iv missing on new plugin Cryptography AES GCM

Post reply
0 favourites
  • 10 posts
From the Asset Store
Write The Missing Letter For Kids - Educational Game
$14 USD
Game with complete Source-Code (Construct 3 / .c3p) + HTML5 Exported.
R Games's avatar
R Games

  • im trying to use the new cryptography plugin combined with a web page, i send the encrypted data (i know is not completly secure but is enough for us) but to decrypt on the other side using AESGCM i need the iv (initialization vector) and the encription tag, but on the plugin that is not added and i can't configure it so i can't decrypt on the web backend.

    is there a way to obtain or configure the iv? is the encription tag the same as the tag used to identify it is complete on the editor?

    Tagged:

  • It's sent along with the encrypted data. But you shouldn't need to do that. Use a HTTPS connection and everything you send to the server is already encrypted.

  • It's sent along with the encrypted data. But you shouldn't need to do that. Use a HTTPS connection and everything you send to the server is already encrypted.

    ok, but how do i obtain the iv? how is it diferentiated on the encrypted data? is separated by something?

  • The encrypted data is actually a binary structure which includes some metadata at the start including the iv. But my point in this case, you don't need to worry about any of that, as if you just use HTTPS it's all encrypted anyway.

  • yes but any way how can i get that metadata if i want to use it? let's say im using this encryption to play with a different app that wasn't made in construct.

    How can i get the iv?

  • The encrypted data is actually a binary structure which includes some metadata at the start including the iv. But my point in this case, you don't need to worry about any of that, as if you just use HTTPS it's all encrypted anyway.

    Ashley regardless the https, how to know about that metadata to be able to use the encrypted message in other places? there is no information about that on the documents.

  • You need more than just the iv to be able to decrypt the data. I added the encrypted binary data format to the Cryptography plugin manual entry which should cover everything you need to interoperate with other code and services.

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads

  • excellent :D we ended up using javascript for it but for future projects will help a lot for using it.

  • I'm having a similar problem.

    I want to send information to a PHP via AJAX POST and I want to encrypt the parameters I'm sending in the query string.

    I'm being able to encrypt using the cryptography plugin, but I cant find a tool using AES-GCM outside Construct 3 that will decrypt it.

    I read the manual and the addition Ashley posted:

    Bytes Description

    0-1 Reserved (must be 0)

    1-17 Salt (16 bytes)

    17-29 Initialization vector (aka IV, 12 bytes)

    29-33 Iterations (uint32, 4 bytes)

    33+ Encrypted data payload

    However it is of no much use as there is no way to define these parameters beforehand and after the encrypted string is generated, all the metadata is already encrypted except for the password.

    Is there any way I can encrypt in C3 and decrypt serverside defining only password?

  • You're wasting your time. Just use a HTTPS connection and everything is automatically encrypted on transmission and decrypted when received by the server. The Cryptography manual entry has a section on that ("HTTPS is already encrypted").

Post reply
  • 10 posts
Return to board index
Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)