AESFusion on Android and PHP

[ReaperHGN]

I am trying to develop an application for Android that talks to a PHP backend. I had anticipated using a shared private key to encrypt/decrypt data between the Android app and the PHP backend. Whenever I encrypt a string on Android and send it to the PHP backend for decryption, the shared private key does not decrypt the string properly. Does anyone have an example of the code I can use in PHP that correlates to the encryption that AESFusion object does on Android? I searched the threads but I may not have been using the right keywords to uncover this little bit of information.

Thanks

[SoftWarewolf]

I recommend obfuscating the values, as local encryption can easily be broken.
There is no problem sending the values in clear text if you include a verification string, just use a bunch of different parts of the variables and md5 it with string parser.
Then do the same on the php side to check that it matches up.

f.ex you send
score: 500
level: 4
random: 123456

and verification, which is something like: md5((score*2)+(level*5)+random-1337)
the more complicated the better.

so you'll send 4 variables instead of 3, but an md5 is always only 32 characters and it protects all the variables you use to build it, if any variable is changed the two md5 will not match.

if you want it really secure you can do two requests where the server first sends values to the client to play with.
it works something like this:

client: id like to submit a score please
server: sure, i randomly generated the numbers 45346245, 324456, and 234356 for you and put this in a database with id X.
client: no problem, id was X, my score is 1000 and using the score, id, and the 3 numbers with crazy obfuscation i end up with md5 verification key "e4d909c290d0fb1ca068ffaddf22cbd0"
server: that's a match, request complete, thanks!

[ReaperHGN]

I didnt include my plans to MD5 hash most of my data to make the example less complicated. Personally, I like the way you outlined this, and I definitely plan on this strategy for the local data. What I am looking for, though is how I can take the data and bundle it up (MD5 hashed or no) encrypt this with a private key so that I can send it to the PHP server and have the server decrypt that data using the same shared key on that side.

So the flow goes like this:
-package the data in a string "|data1|data2|md5(data3)|random data|"
-encrypt string with key
-POST to PHP server
-On php server, decrypt string with key
-store data including compare MD5 hash with data already stored

The problem I am running into is I cant seem to decrypt the string with the key using PHP and get the same data I put into it on Android.

[Ls2]

A question: how are you creating a md5 hash in Android application?

[ReaperHGN]

The string parser has an MD5 signature function.

[Ls2]

Thank you, ReaperHGN!