encrypt file with public key, decrypt with private key

[drov]

Hi, on my current project I wish to encrypt some files, right now I used _Crypt_EncryptFile but the problem is that it only take one key and it can pretty much be found out easily.

So I'd like to know if you know any function to do this :

crypt file with the public key that everyone got so it can be crypted and stored inside the program without any fear

but to decrypt the file you need a private key which isn't in the same as the public of course

 

I don't know if I have explained me correctly but basically I am looking for a function to encrypt files with one password and decrypt them with a different one

[jdelaney]

If you crypt|decrypt using an inputbox for the password, then you don't have a stored password...keep it safe.  Nothing is foolproof.

Edited June 2, 2014 by jdelaney

[jchd]

drov,

 

Hi, on my current project I wish to encrypt some files, right now I used _Crypt_EncryptFile but the problem is that it only take one key and it can pretty much be found out easily.

The assertion in bold depends on the level of secrecy applied to the key, since the various algorithms offered provide serious security regarding unexpected decryption.

 

crypt file with the public key that everyone got so it can be crypted and stored inside the program without any fear

but to decrypt the file you need a private key which isn't in the same as the public of course

Why on earth do you want to store the encryption key inside the program?

Anyway this is not how asymetric cryptography works. You encrypt the plaintext using the public key of destinee(s) who use their private key to decrypt.

You should google RSA cryptosystem to learn more.

RSA is painfully slow to encode any pratical plaintext of common size. Instead, RSA is used to encode only a uniquely created session key (short enough to make the process practical on 8-bit micro-controllers) which is then used to encrypt the body of the plaintext with a stream cipher. RSA also provides a neat way to authenticate the emitter by means of an unforgeable signature.

You can experiment with RSA even in AutoIt by using the bignum UDF and an extra number-theoretic function (code below). Of course this is slow as snails. But please don't even think of using such a naive implementation for real because there are way too many pitfalls lurking doing so.

Beyond subtililties in implementations, the real challenge with public-key cryptosystems is with key publishing and associated trust.

; #FUNCTION# ;====================================================================================
;
; Name...........: _BigNum_PowerMod
; Description ...: Modular Exponentiation Mod($n^$e, $k)
; Syntax.........: _BigNum_Pow($n, $e, $k)
; Parameters ....: $n - Positive StringNumber: Digits"0"..."9"
;                  $e - Positive StringNumber: Exponent
;                  $k - Positive StringNumber: Modulus
; Return values .: Success - Result Mod($n^$e, $k)
;                  Failure - -1, sets @error to 1 if $n is not a positive valid StringNumber
;                            -1, sets @error to 2 if $e is not a positive valid StringNumber
;                            -1, sets @error to 3 if $k is not a positive valid StringNumber
; Author ........: jchd
; Date ..........: 17.12.13
; Remarks .......: Fractional exponents not allowed - use BigNum_n_root instead.
; ;===============================================================================================
Func _BigNum_PowerMod($n, $e, $k)
    If Not __BigNum_IsValid($n) Then Return SetError(1, 0, -1)
    If Not __BigNum_IsValid($e) Then Return SetError(2, 0, -1)
    If Not __BigNum_IsValid($k) Then Return SetError(3, 0, -1)

    Local $res = "1"

    While $e <> "0"
        If Mod(StringRight($e, 1), 2) Then
            $res = _BigNum_Mod(_BigNum_Mul($res, $n), $k)
            $e = _BigNum_Sub($e, "1")
        EndIf
        $n = _BigNum_Mod(_BigNum_Mul($n, $n), $k)
        $e = _BigNum_Div($e, "2")
    WEnd

    Return $res
EndFunc   ;==>_BigNum_PowerMod

Edited June 2, 2014 by jchd

[drov]

Hi, thanks for the answers I found this udf here :
 '?do=embed' frameborder='0' data-embedContent>>

and i've red the source code of _Crypt_EncryptFile so I think I can create it but the udf itself isn't working when I try to decrypt so I'm pretty sad

since I don't feel like I can code the whole rsa algorithm with big int I'm a bit blocked T_T

the inputbox idea is good but sometimes I need to encrypt without user prompt the password so :/

[jchd]

AutoIt plugins support has been dropped.

Which issue do you have with _Crypt UDF?

I'd consider using a proven third-party encryption/decryption program. PGP, GPG, OpenPGP, ...

[drov]

basically it encrypts well but whenever I try to decrypt this happens :

 

third party seems good, do you recommand any of them ?

[jchd]

Short reproducer code/data would be more useful.

[drov]

the code/data is basically the "test.au3" file found here :

'?do=embed' frameborder='0' data-embedContent>>

 

the code itself :

#compiler_plugin_funcs = RSA_GenerateKeys, RSA_Encrypt, RSA_Decrypt
$plug = PluginOpen(@ScriptDir & "\rsa.dll")
SplashTextOn("RSA", "Generating Key", 200, 25)
RSA_GenerateKeys(64, "C:\", "peethebee")
SplashTextOn("RSA", "Encrypting...", 200, 25)
$enc = RSA_Encrypt("This is a simple test of the RSA plugin for AutoIt by peethebee", "C:\\peethebee.pubkey")
SplashOff()
MsgBox(0, "Encrypted", $enc)
SplashTextOn("RSA", "Decrypting...", 200, 25)
$dec = RSA_Decrypt($enc, "C:\\peethebee.privkey")
SplashOff()
MsgBox(0, "Decrypted", $dec)

the archive with everything in it :

http://www.autoit.de/peethebee/RSA-PlugIn_0.5.zip

thanks again

[jchd]

Again, plugins are something of the past. I'm not going to downgrade just to double-check this oldies don't work anymore for some reason.

[drov]

Yes I know, I'm pretty sad because that's the only func I found, I'm gonna use inline gpg crypt I think, I will post what I have found later for the future users

[drov]

Hi, sorry about the delay I got a bit busy.

So I used gpg which took me a lonnnng time to automate but here it's finally done :

most script commands

; get public&private :
;gpg --export-secret-key -a > private
; gpg --export -a > public

; crypt :
; gpg --import public.key
;gpg -e -r "tester" -u  "tester" --trust-model always luv.docx
;luv being my file

;decrypt :
; gpg --import private.key
; gpg --passphrase abc  -d luv.docx.gpg > luv.docx


;generate keys
runwait("cmd /c "&$gpg&" --gen-key --batch < "&$test)

and I just automated that with cmd like this :

run("cmd /c "&$gpg&" --list-key") ; example to list the keys

with @swHide it can be silent

test contains this :

 

%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Length: 1024
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: Joe Tester
Name-Comment: with stupid passphrase
Name-Email: joe@foo.bar
Expire-Date: 0
Passphrase: abc
%pubring foo.pub
%secring foo.sec
# Do a commit here, so that we can later print "done" :-)
%commit
%echo done

you can read more about it here : https://www.gnupg.org/documentation/manuals/gnupg-devel/Unattended-GPG-key-generation.html

( read the whole doc it's really interesting)

and for debugging purposes dont forget to add "&pause" in the cmd expression it helps a lot

example :

run("cmd /c "&$gpg&" --list-key & pause")

Edited June 18, 2014 by drov