Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General » View Thread |
Messages 1 to 5 of 5 total |
Encrypting strings |
Mon, Jan 6 2014 11:44 AM | Permanent Link |
Matthew Jones | To make things easier for my purposes, I've decided to stop using https/SSL and use
encryption of the JSON strings instead. To this end, I needed a simple encryptor, and I found one on StackOverflow. I've adapted it for EWB and I am posting it below. It passes all my basic tests. If anyone spots a flaw, let me know. Of course you should be aware that this is not really very secure - the source and the key are available to the person with the browser. It is my intention to pass the key (the 223 in the examples) from the server, so each session is unique, but of course the key is on the wire too... This will protect from basic snooping, but the NSA will laugh at it. 8-) Sample use: szTemp := EncryptStr(editEncrypt.Text, 223); lblEncrypt.Caption := szTemp; lblDecrypt.Caption := DecryptStr(szTemp, 223); lblDuffCrypt.Caption:= DecryptStr(szTemp, 107); Unit code below. /Matthew Jones/ unit uEncrypt; interface uses WebCore; function EncryptStr(const S :String; Key: Integer): String; function DecryptStr(const S: String; Key: Integer): String; implementation const CKEY1 = 53761; CKEY2 = 32618; // Original code from this answer //http://stackoverflow.com/questions/6798188/delphi-simple-string-encryption function EncryptStr(const S :String; Key: Integer): String; var i :Integer; RStr :String; szBuild : String; nTemp : Integer; begin Result:= ''; szBuild := ''; RStr:= S; // UTF8Encode(S); //Report('Encrypting ' + S + ', len=' + IntToStr(Length(S))); for i := 1 to Length(RStr) do begin // RStrB[i] := RStrB[i] xor (Key shr 8); nTemp := Ord(RStr[i]) xor (Key shr 8); nTemp := nTemp and $ff; szBuild := szBuild + Chr(nTemp); //Report('[' + IntToStr(i) + '] ord(' + RStr[i] + ')=' + IntToHex(Ord(RStr[i]), 2) + ' keyshr8=' + IntToStr((Key shr 8)) + ' r=' + IntToStr((Ord(RStr[i]) xor (Key shr 8)))); Key := (nTemp + Key) * CKEY1 + CKEY2; Key := Key and $ffff; //Report('[' + IntToStr(i) + '] key now ' + IntToStr(Key)); end; for i := 1 to Length(szBuild) do begin Result:= Result + IntToHex(Ord(szBuild[i]), 2); end; end; function DecryptStr(const S: String; Key: Integer): String; var i, tmpKey :Integer; RStr :String; // RStrB :TBytes Absolute RStr; tmpStr :string; szBuild : String; nTemp : Integer; begin tmpStr:= UpperCase(S); //Report('Decrypting ' + S + ', len=' + IntToStr(Length(S))); RStr := ''; szBuild := ''; i:= 1; try while (i < Length(tmpStr)) do begin RStr := RStr + Chr(StrToInt('0x' + tmpStr[i] + tmpStr[i+1])); // Report('[' + IntToStr(i) + '] ' + '0x' + tmpStr[i] + tmpStr[i+1] + ' gives ' + IntToStr(StrToInt('0x' + tmpStr[i] + tmpStr[i+1]))); Inc(i, 2); end; except Result:= ''; Exit; end; for i := 1 to Length(RStr) do begin tmpKey:= Ord(RStr[i]); //Report('[' + IntToStr(i) + '] key=' + IntToStr(Key) + ', tmpKey=' + IntToStr(tmpKey)); nTemp := (Ord(RStr[i]) xor (Key shr 8)); nTemp := nTemp and $ff; szBuild := szBuild + Chr(nTemp); Key := (tmpKey + Key) * CKEY1 + CKEY2; Key := Key and $ffff; end; //Report('szBuild=' + szBuild); Result:= szBuild; end; end. |
Tue, Jan 7 2014 8:00 AM | Permanent Link |
Matthew Jones | FWIW, this is the JSON string from a single letter 'F' and then 29 spaces:
"response":"4602FB50B884CCA068745C2F0568900C54B7EE14D54615139AAAE2730D84" Satisfies my "stop basic snooping" requirement... /Matthew Jones/ |
Fri, Jan 10 2014 11:43 AM | Permanent Link |
Ronald | Really great, Matthew, thanks!
"Matthew Jones" schreef in bericht news:memo.20140106164507.2016D@nothanks.nothanks.co.uk... To make things easier for my purposes, I've decided to stop using https/SSL and use encryption of the JSON strings instead. To this end, I needed a simple encryptor, and I found one on StackOverflow. I've adapted it for EWB and I am posting it below. It passes all my basic tests. If anyone spots a flaw, let me know. Of course you should be aware that this is not really very secure - the source and the key are available to the person with the browser. It is my intention to pass the key (the 223 in the examples) from the server, so each session is unique, but of course the key is on the wire too... This will protect from basic snooping, but the NSA will laugh at it. 8-) Sample use: szTemp := EncryptStr(editEncrypt.Text, 223); lblEncrypt.Caption := szTemp; lblDecrypt.Caption := DecryptStr(szTemp, 223); lblDuffCrypt.Caption:= DecryptStr(szTemp, 107); Unit code below. /Matthew Jones/ unit uEncrypt; interface uses WebCore; function EncryptStr(const S :String; Key: Integer): String; function DecryptStr(const S: String; Key: Integer): String; implementation const CKEY1 = 53761; CKEY2 = 32618; // Original code from this answer //http://stackoverflow.com/questions/6798188/delphi-simple-string-encryption function EncryptStr(const S :String; Key: Integer): String; var i :Integer; RStr :String; szBuild : String; nTemp : Integer; begin Result:= ''; szBuild := ''; RStr:= S; // UTF8Encode(S); //Report('Encrypting ' + S + ', len=' + IntToStr(Length(S))); for i := 1 to Length(RStr) do begin // RStrB[i] := RStrB[i] xor (Key shr 8); nTemp := Ord(RStr[i]) xor (Key shr 8); nTemp := nTemp and $ff; szBuild := szBuild + Chr(nTemp); //Report('[' + IntToStr(i) + '] ord(' + RStr[i] + ')=' + IntToHex(Ord(RStr[i]), 2) + ' keyshr8=' + IntToStr((Key shr 8)) + ' r=' + IntToStr((Ord(RStr[i]) xor (Key shr 8)))); Key := (nTemp + Key) * CKEY1 + CKEY2; Key := Key and $ffff; //Report('[' + IntToStr(i) + '] key now ' + IntToStr(Key)); end; for i := 1 to Length(szBuild) do begin Result:= Result + IntToHex(Ord(szBuild[i]), 2); end; end; function DecryptStr(const S: String; Key: Integer): String; var i, tmpKey :Integer; RStr :String; // RStrB :TBytes Absolute RStr; tmpStr :string; szBuild : String; nTemp : Integer; begin tmpStr:= UpperCase(S); //Report('Decrypting ' + S + ', len=' + IntToStr(Length(S))); RStr := ''; szBuild := ''; i:= 1; try while (i < Length(tmpStr)) do begin RStr := RStr + Chr(StrToInt('0x' + tmpStr[i] + tmpStr[i+1])); // Report('[' + IntToStr(i) + '] ' + '0x' + tmpStr[i] + tmpStr[i+1] + ' gives ' + IntToStr(StrToInt('0x' + tmpStr[i] + tmpStr[i+1]))); Inc(i, 2); end; except Result:= ''; Exit; end; for i := 1 to Length(RStr) do begin tmpKey:= Ord(RStr[i]); //Report('[' + IntToStr(i) + '] key=' + IntToStr(Key) + ', tmpKey=' + IntToStr(tmpKey)); nTemp := (Ord(RStr[i]) xor (Key shr 8)); nTemp := nTemp and $ff; szBuild := szBuild + Chr(nTemp); Key := (tmpKey + Key) * CKEY1 + CKEY2; Key := Key and $ffff; end; //Report('szBuild=' + szBuild); Result:= szBuild; end; end. |
Mon, Jan 13 2014 3:26 AM | Permanent Link |
Ronald | Hi Matthew,
Why have you decided to stop with https? Did you run into problems you did not foresee? Greetings, Ronald "Matthew Jones" schreef in bericht news:memo.20140106164507.2016D@nothanks.nothanks.co.uk... To make things easier for my purposes, I've decided to stop using https/SSL and use encryption of the JSON strings instead. To this end, I needed a simple encryptor, and I found one on StackOverflow. I've adapted it for EWB and I am posting it below. It passes all my basic tests. If anyone spots a flaw, let me know. Of course you should be aware that this is not really very secure - the source and the key are available to the person with the browser. It is my intention to pass the key (the 223 in the examples) from the server, so each session is unique, but of course the key is on the wire too... This will protect from basic snooping, but the NSA will laugh at it. 8-) Sample use: szTemp := EncryptStr(editEncrypt.Text, 223); lblEncrypt.Caption := szTemp; lblDecrypt.Caption := DecryptStr(szTemp, 223); lblDuffCrypt.Caption:= DecryptStr(szTemp, 107); Unit code below. /Matthew Jones/ unit uEncrypt; interface uses WebCore; function EncryptStr(const S :String; Key: Integer): String; function DecryptStr(const S: String; Key: Integer): String; implementation const CKEY1 = 53761; CKEY2 = 32618; // Original code from this answer //http://stackoverflow.com/questions/6798188/delphi-simple-string-encryption function EncryptStr(const S :String; Key: Integer): String; var i :Integer; RStr :String; szBuild : String; nTemp : Integer; begin Result:= ''; szBuild := ''; RStr:= S; // UTF8Encode(S); //Report('Encrypting ' + S + ', len=' + IntToStr(Length(S))); for i := 1 to Length(RStr) do begin // RStrB[i] := RStrB[i] xor (Key shr 8); nTemp := Ord(RStr[i]) xor (Key shr 8); nTemp := nTemp and $ff; szBuild := szBuild + Chr(nTemp); //Report('[' + IntToStr(i) + '] ord(' + RStr[i] + ')=' + IntToHex(Ord(RStr[i]), 2) + ' keyshr8=' + IntToStr((Key shr 8)) + ' r=' + IntToStr((Ord(RStr[i]) xor (Key shr 8)))); Key := (nTemp + Key) * CKEY1 + CKEY2; Key := Key and $ffff; //Report('[' + IntToStr(i) + '] key now ' + IntToStr(Key)); end; for i := 1 to Length(szBuild) do begin Result:= Result + IntToHex(Ord(szBuild[i]), 2); end; end; function DecryptStr(const S: String; Key: Integer): String; var i, tmpKey :Integer; RStr :String; // RStrB :TBytes Absolute RStr; tmpStr :string; szBuild : String; nTemp : Integer; begin tmpStr:= UpperCase(S); //Report('Decrypting ' + S + ', len=' + IntToStr(Length(S))); RStr := ''; szBuild := ''; i:= 1; try while (i < Length(tmpStr)) do begin RStr := RStr + Chr(StrToInt('0x' + tmpStr[i] + tmpStr[i+1])); // Report('[' + IntToStr(i) + '] ' + '0x' + tmpStr[i] + tmpStr[i+1] + ' gives ' + IntToStr(StrToInt('0x' + tmpStr[i] + tmpStr[i+1]))); Inc(i, 2); end; except Result:= ''; Exit; end; for i := 1 to Length(RStr) do begin tmpKey:= Ord(RStr[i]); //Report('[' + IntToStr(i) + '] key=' + IntToStr(Key) + ', tmpKey=' + IntToStr(tmpKey)); nTemp := (Ord(RStr[i]) xor (Key shr 8)); nTemp := nTemp and $ff; szBuild := szBuild + Chr(nTemp); Key := (tmpKey + Key) * CKEY1 + CKEY2; Key := Key and $ffff; end; //Report('szBuild=' + szBuild); Result:= szBuild; end; end. |
Mon, Jan 13 2014 5:10 AM | Permanent Link |
Matthew Jones | > Why have you decided to stop with https? Did you run into problems
> you did not foresee? I used https for my first project (that we decided to kill for market reasons), and it was all just fine. My new application is very different though, and does not have a central server. Instead, you run it on a laptop, and other people will connect to it with browsers. This then presents a load of interesting challenges for non technical users. You have an iPhone, and you have to connect to "any" computer on the network, one that has no DNS name set up for it. To make it easy to connect to, either I have to run a dynamic DNS server, and they have to type in some complex DNS name (and get it right), so that I can have a certificate that matches, or they have to enter an IP address and get certificate warnings (which may be denied by policy or mistake). https is therefore way more complex than plain http for this particular purpose. Given that the data is not particularly sensitive, the basic protection here will work for my needs. You can't see someone typing their deepest secrets ("I like jam sandwiches") going past on the wire/air using a sniffer. The NSA will laugh at it, but they'll already know about the sandwich fancy as they will own the laptop too. 8-) /Matthew Jones/ |
This web page was last updated on Monday, October 14, 2024 at 05:15 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |