DelusionalLogic · September 12, 2013 09:23
diff --git a/WebWaleEnc b/WebWaleEnc
 Webwhale encryption is the codename of my effort to make encryption actually useful, and put the power in the hands of the developer.

 The encryption is based on a quite simple RSA encryption for sharing the symmetric AES key. This method requires you to have a webserver! Here's how to do it:

 On your webserver you need to set up a php script that will accept the RSA public key, encrypt the key and send it. This could for example use phpSecLib:

 <?php
 error_reporting(E_ERROR | E_WARNING | E_PARSE);
 set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');

 include('Crypt/RSA.php');

 $rsa = new Crypt_RSA();
 $rsa->loadKey($_POST["key"]); // public key

 $plaintext = 'abcdefghijklmnopijklmnop';

 $rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
 echo base64_encode($rsa->encrypt($plaintext));
 ?>

 This accepts a public RSAkey as a POST param, and will echo the Encrypted Key (Token from here on)

 You then need another page exposing the AES encrypted script. But not only that. The encrypted script needs the 16 byte Initialization Vector prepended before the already encrypted data. This can once again be done on the server, in real time. That could look like this:

 <?php
 set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');
 include('Crypt/AES.php');

 $cipher = new Crypt_AES(); // could use CRYPT_AES_MODE_CBC
 //$cipher->setKeyLength(128);
 $cipher->setKey('abcdefghijklmnopijklmnop');

 $IV = 'AAAAAAAAAAAAAAAA';
 $plaintext = 'print("Hello world")';

 $cipher->setIV($IV); // defaults to all-NULLs if not explicitely defined


 echo base64_encode($IV . $cipher->encrypt($plaintext));
 ?>

 To load this code is simple. All you need in your script is to request a token and the encrpyted script. This looks like this:
 function init()
  print("Scripts")
 	local key = Crypto:GetPublicKey()

 	local token = WebRequester:getSite("http://localhost:8081/test.php", {key = key})
 	local data = WebRequester:getSite("http://localhost:8081/testEnc.php")

 	loadEncryptedBeta(data, token)
 end

 function tick()
 end

 Where "localhost:8081" Is your server.
	Webwhale encryption is the codename of my effort to make encryption actually useful, and put the power in the hands of the developer.

	The encryption is based on a quite simple RSA encryption for sharing the symmetric AES key. This method requires you to have a webserver! Here's how to do it:

	On your webserver you need to set up a php script that will accept the RSA public key, encrypt the key and send it. This could for example use phpSecLib:

	<?php
	error_reporting(E_ERROR \| E_WARNING \| E_PARSE);
	set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');

	include('Crypt/RSA.php');

	$rsa = new Crypt_RSA();
	$rsa->loadKey($_POST["key"]); // public key

	$plaintext = 'abcdefghijklmnopijklmnop';

	$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
	echo base64_encode($rsa->encrypt($plaintext));
	?>

	This accepts a public RSAkey as a POST param, and will echo the Encrypted Key (Token from here on)

	You then need another page exposing the AES encrypted script. But not only that. The encrypted script needs the 16 byte Initialization Vector prepended before the already encrypted data. This can once again be done on the server, in real time. That could look like this:

	<?php
	set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');
	include('Crypt/AES.php');

	$cipher = new Crypt_AES(); // could use CRYPT_AES_MODE_CBC
	//$cipher->setKeyLength(128);
	$cipher->setKey('abcdefghijklmnopijklmnop');

	$IV = 'AAAAAAAAAAAAAAAA';
	$plaintext = 'print("Hello world")';

	$cipher->setIV($IV); // defaults to all-NULLs if not explicitely defined


	echo base64_encode($IV . $cipher->encrypt($plaintext));
	?>

	To load this code is simple. All you need in your script is to request a token and the encrpyted script. This looks like this:
	function init()
	print("Scripts")
	local key = Crypto:GetPublicKey()

	local token = WebRequester:getSite("http://localhost:8081/test.php", {key = key})
	local data = WebRequester:getSite("http://localhost:8081/testEnc.php")

	loadEncryptedBeta(data, token)
	end

	function tick()
	end

	Where "localhost:8081" Is your server.