thanks,
          Brent

        • Renato says:

          I will reply here since it is a typo on the tutorial.

          As @yosu noted, the encrypt/decrypt functions on php already do the base64 encode/decode. So,

          WHERE YOU SEE:
          $encrypted = base64_encode ( openssl_encrypt ( $source, $method, $pass ) );
          SHOUD BE:
          $encrypted = ( openssl_encrypt ( $source, $method, $pass ) );

          Same here for decrypt.
          WHERE YOU SEE:
          $decrypted = openssl_decrypt ( base64_decode ( $encrypted ), $method, $pass );
          SHOUD BE:
          $decrypted = openssl_decrypt ( $encrypted, $method, $pass );

  11. Ravi says:

    can you please help me to make 3des encrypt/decrypt using Luacrypto library.

  12. Gregor says:

    Is there any way that i can use the key and iv as hex also?

  13. Yut says:

    How to used X509 function in OpenSSL?

    • Rob Miracle says:

      You should be able to do the same X.509 things with the plugin that you can do with OpenSSL itself. If you have an issues, you can submit a test case that has the problem as a bug report.