moocan Posted June 3, 2004 Share Posted June 3, 2004 Hi, I have a question ... Is it possible to encrypt a file with autoit and then use it whis another autoit script which can decrypt this file and use paramaters in this file. I try to have a script which connect to a SQL database ... and my connection parameters are stored in a INI file. Could it be encrypted and decrypted when or before my script call fonction INIRead ? If yes thanks for the how to ! Thanks by advance MooCan Link to comment Share on other sites More sharing options...
pekster Posted June 3, 2004 Share Posted June 3, 2004 (edited) You have a few options, depending on how much work you are willing to do, and how important it is to keep the file under tough encryption. You could simply have the script manipulate the data entered with a simple exchange of characters or addition of a known number for the ASCII value (example: add 1 for all vaues except 255, where you set it to 0.) You could make this more complex if you need to. This is a low grade encryption.If you wanted a more secure method of protecting your data, you could look at including a seperate file in your script (see the FileInstall function) and extract it to the script's directory. You could then use this external program to encrypt/ decrypt your ini file. Should you pick this method, be sure that the encrpytion program is fully functional with command line paramaters.You could also have the script FileInstall a copy of the au3 source, the AutoIt required compiling files, and the ini. After it changes the values, it could re-encrypt itself with a 2nd script (also FileInstalled) and then delete all the temporary files. I'm not sure to what extent the passphrase encryption built in to AutoIt is, but you will probably have a more secure file using the 2nd method I described.Edited to correct a couple minor typos Edited June 3, 2004 by pekster [font="Optima"]"Standing in the rain, twisted and insane, we are holding onto nothing.Feeling every breath, holding no regrets, we're still looking out for something."[/font]Note: my projects are off-line until I can spend more time to make them compatable with syntax changes. Link to comment Share on other sites More sharing options...
Developers Jos Posted June 3, 2004 Developers Share Posted June 3, 2004 here's an example script i picked up somewhere that can encrypt /decrypt passwords .... maybe it gets you started: expandcollapse popup; This example will: ; First part ; 1. prompt for a password ; 2. Encrypt it with a given passcode ; 3. convert each character to its hex notation to be able to save it to an INI file. ; ; Second part: ; 1. prompt for a password to be verified ; 2. Retrieve the saved encrypted Password ; 3. convert each 2 characters Hex value back to an Ascii Character ; 4. Decrypt the saved password ; 5. Match the saved password against the typed password ; ; ; Define the KEY with which you want to encrypt the password. $PASSKEY = "PASSWORD" ; prompt for the password which we want to save in the INI file $PASSWORD=InputBox("Prompt","Type the password to save: ","","*") ; encrypt password and convert all character to Hex notation $TEMP = Str2Hex(Crypt($PASSKEY,$PASSWORD)) ; Save the password in INI file IniWrite("crypt.ini","program","password",$TEMP) ; ; ; Now type the password tha we will verify against the saved encrypted password $PASSWORD=InputBox("Prompt","Type the password to verify with the saved version: ","","*") ; Retrieve saved password $M_PASSWORD =IniRead("crypt.ini","program","password","") ; change the Hex notation bach to characters and decrypt $M_PASSWORD = Crypt($PASSKEY,Hex2Str($M_PASSWORD)) ; Check if they have an exact match (==) If $M_PASSWORD == $PASSWORD Then MsgBox(0,'Ok', "Passwords match.") Else MsgBox(16,'Wrong', "Passwords didn't match.") EndIf Exit Func Crypt($PASS, $STRG) $A = 1 $N_STRG = "" For $I = 1 To StringLen($STRG) $B = Asc(StringMid($PASS, $A, 1)) $A = $A + 1 If $A > StringLen($PASS) Then $A = 1 $N_STRG = $N_STRG & Chr(BitXOR(Asc(StringMid($STRG, $I, 1)),$B)) Next Return $N_STRG EndFunc ;==>Crypt ; convert each character to its HEX value Func Str2Hex($STRG) $H = "" For $I = 1 To StringLen($STRG) $H = $H & String(Hex(Asc(StringMid($STRG, $I, 1)),2)) Next Return $H EndFunc ;==>Str2Hex ; convert each 2 character Hex value back to an Ascii Character Func Hex2Str($H) $STRG = "" For $I = 1 To StringLen($H) Step 2 $STRG = $STRG & Chr(Dec(StringMid($H, $I, 2))) Next Return $STRG EndFunc ;==>Hex2Str SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Guest Ezzetabi (offline) Posted June 3, 2004 Share Posted June 3, 2004 Use Idea to crypt the file.Use it to decryp... read the .ini... emcrypt again. The encrypt is made on the place so it is sure.Just avoid NTFS encryption and compression that would force the PC copies the file.http://www.cypherspace.org/adam/rsa/idea.html Link to comment Share on other sites More sharing options...
moocan Posted June 3, 2004 Author Share Posted June 3, 2004 Hi, And thanks to all for your replies. I will try these this night. I prefered a fonction that is included in my principal script with no external program because is just to prevent the malicious user to read my INI parameters file with all informations. I think a simple encrypt fonction is good for me with no user or admin intervention. I work on a project which all things are fully automated "ZeroTouch". All I want that the user could not retrieve for example user acccount and password. But the project operator must be able to change this informations and reencrypt the INI file and share it on a server where the autoit script could grab it, decrypt it and use it (I hope my english is clear for you ) Thanks for your help MooCan Link to comment Share on other sites More sharing options...
pekster Posted June 4, 2004 Share Posted June 4, 2004 If you do not want the end user to be able to get the data, you should not use the Send() function, since a simple keylogger could detect the typed text, thus giving the end user a way around all your encryption. Instead, you should ControlSend the data to the proper control where you want it typed. And even then, it's not foolproof. Someone could theoretically create their own simple GUI that looks like the entry fields for your application (same classname, etc), but then show the password in plaintext. [font="Optima"]"Standing in the rain, twisted and insane, we are holding onto nothing.Feeling every breath, holding no regrets, we're still looking out for something."[/font]Note: my projects are off-line until I can spend more time to make them compatable with syntax changes. Link to comment Share on other sites More sharing options...
Valik Posted June 4, 2004 Share Posted June 4, 2004 If somebody wanted the password bad enough, it would take them all of 5 minutes to write a hook to catch it going to the control, even with ControlSend. Link to comment Share on other sites More sharing options...
AcidCorps Posted August 10, 2007 Share Posted August 10, 2007 If you wanted a more secure method of protecting your data, you could look at including a seperate file in your script (see the FileInstall function) and extract it to the script's directory. You could then use this external program to encrypt/ decrypt your ini file. Should you pick this method, be sure that the encrpytion program is fully functional with command line paramaters.<span style='font-size:7pt;line-height:100%'>Edited to correct a couple minor typos</span>I really like this methiod but I'm seeing it's from 2004 so I'm wondering if theres an updated way to do this and if somene could give me a little more information on this method?perhaps a good third party encryption fileand how excatly to include it within my script (do i just do #include <encryption.file> ?) - Acid Corps Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now