1

I am coding an application where I send parameters in a URL, but I want these parameters to be encrypted so the user wont understand how the process works.

I chose Base 64

So, I wrote the function that reads Base 64 off the URL and converts it to string. Here it is:

 Public Sub FromBase64ToString(ByVal s As String)
        Dim base64Encoded As String = s
        Dim base64Decoded As String
        Dim data() As Byte
        data = System.Convert.FromBase64String(base64Encoded)
        base64Decoded = System.Text.ASCIIEncoding.ASCII.GetString(data)
 End Sub

But what I need is a function that converts String to Base 64 from the side where I form and send the URL to the user.

Where can I find the function that does that?

And Does anyone suggest anything other than base64?

The parameter Im encoding is numeric only.

Improve this question
4
  • That's not encryption, anybody will instantly recognize a base64 string and know how to decode it. Commented Mar 28, 2014 at 11:05
  • I agree with Hans. Also, are you sure you want to use ASCII? There are many characters that will fail (anything over 127) and certainly will fail in many international situations? Why not use Encoding.Unicode if not at least UTF8 Commented Mar 28, 2014 at 11:08
  • @StevenDoggart The parameter Im encoding is numeric only Commented Mar 28, 2014 at 11:08
  • @HansPassant What Im trying to do is avoid letting the user know the sequence of numbers I am using in my URL. It's nothing bigger than that. Commented Mar 28, 2014 at 11:16

1 Answer 1

Reset to default
3

The logic on the opposite end of that would look like this:

Dim base64Encoded As String = Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes(plainText))

As mentioned in the comments above, though, ASCII will only work for a small set of (mostly English) characters, so if you need it to handle any string, it would be better to use Encoding.Unicode. Also, base-64 is just a different encoding scheme. It is not an encryption method. Most technically inclined people would recognize that it's base-64 and be able to decode it easily. If that's not an issue, that's fine, but if you really want to make it secure, you need to use an actual encryption algorithm, such as AES.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Very helpful thanks. It's a simple numeric parameter that I want to make less obvious. Thanks for the answer and info.
@HelpASisterOut Yes. I agree. For a simple numeric string, ASCII will always suffice. I just thought it was worth reiterating for the benefit of anyone else who might come across this question in the future.
The issue with just AES, is that, if you decide to use that string in a URI, there will be incompatible characters. Converting your AES to base64 solves that problem (of course you can use URLEncode, but that looks pretty ugly, especially if you're handing out a link for others to place in their web pages )
@MC9000, while I don't disagree with the end result of what you're saying (yes, if you AES encrypt something, base64 is a good way of encoding it for URLs), I find your way of wording it imprecise. A URL is a string. AES does not produce a string. AES produces a series of bytes. So, if you are going to include an AES-encrypted value in a URL, you first have to convert the bytes into a string (i.e. you need to encode the encrypted value as a string). There are many string encodings (e.g. ASCII, UTF, Base64).
So, yes, if you encode it with ASCII or UTF, you'll end up with invalid characters for a URL. And if you encode it as Base-64, it'll be safe for a URL. But that has nothing to do with AES, specifically.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.