Jump to content

Trying to Understand Encrypting INI data

Recommended Posts

So to use the _StringEncrypt function I have to have the value I'm encrypting in the function. Then once I want to decrypt I have to have that value in the function too? That is what I do not understand. For example I used the following code to add two encrypted values to an INI file:

#include <String.au3>
#include <file.au3>
#include <INet.au3>

$iniFile = "dir"
$s_EncryptText1 = "username"
$s_EncryptText2 = "password"
$s_EncryptPassword = "random characters"

IniWrite ( $iniFile, "Settings", 6, _StringEncrypt ( 1, $s_EncryptText1, $s_EncryptPassword, 1 ) )
IniWrite ( $iniFile, "Settings", 7, _StringEncrypt ( 1, $s_EncryptText2, $s_EncryptPassword, 1 ) )

So those two variables, $s_EncryptText1 and 2, would they be necessary to be able to decrypt the values in the INI files? That to me doesn't make much sense and would seem to defeat the purpose of encrypting in the first place. Or am I missing something? If not, is there a way I could safely encrypt the strings without having to type the username and password in the script in clear text.

BTW, this is part of an automated script so it would not help me to have a popup box or something that asks for input.

Link to comment
Share on other sites

It doesn't work the way you think, hopefully.

Here is how it really works:

Local $plaintext = "Assume that you can read this sentence."
Local $password = "s0Me 95% SékiuRe p@ß_wörd"

;; encryption
Local $cyphertext = _StringEncrypt(1, $plaintext, $password)

;; check readability (should fail)
ConsoleWrite($cyphertext & @LF)

; .../...

;; in some other part of code or another program
Local $recoveredPlaintext = _StringEncrypt(0, $cyphertext, $password)

;; check readability (should succeed)
ConsoleWrite($recoveredPlaintext & @LF)

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites

It's called "symmetrical encryption" because the same password is used both ways. That's why it's not secure, and why _StringEncrypt() has never been recommended to secure critical data inside a script.


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites

But here is what I'm trying to do.

I have a username and password in the INI file that I want to load into a script to use for creating a remote connection to a server. But I don't want that username and password in clear text in the script. So I have it in the INI file. But now its in clear text in the INI. Can I encrypt that?

It doesn't have to be anything super fancy because if someone gets root access to our servers an unencrypted INI file will be the least of our worries as the account that is in the INI file cannot do much. But I think to be compliant with our security measures at work, it just cannot be listed in clear text in INI.

I'm not sure how to do this because it looks like the way _StringEncrypt works is that it wants a cleartext value to encrypt as "$s_EncryptText".

I guess what I'm trying to explain is that I'm okay with having a clear text password for encryption in the script. But I just do not understand what the value "$s_EncryptText" is used for? Would this be my username, and then I would need a whole new line for the password with a second value?

Edited by Webs
Link to comment
Share on other sites

This should make sense to you I hope. You're waaaay overcomplicating this:

#include <String.au3>

Ini File:


Generate those values:

ConsoleWrite(_StringEncrypt(1, "username", $sEncPass) & @CRLF)
ConsoleWrite(_StringEncrypt(1, "password", $sEncPass) & @CRLF)


$iniFile = "C:\some\path\to\inifile.ini"
$sEncPass = "secret"

$sUser = _StringEncrypt(0, IniRead($iniFile, "Settings", "user", ""), $sEncPass)
$sPass = _StringEncrypt(0, IniRead($iniFile, "Settings", "pass", ""), $sEncPass)

ConsoleWrite($sUser & "  :  " & $sPass & @CRLF)
Link to comment
Share on other sites

Put simply: the same function call that encrypted your plain text can also be used to decrypt the encrypted version. So you pass the plain text and password in the first time, then you call the same functon but this time you pass in the encrypted text and the password, and you get back the unencrypted text.

The simplest form of symmetric encryption is "ROT13", which means "Rotate 13 characters". If you write down the 26-character alphabet on the outside of a circle, and rotate by 13 characters on the circle for each character of your input, a user name of "phibbs" would become "cuvoof". If you then take "cuvoof" and pass it through the same encryption process, you get "phibbs" back again. _StringEncrypt() is like that, but uses a password to make it a bit less obvious than ROT13.

Edited by PhilHibbs
Link to comment
Share on other sites

Thanks wraithdu, I wasn't think about it correctly. Having the INIRead function inside the stringencrypt is what I was missing. For someone my brain didn't latch onto that concept.

Thanks for the explanation of the encryption Phil, that makes sense. I think it should be secure enough for what I'm doing.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...