QuickMCrypt
basic web cryptography

 

     

:



 

Usage Manual:

QuickMCrypt is a very simple web encryption / decryption application. One selects an block cipher encryption algorithm (like e.g. AES-256) and a block cipher operation mode (like e.g. Cipher feedback, or "CFB" for short). Naturally, an encryption key should be specified - albeit this field can be left empty with the obvious security drawbacks - as well as a key hash algorithm.

Then enter the plain message or encrypted message and select what is to be done, i.e. whether the message is to be encrypted or decrypted.

If you send an encrypted string to someone else, you must specify ALL the parameters (cipher algorithm, block mode, key hash algorithm und the encryption key) for QuickMCrypt to operate correctly. It is also vital that absolutely nothing is changed in the message.

Internal workings:

This app simply provides the standard PHP cryptographic functions in an easy-to-use way. The algorithms and block modes are provided by the MCrypt library, whereas the key hash algorithm uses to the hash() function. Note that for each encryption process a random initialization vector (IV) is generated, even for the electronic codebook (ECB) mode where it is technically not needed. Therefore encoding the same data with all parameters unchanged will nevertheless yield a different encrypted data string due to the changed IV. This IV is prefixed to the encoded message as it does not have to be kept private or encrypted. It is also shown in hexadecimal format for informational purposes. The output string of an encryption is therefore the IV plus the encrypted message, which is then printed using the MIME Base64 encoding to avoid any problems with binary-unsafe methods of communication - like common eMail, for example (the same encoding is used when you attach binary files to an eMail message).

During the decryption the input string is first decoded from Base64 back to binary data and the length of the IV vector for the chosen algorithm is split off. The remaining part of the message is then decrypted using the algorithm.

 

Note that this web app is by no means a security tool in the strict sense. It is supposed to act as a toybox for checking out different algorithms.

If you are seriously concerned with cryptography in the context of eMail encryption, full harddisk encryption you might want to check out open source packages like GnuPG or TrueCrypt.