Encryption algorithm for web applications
I have been using the Symmetric (Rijndael) Key Algorithm ( http://www.obviex.com/samples/Encryption.aspx ) for a while to encrypt the ID. Then I url encodes the encrypted version of the ID and passes it in the query string. When I extract the ID from the query string, I decode it first and I decode it.
There was a problem recently. If the encrypted identifier has both "spaces" and "+" (for example, "abc ef + g"), the URL encoding changes all "spaces" to "+". This is a problem, when I ID-decode the id, "I know" + "was" + "and" + "was" space ".
If there is an option so that I can select the alphabet-only output character set (i.e. only AZ is used in the encrypted id)? Or if there is another 2 cipher algorithm that has the ability for me to choose the output character set?
Or I guess my last option is to manually replace the "+" in the encrypted id with something like "_SPACE _"
thank
You need to url-encode your encrypted id when passed as request parameters.
I prefer the URL safe Base64 version for anything used in request parameters or cookies.
Okay to answer your question at a basic level: Yes, encode the encrypted result in base64.
But I must admit that I am very concerned about your approach in general.
you should see how I decided to manage my way of hiding the id (in my case the guid, but could be any encrypted string)
link
Can you manually encode the url so that spaces are changed to %20
instead +
?