Yes, the server is mine.
Below is the code that I'm planning to use.
According to the tests that I have made so far, it works.
function Encrypt_CBC_HMAC_ToB64 pPlainText, pMasterKeyB64
local tMaster, tKeyEnc, tKeyMac, tIV, tCipher, tTag
put base64Decode(pMasterKeyB64) into tMaster
if length(tMaster) < 64 then return "ERR: master key must be >= 64
bytes"
put char 1 to 32 of tMaster into tKeyEnc
put char 33 to 64 of tMaster into tKeyMac
put randomBytes(16) into tIV -- IV 16 octets pour AES-CBC
encrypt pPlainText using "aes-256-cbc" with key tKeyEnc and IV tIV
if the result is not empty then return "ERR:" & the result
put it into tCipher
-- HMAC sur (IV || CIPHER)
put messageAuthenticationCode(tIV & tCipher, tKeyMac, "HMAC-SHA-256")
into tTag
return "v1:" & base64Encode(tIV) & ":" & base64Encode(tCipher) & ":"
& base64Encode(tTag)
end Encrypt_CBC_HMAC_ToB64
function Decrypt_CBC_HMAC_FromB64 pPacked, pMasterKeyB64
local tMaster, tKeyEnc, tKeyMac
local tIV, tCipher, tTag, tTag2
set itemdel to ":"
if item 1 of pPacked is not "v1" then return "ERR: bad
format/version"
put base64Decode(pMasterKeyB64) into tMaster
if length(tMaster) < 64 then return "ERR: master key must be >= 64
bytes"
put char 1 to 32 of tMaster into tKeyEnc
put char 33 to 64 of tMaster into tKeyMac
put base64Decode(item 2 of pPacked) into tIV
put base64Decode(item 3 of pPacked) into tCipher
put base64Decode(item 4 of pPacked) into tTag
-- Recalcule et compare le HMAC
put messageAuthenticationCode(tIV & tCipher, tKeyMac, "HMAC-SHA-256")
into tTag2
if tTag2 is not tTag then return "ERR: authentication failed
(tampered or wrong key)"
decrypt tCipher using "aes-256-cbc" with key tKeyEnc and IV tIV
if the result is not empty then return "ERR:" & the result
return it
end Decrypt_CBC_HMAC_FromB64
on mouseUp pMouseButton
put "Getting Started with LiveCode" into tvar
put base64Encode(randomBytes(64)) into tMasterKeyB64 -- 64 octets:
32 enc + 32 mac
put Encrypt_CBC_HMAC_ToB64(tvar,tMasterKeyB64) into z
put Decrypt_CBC_HMAC_FromB64(z,tMasterKeyB64)
end mouseUp
Le 2026-02-19 10:43, Mark Clark a écrit :
Is the remote server yours or is it operated by a third party?
There is more to it than just the choice of cipher. Key exchange is
usually the toughest part of any system. Have you read "Cryptography
Engineering: Design Principles and Practical Applications?" There is a
lot to think about. Depends on the answer to the first question.
Mark
On Feb 19, 2026, at 4:11 AM, jbv via use-livecode
<[email protected]> wrote:
Hi list,
I am building a standalone app that will send requests to a remote
server and receive data in return.
I want to encrypt the two-ways exhanges.
Is there any advice regarding the best cipher to chose among the
long list of ciphernames ?
Thank you in advance.
jbv
_______________________________________________
use-livecode mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
_______________________________________________
use-livecode mailing list
[email protected]
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
