Question about saving encrypted data

wriedmann · Post by **wriedmann** » Fri Nov 09, 2018 9:17 am

Hi,
I'm in the process about migrating encrypted data (it is a database of passwords to foreign databases) from one application to another, and in the same process I would make the data safe for a later X# migration.
Currently the passwords are encrypted using the VO Crypt() function and saved to a DBFCDX table.
The target application uses a ADS database, and I'm migrating because I need the SQL access for faster searching.

My question now is how to encrypt the data so it can be used from both X# and VO, and in both ADS and DBFCDX.

For the last step I have thought about enconding the crypted string in Base64, so there is no danger to corrupt the data in the database layer.
But what about the encrypting itself?

Wolfgang

lumberjack · Post by **lumberjack** » Fri Nov 09, 2018 9:28 am

Hi Wolfgang,

wriedmann wrote:Hi,
But what about the encrypting itself?
Wolfgang

I moved away from traditional encryption and ended with this one-way encryption algorithm that I adapt as required.

Code: Select all

FUNCTION EncryptS2N(cString AS STRING) AS WORD
	LOCAL nChar, nRetVal, nSLen AS WORD
	LOCAL cSoundex AS STRING  // Might want to remove this if there are differences in Soundex()
	nRetVal := 0
	cSoundex := SoundEx(cString := Trim(cString))
	nSLen := SLen(cSoundex)
	FOR nChar := 1 UPTO nSLen
		nRetVal += Asc(SubStr3(cSoundex, nChar, 1))
	NEXT
	nSLen := SLen(cString)
	FOR nChar := 1 UPTO nSLen
		nRetVal += Asc(SubStr3(cString, nChar, 1))
	NEXT
	nRetVal *= nSLen
	RETURN nRetVal

Think it is easy enough to adapt to be consistent over any platform, and since it is only a number that is stored in the DB, relatively difficult to detect what the "Password" was.

Code: Select all

EncryptS2N(sPwd + sUsr + sKey)

HTH,

wriedmann · Post by **wriedmann** » Fri Nov 09, 2018 9:32 am

Hi Johan,

I cannot use any one-way encryption as I need to display the passwords (they are not the passwords to access my system, but for a lot of other different systems).

Wolfgang

lumberjack · Post by **lumberjack** » Fri Nov 09, 2018 10:05 am

Hi Wolfgang,

wriedmann wrote: I cannot use any one-way encryption as I need to display the passwords (they are not the passwords to access my system, but for a lot of other different systems).

Well you can always just use a xor(string, key)
where key is Replicated internally to string.length
Regards,

Chris · Post by **Chris** » Fri Nov 09, 2018 1:59 pm

That's not implemented yet, but I think the best solution is that we implement Crypt() so that it uses a byte array to hold the encrypted string. So we implement 2 overloads:

1. For encrypting:

FUNCTION Crypt(cText AS STRING) AS BYTE[]

this will first convert the (unicode) string input to an ansi 8-bit string, then crypt this with the exact same method that VO uses. Then return the crypted data as a BYTE array that can be save directly to dbfs, text files etc. This data cannot be reliably converted to unicode, because it does not consist of "real" text, so many chars will not have ansi->unicode equivalents.

2. For decrypting:

FUNCTION Crypt(aCrypted AS BYTE[]) AS STRING

this will take the crypted data that was stored to a dbf or file, decrypt it, and convert/return it as a normal unicode string, which will be the same as the original one.

Should be relatively easy to implement this quickly. Do you guys agree about the above?

wriedmann · Post by **wriedmann** » Fri Nov 09, 2018 2:04 pm

Hi Chris,

yes, this would be a solution.
To save then the crypted string to a database field I can use base64 encoding.
So I can now implement it with VO and can be sure that it will work afterwards also with X# (this application will be the first one migrated entirely to X#).
The Crypt() key will remain a string, or better a byte array?

Wolfgang

Chris · Post by **Chris** » Fri Nov 09, 2018 2:32 pm

Hi Wolfgang,

You will not need BASE64 conversion to save the encrypted string in a dbf, instead the X# runtime will include commands for saving directly byte arrays to dbfs, so you will be able to save the result of Crypt() directly!

Yes, the key is not affected, at least as long as it is a "real" text string. You are not using keys with random ascii chars, right?

Chris

wriedmann · Post by **wriedmann** » Fri Nov 09, 2018 2:46 pm

Hi Chris,

I would prefer Base64 so there is no possibilty that data will be corrupted between VO and X#. And there is ADS also in the middle....

Wolfgang

Chris · Post by **Chris** » Fri Nov 09, 2018 3:12 pm

Hi Wolfgang,

Yes, Base64 is better in the sense that you can use it even now, without any considerations etc. Only problem is it can't be used when needing to reuse existing data already stored in dbfs from VO apps that do not use Base64 storing.

But the byte array method will be perfectly safe, too. Only thing that could go wrong is if you are not using standard text of the system's locale settings, for example if you use strings in your (.Net) app from different (human) languages, in which case Crypt() itself will not work properly anyway.

This was never an issue in VO, as it did not have unicode strings anyway to make this a possibility, but if you do that in .Net (you use for example both English, Greek, Cyrillic, German, Spanish etc special chars in your apps and want to crypt such texts) that you'll need to use a different mechanism for encryption, most probably one of the build in .Net classes.

Chris

wriedmann · Post by **wriedmann** » Fri Nov 09, 2018 3:16 pm

Hi Chris,

I'm in the process to transfer the functionality and the data from one VO application to another one. The current application is based on DBFCDX, and the destination application uses AXDBFCDX, so I need to transfer the data, and in this process I can do some translations.

Wolfgang

Main menu