Webs Posted April 1, 2010 Share Posted April 1, 2010 So to use the _StringEncrypt function I have to have the value I'm encrypting in the function. Then once I want to decrypt I have to have that value in the function too? That is what I do not understand. For example I used the following code to add two encrypted values to an INI file: #include <String.au3> #include <file.au3> #include <INet.au3> $iniFile = "dir" $s_EncryptText1 = "username" $s_EncryptText2 = "password" $s_EncryptPassword = "random characters" IniWrite ( $iniFile, "Settings", 6, _StringEncrypt ( 1, $s_EncryptText1, $s_EncryptPassword, 1 ) ) IniWrite ( $iniFile, "Settings", 7, _StringEncrypt ( 1, $s_EncryptText2, $s_EncryptPassword, 1 ) ) So those two variables, $s_EncryptText1 and 2, would they be necessary to be able to decrypt the values in the INI files? That to me doesn't make much sense and would seem to defeat the purpose of encrypting in the first place. Or am I missing something? If not, is there a way I could safely encrypt the strings without having to type the username and password in the script in clear text. BTW, this is part of an automated script so it would not help me to have a popup box or something that asks for input. Link to comment Share on other sites More sharing options...
jchd Posted April 1, 2010 Share Posted April 1, 2010 It doesn't work the way you think, hopefully. Here is how it really works: Local $plaintext = "Assume that you can read this sentence." Local $password = "s0Me 95% SékiuRe p@ß_wörd" ;; encryption Local $cyphertext = _StringEncrypt(1, $plaintext, $password) ;; check readability (should fail) ConsoleWrite($cyphertext & @LF) ; .../... ;; in some other part of code or another program Local $recoveredPlaintext = _StringEncrypt(0, $cyphertext, $password) ;; check readability (should succeed) ConsoleWrite($recoveredPlaintext & @LF) This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
PsaltyDS Posted April 1, 2010 Share Posted April 1, 2010 It's called "symmetrical encryption" because the same password is used both ways. That's why it's not secure, and why _StringEncrypt() has never been recommended to secure critical data inside a script. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Webs Posted April 6, 2010 Author Share Posted April 6, 2010 (edited) But here is what I'm trying to do. I have a username and password in the INI file that I want to load into a script to use for creating a remote connection to a server. But I don't want that username and password in clear text in the script. So I have it in the INI file. But now its in clear text in the INI. Can I encrypt that? It doesn't have to be anything super fancy because if someone gets root access to our servers an unencrypted INI file will be the least of our worries as the account that is in the INI file cannot do much. But I think to be compliant with our security measures at work, it just cannot be listed in clear text in INI. I'm not sure how to do this because it looks like the way _StringEncrypt works is that it wants a cleartext value to encrypt as "$s_EncryptText". I guess what I'm trying to explain is that I'm okay with having a clear text password for encryption in the script. But I just do not understand what the value "$s_EncryptText" is used for? Would this be my username, and then I would need a whole new line for the password with a second value? Edited April 6, 2010 by Webs Link to comment Share on other sites More sharing options...
wraithdu Posted April 6, 2010 Share Posted April 6, 2010 This should make sense to you I hope. You're waaaay overcomplicating this: #NoTrayIcon #include <String.au3> #cs Ini File: [Settings] user=50980AD72A6D1F0F997015124C4B3583 pass=509D0DD52B6B1F0E980015674D443582 Generate those values: ConsoleWrite(_StringEncrypt(1, "username", $sEncPass) & @CRLF) ConsoleWrite(_StringEncrypt(1, "password", $sEncPass) & @CRLF) #ce $iniFile = "C:\some\path\to\inifile.ini" $sEncPass = "secret" $sUser = _StringEncrypt(0, IniRead($iniFile, "Settings", "user", ""), $sEncPass) $sPass = _StringEncrypt(0, IniRead($iniFile, "Settings", "pass", ""), $sEncPass) ConsoleWrite($sUser & " : " & $sPass & @CRLF) Link to comment Share on other sites More sharing options...
PhilHibbs Posted April 6, 2010 Share Posted April 6, 2010 (edited) Put simply: the same function call that encrypted your plain text can also be used to decrypt the encrypted version. So you pass the plain text and password in the first time, then you call the same functon but this time you pass in the encrypted text and the password, and you get back the unencrypted text.The simplest form of symmetric encryption is "ROT13", which means "Rotate 13 characters". If you write down the 26-character alphabet on the outside of a circle, and rotate by 13 characters on the circle for each character of your input, a user name of "phibbs" would become "cuvoof". If you then take "cuvoof" and pass it through the same encryption process, you get "phibbs" back again. _StringEncrypt() is like that, but uses a password to make it a bit less obvious than ROT13. Edited April 6, 2010 by PhilHibbs Link to comment Share on other sites More sharing options...
Webs Posted April 6, 2010 Author Share Posted April 6, 2010 Thanks wraithdu, I wasn't think about it correctly. Having the INIRead function inside the stringencrypt is what I was missing. For someone my brain didn't latch onto that concept. Thanks for the explanation of the encryption Phil, that makes sense. I think it should be secure enough for what I'm doing. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now