Publish and Subscribe to AES-256 Encrypted MQTT Messages to Node-RED from PHP Scripts


 
Thread Tools Search this Thread
Top Forums Programming Publish and Subscribe to AES-256 Encrypted MQTT Messages to Node-RED from PHP Scripts
# 1  
Old 02-08-2020
Publish and Subscribe to AES-256 Encrypted MQTT Messages to Node-RED from PHP Scripts

Various Node-Red crypto modules do not work with PHP, so to send an encrypted message from a PHP script (in this case from a Ubuntu server) to Node-RED we need our own code.

After a few hours of searching, testing various libs, more testing and debugging, I got this PHP to Node-RED code working today, and it works OK (serves its purpose):

I ended up modifying some well done StackOverflow code by inieto from here, Encrypt string in PHP and decrypt in Node.js to get both PHP and the JS to work together over MQTT:

Here is the PHP code:

Code:
<?php
/****************************************************
 *  EXAMPLE PHP SCRIPT TO SEND MQTT MESSAGE TO A
 *  NODE-RED FLOW USING AES-256 ENCRYPTION  v0.1
 *  Neo: www.unix.com   8 Feb 2020
 *  Public Domain.   Anyone Can Use As They Wish
 */
define(DEBUG, true);
define(AES_METHOD, "AES-256-CBC");
define(SHARED_SECRET, "My32charPasswordAndInitVectorStr");
date_default_timezone_set('UTC');
$thedate = date('l jS \of F Y h:i:s A');
$length = strlen($thedate);
if (DEBUG) {
    echo $thedate . "\n";
    echo $length . "\n";
}
$textToEncrypt = substr($thedate, 0, $length) . " is my AES-256 encrypted date.";
$iv = substr(SHARED_SECRET, 0, 16);

$encryptedMessage = openssl_encrypt($textToEncrypt, AES_METHOD, SHARED_SECRET, 0, $iv);
$command = '/usr/bin/mosquitto_pub -t debug/aes -m "' . $encryptedMessage . '" -q 1';

$output = shell_exec($command);
if (DEBUG) {
    $decryptedMessage = openssl_decrypt($encryptedMessage, AES_METHOD, SHARED_SECRET, 0, $iv);
    echo "$encryptedMessage\n";
    echo "$decryptedMessage\n";
}


The "crypto" lib is included in the current version of Node-RED, so they say, but it did not work for me until imported it into Node-RED as follows (maybe I did something wrong earlier when debugging):

Code:
ubuntu$cd ~/.node-red
ubuntu$ npm install crypto

But that is not enough, you need to edit / add to your settings.js file in your Node-RED base directory, like this:

Code:
 functionGlobalContext: {
        crypto:require("crypto")
    },

Then we can write a JS function node in Node-RED, as follows:

Code:
// Modified by Neo from original code by inieto 
// See reference above
// Public domain.  Please use as you might find useful:
// Node-RED method for requiring JS libs in functions
var crypto = global.get("crypto");
var encryptionMethod = "AES-256-CBC";
//shared secret must be 32 char length
var secret = "My32charPasswordAndInitVectorStr";
var iv = secret.substr(0, 16);

// Node-RED message payload is a JSON object
var encryptedMessage = msg.payload;

var decryptedMessage = decrypt(encryptedMessage, encryptionMethod, secret, iv);

// Node-RED message payload is a JSON object
var newMsg = { payload: decryptedMessage };
return newMsg;

// In this example, only the decrypt method is used in this setup
var decrypt = function(encryptedMessage, encryptionMethod, secret, iv) {
  var decryptor = crypto.createDecipheriv(encryptionMethod, secret, iv);
  return (
    decryptor.update(encryptedMessage, "base64", "utf8") +
    decryptor.final("utf8")
  );
};

// The following encrypt method it not used in this example, but it is included
// here for completeness (from the original post)
var encrypt = function(plain_text, encryptionMethod, secret, iv) {
  var encryptor = crypto.createCipheriv(encryptionMethod, secret, iv);
  return (
    encryptor.update(plain_text, "utf8", "base64") + encryptor.final("base64")
  );
};

My debugging layout looks like this in Node-RED:


Publish and Subscribe to AES-256 Encrypted MQTT Messages to Node-RED from PHP Scripts-screen-shot-2020-02-08-45547-pmjpg


Node-RED Debug Console Results:

Code:
2/8/2020, 4:55:22 PMnode: c399ebfe.d90398
debug/aes : msg.payload : string[108]
"Al1mNY9VSEaOy85SdrmOW0vApe2ABeOcjW6eQeRXaEOCtJxULBvW/e6Jyr9K2p1+0mqf40xTQZri9uf18nHQFn92anuMA8zi5ipunp72U9Y="
2/8/2020, 4:55:22 PMnode: bd20fdce.5bfef
msg.payload : string[71]
"Saturday 8th of February 2020 09:55:21 AM is my AES-256 encrypted date."
2/8/2020, 4:56:02 PMnode: c399ebfe.d90398
debug/aes : msg.payload : string[108]
"Al1mNY9VSEaOy85SdrmOW0vApe2ABeOcjW6eQeRXaEMAHwwHRrVVgVmIy/Xd7A9fc7jkxkk8P8p3aaNgAoEIyL+goIjS6dMLAhdhT+1uB1E="
2/8/2020, 4:56:02 PMnode: bd20fdce.5bfef
msg.payload : string[71]
"Saturday 8th of February 2020 09:56:01 AM is my AES-256 encrypted date."
2/8/2020, 4:57:01 PMnode: c399ebfe.d90398
debug/aes : msg.payload : string[108]
"Al1mNY9VSEaOy85SdrmOW0vApe2ABeOcjW6eQeRXaEPVMwgS2G/DZq/AqM4RDyUCJ+pNqTxnCzXe0BtIyAsf21L+mSp2uHW8icxPG4t++aw="
2/8/2020, 4:57:02 PMnode: bd20fdce.5bfef
msg.payload : string[71]
"Saturday 8th of February 2020 09:57:01 AM is my AES-256 encrypted date."
2/8/2020, 4:58:01 PMnode: c399ebfe.d90398
debug/aes : msg.payload : string[108]
"Al1mNY9VSEaOy85SdrmOW0vApe2ABeOcjW6eQeRXaEPrRIilm8M/nB7G8KsqoRP4qDi743QNN4cxlmvEjtEV4zW4NUDhndBIHI1xcyW+ui0="
2/8/2020, 4:58:02 PMnode: bd20fdce.5bfef
msg.payload : string[71]
"Saturday 8th of February 2020 09:58:01 AM is my AES-256 encrypted date."

With this example PHP and Node-JS JS function code, we can publish (encrypting on the PHP side) and subscribe (decrypting on the Node-RED side) any Linux server data we wish to Node-RED using PHP, securely with AES-256 encryption.
This User Gave Thanks to Neo For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Programming

Node-RED: Writing MQTT Messages to MySQL DB with UNIX timestamp

First, I want to thank Neo (LOL) for this post from 2018, Node.js and mysql - ER_ACCESS_DENIED_ERROR I could not get the Node-RED mysql module to work and searched Google until all my links were purple! I kept getting ER_ACCESS_DENIED_ERROR with the right credentials. Nothing on the web was... (0 Replies)
Discussion started by: Neo
0 Replies

2. Infrastructure Monitoring

Using Node-RED and MQTT to Monitor Server and Application Stats

After setting up MQTT and testing some ESP8266 and ESP32 modules, where I noted that testing in Programming ESP32 (ESP-WROOM-32) as an MQTT Client Subscribed to Linux Server Load Average Messages, I was so impressed with MQTT that I installed MQTT on three different computers, instantly and... (2 Replies)
Discussion started by: Neo
2 Replies

3. Programming

ESP32 (ESP-WROOM-32) as an MQTT Client Subscribed to Linux Server Load Average Messages

Here we go.... Preface: ..... so in a galaxy far, far, far away from commercial, data sharing corporations..... For this project, I used the ESP-WROOM-32 as an MQTT (publish / subscribe) client which receives Linux server "load averages" as messages published as MQTT pub/sub messages.... (6 Replies)
Discussion started by: Neo
6 Replies

4. UNIX for Dummies Questions & Answers

Best way to publish logs and reports from shell scripts?

Hello, I have been searching for some advice on this. I'm new to linux in a sys-admin kind of role, and I'm often asked to get information by running basic commands in the linux shell. For example, how many jobs running, grep a number of files, run a random program and output the results,... (4 Replies)
Discussion started by: allagher8
4 Replies

5. Cybersecurity

Is ccrypt AES 256 bit crypto secure enough?

Toucan software uses 256bit AES encryption using ccrypt (https://en.wikipedia.org/wiki/Ccrypt) i want to ask if its secure to use this ccrypt encryption for storing .TXT file with my passwords on cloud storage like Google Drive? (7 Replies)
Discussion started by: postcd
7 Replies

6. Shell Programming and Scripting

Start scripts if it doesn't run on other node

Hello community, I created a script to simply query DB and then analize data. The environment where the script will works is two RedHat machines that access both to an external database. My script runs from the first crontab node. But what about if the first node goes down? What I need is copy... (2 Replies)
Discussion started by: Lord Spectre
2 Replies

7. Homework & Coursework Questions

Sending encrypted messages (ssh or scp)

1. we are a group a students and we need a help for sending encrypted messages with unix (ssh or scp) 2. we tried to use ssh and scp protocol but we didn't manage to send the message because we don't know the correct syntax of the command and we are asked a password and we don't know which is... (1 Reply)
Discussion started by: supervavul
1 Replies

8. UNIX for Advanced & Expert Users

encrypting file system using AES 256 bit

Experts, I am trying to encrypt my filesystem using the AES 256 bit type of encryption. I am using FreeBSD 5.4 and need to encrypt one of the mounted points. Does anybody have any good idea of how to do it? Is there any documentation about encrypting the disk partition as this method is more... (2 Replies)
Discussion started by: jimmynath
2 Replies
Login or Register to Ask a Question