Leercentrum Home
Encrypted Codes


This document is designed for people that are familiar with the concept of System Codes and, ideally, understand the use of  Dynamic Parameters.


What are Encrypted Codes?

When we talk about Encrypted Code, we do not mean that the code itself (e.g. QR Code) is encrypted, but, instead, a part of the URL where the code is pointing is encrypted.
The Encrypted Codes feature can be used to hide or encrypt sensitive parts of the target URL of your code or to prevent users from manipulating parts of the URL, e.g. changing the values of parameters.
This can be of relevance in the following use cases:
  • Contests
  • Games
  • Voting
  • Security applications
  • Prevent crawling of sensitive data
Encrypted Codes are standard Dynamic Link Codes and therefore manageable, trackable and editable like all other System Codes.
The easiest way to start learning about the Encrypted Codes is to see a simple example.
BeeTagg Contact, one of the BeeTagg Applications, offers an easy way to access a persons’ profile (address details, pictures, social networks, etc.) simply by scanning a code.
That means there is some sensitive data, namely the person’s contact details. This is something that is worth protecting.
The contact data is stored in a database and accessible by providing the contact ID. Without encryption, the URL for recalling this contact data would probably look something like this:
The problem with that approach is that someone could easily try contact IDs other than the given ID of 12345 and collect the contact information that is associated with those other IDs. That’s certainly something the BeeTagg Contact application has to prevent, and it can do so by using Encrypted Codes.
The visible URL after encryption looks similar to this:
The last part of the URL (bold) is the ID of the contact, but in an encrypted form. Therefore, plugging in random IDs to the URL will no longer lead you to a customer’s contact information. 
Sure, you could encrypt the sensitive part of the URL yourself, but it means exactly that: you need to do it yourself.
And, if you want to encrypt / protect Dynamic Parameters, like the user’s device ID for instance, you can only accomplish that by using the Encrypted Codes feature.
Available Encryption Algorithms
We currently offer two encryption algorithms you can chose from.
XOR is not a real encryption algorithm. It only obfuscates the text, but in most cases XOR will be sufficient. The advantage of XOR is that the length of the encrypted text has the same length as the non-encrypted text and decryption is easier.
Rijandael is a standardized encryption algorithm. It is very secure, but implementation is not as easy as with XOR and the length of the encrypted text is longer than the non-encrypted text. Keep that in mind, because URLs have a limited length (a URL shouldn’t exceed 1024 characters, because some browsers cannot handle them otherwise).


Encryption / Obfuscation

In order for Encrypted Codes to work you need to 
  1. Provide a secret encryption key. Secret means that you should not tell anybody and you should not share it with others.
    Example: ThI3**iS--an"EncRPtiOn::::KeY
  2. Select one of the two encryption algorithms XOR or Rijandael
  3. Define which part of the URL should be encrypted.
Providing the encryption key is easy: Go to Dashboard > Dynamic Link Code > Advanced Tab
There, enter the value of the key in the textbox labeled “Encryption Key”.
To tell the system which algorithm you want to use and which part of the URL, you simply wrap the sensitive part of the URL with brackets for XOR, or curly brackets for Rijandael.
Basic examples 
XOR http://www.yoursite.com/page.php?id=[123456]  
  http://www.yoursite.com/page.php?userid=[%(uid)]  (with Dynamic Parameter uid)
Rijandael http://www.yoursite.com/page.php?id={r:123456}  
  http://www.yoursite.com/page.php?id={r:%(uid)} (with Dynamic Parameter uid)
Complex examples
or, in combination with Programmable Codes:
btpy:::'http://www.yoursite.com/page.cgi?id={r:' + redir.userID + '}' 
Decryption / De-obfuscation
Your web application can access the encrypted part of the URL and decrypt or de-obfuscate it.
We show you a simple .net (c#) example how you can do that. 
XOR De-obfuscation
   1:  string XOR(string Key, string EncryptedContent)
   2:  {
   3:      StringBuilder sb = new StringBuilder();
   5:      for (int i = 0; i < Key.Length && i < EncryptedContent.Length; i++) 
   6:          sb.Append((char)(Key[i] ^ EncryptedContent [i]));
   8:      return sb.ToString();
   9:  }
Rijandael Decryption
   1:  string DecryptRijandael(string Key, string EncryptedContent)
   2:  {
   3:      /* Constants */
   4:      byte[] salt = Encoding.ASCII.GetBytes("sumsumsum");
   5:      byte[] vector = Encoding.ASCII.GetBytes("@dddc3D41234g7H8");
   6:      const int iterations = 2;
   7:      const int keySize = 256;
   9:      /* Preparing the encrypted string */ 
  10:      string encryptedContent = EncryptedContent.Replace("_", "+").Replace("-", "/");
  11:      int missing = encryptedContent.Length % 4 == 0 ? 0 : 4 - encryptedContent.Length % 4;
  13:      for (int i = 0; i < missing; i++)
  14:          encryptedContent += "=";
  16:      byte[] key = new Rfc2898DeriveBytes(Key, salt, iterations).GetBytes(keySize / 8);            
  17:      byte[] encryptedContentBytes = System.Convert.FromBase64String(encryptedContent);
  18:      RijndaelManaged symmetricKey = new RijndaelManaged();
  19:      symmetricKey.Mode = CipherMode.CBC;
  20:      ICryptoTransform decryptor = symmetricKey.CreateDecryptor(key, vector);
  21:      MemoryStream memoryStream = new MemoryStream(encryptedContentBytes);
  22:      CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
  23:      byte[] plainTextBytesBuf = new byte[encryptedContentBytes.Length];
  24:      int decryptedByteCount = cryptoStream.Read(plainTextBytesBuf, 0, plainTextBytesBuf.Length);
  25:      memoryStream.Close();
  26:      cryptoStream.Close();
  27:      byte[] plainTextBytes = new byte[decryptedByteCount];
  28:      Array.Copy(plainTextBytesBuf, plainTextBytes, decryptedByteCount);
  30:      return Encoding.UTF8.GetString(plainTextBytes);            
  31:  }




Implementing Encrypted Codes is free and available for all existing and new System Codes.




©2005-2022 connvision Ltd - Contact - Privacy - Algemene voorwaarden
German - English - DutchDutch is currently in Beta. Help us to improve! - RussianRussian is currently in Beta. Help us to improve! - TurkishTurkish is currently in Beta. Help us to improve!