Roku Community

ibscas · ‎07-30-2012

I was wondering if anyone had written something that allows the Roku to encrypt a string then a PHP script to de-crypt it and vice-versa? I want to interract with my server but would prefer that the lines of communication be encrypted however I'm not sure how the BRS does it's encryption so that I can de-crypt it on the other side.

For instance, I want to send a URL that may have a password on a query string and don't want to send &password=xxxxxxx if I can send &password=929dkxd834kdja and have my PHP script figure what the password is.

Any insight is appreciated!

MSGreg · ‎07-30-2012

Using https and putting the password in the POST instead of in the query should cover it.

If you must encode your own, you might be able to use
roEVPCipher

ibscas · ‎07-30-2012

That was only an example, I want to do my own an already know about roEVPCipher, I'm just wondering if anyone actually wrote a routine in PHP that decrypts a BRS encrypted string.

MSGreg · ‎07-30-2012

Ahh, sorry to tell you what you already know 😞

I don't have any PHP <-> Brightscript code that matches crypt/decrypt.

TheEndless · ‎07-30-2012

There is no such thing as a "BRS encypted string". The roEVPCipher supports loads of different standard encryption methods (as listed in the link MSGreg posted). Pick one of the supported encryption methods, and find equivalent decryption code in PHP, and you should be good to go.

My Channels: http://roku.permanence.com - Twitter: @TheEndlessDev
Instant Watch Browser (NetflixIWB), Aquarium Screensaver (AQUARIUM), Clever Clocks Screensaver (CLEVERCLOCKS), iTunes Podcasts (ITPC), My Channels (MYCHANNELS)

MSGreg · ‎07-30-2012

As a follow up, in case no one else responds, I'll use this space to speculate.

Looks like PHP crypt is in reality a hash function built for making password hashes. Not what you need (as you probably know).

Mcrypt is a PHP extension that seems to contain perhaps the correct functions. There are a lot of options (i.e. CBC mode, CFB mode, etc.). It'll take a comparison of Mcrypt manual page.

More notes to come, unless someone else chimes in definitively.

MSGreg · ‎07-30-2012

It looks like roEVP* uses OPenSSL library. Mcrypt may not be compatible (one forum post said of the difference: "Because of different password-to-encryption-key derivation methods.")

You may be safer using OpenSSL library in PHP. The biggest gotcha seems to be handling the padding.

MSGreg · ‎07-30-2012

And it looks like the roEVP only implement symmetric ciphers and digests. Not public/private key handling. So you'll be stuck using some sort of symmetric encryption where the key is available in full on both sides (in Brightscript and in PHP) unless perhaps you send the key from the server to Brightscript over SSL.

This would be much better if roEVP_Seal... and roEVP_Open... functions were available. That way you could have a public key distributed with the brightscript, and a private key stay on the server.

Sorry for the stream of consciousness posts on this topic...

MSGreg · ‎07-30-2012

Here is a decent thread and post about the interaction of PHP and BrightScript regarding encryption and hex vs. binary keys.

ibscas · ‎07-30-2012

Awesome, MSGreg, I really appreciate that!!!!!! I don't know why in all my forum searching this didn't come up in my results 😞

Roku Community

Roku Developer Program

Encryption between PHP and BRS?

Re: Encryption between PHP and BRS?

Re: Encryption between PHP and BRS?

Re: Encryption between PHP and BRS?

Re: Encryption between PHP and BRS?

Re: Encryption between PHP and BRS?

Re: Encryption between PHP and BRS?

Re: Encryption between PHP and BRS?

Re: Encryption between PHP and BRS?

Re: Encryption between PHP and BRS?