Question about the Crypto Action...

**Corey** · 01-28-2005, 12:47 AM

Hi. I'm sure we can figure this out but I'm not 100% certain on the task, is this it:

"How do I validate a password which a user enters via an input object against an existing password stored in a file, using the encryption plug-in?"

Is the existing password encrypted? With which method? Is it in a flat text file?

In general, the metaphor is that we encrypt our master passwords prior to distribution so that no one has access to them, and then we can simply encrypt/compare user input against that. There is never any type of decryption involved...

**Intrigued** · 01-28-2005, 12:54 AM

1. Get user typed password for a file to be encrypted.
2. Upon trying to open the file, check the password now being used to access such file, with the password stored in the encrypted file that was typed in originally by the user.

I need the variable to check against the password to open the file, against the password stored in the encrypted file.

(Tired tonight, did that make more sense?)

Thanks in advance,

**Corey** · 01-28-2005, 01:28 AM

1. Get user typed password for a file to be encrypted.
2. Upon trying to open the file.

That's where you lose me. It's a non-sequitur. Maybe it's just me, I'm also tired...

**Intrigued** · 01-28-2005, 02:54 PM

Note: Moderator(s), can you move this to the Plugin section please. I chose unwisely (Indiana Jones movie) and put this post in the wrong forum.

When I get home I will try to reformulate my question in hopes that it will be easier to understand.

:yes

**TJ_Tigger** · 01-28-2005, 06:44 PM

Intrigued,

Let me see if I understand. It sounds like you have a file (or string) selected by the user and would like to now encrypt the file and save it to disk. Then the file is referenced somewhere in the project like a listbox and when the file is selected to be opened you want to receive a password and deencrypt the file so it can be read. Am I in the park or somewhere in BFE.

tigg

**Intrigued** · 01-28-2005, 06:57 PM

I'm sorry about the confusion.

Let me have a run at it again.

Step 1:

(In previous steps the user has saved a document to somewhere on their computer, network and protected it with a Key (read: password). This is done with the Blowfish Plugin (Crypto).

User clicks a button to choose the encrypted file
User then enters password that was set from before

Now, the data is put into an Input Object.
The data UNencrypted if the password is correct and still encrypted if wrong (they entered the previously saved password)
My question...

How do I check FIRST to see if the password is correct? Is there a built-in for the Crypto.BlowfishDecrypt Action? (ie. IDPASSWORD)

I do NOT want to dump the encrypted data in the Input Object.... only the readable data.

Now, I have not taken time to go all through it again... I have first posted this there before my mind goes to gel again.

Thanks Corey, TJ_TIGGER, or others in advance for any insight on this matter.

Otherwise, I will have to look for a workaround or change my understanding of the Encryption Plugin.

**Corey** · 01-28-2005, 07:11 PM

Hmmm, the dev guys are probably better to address this than me, I'm not an expert on that particular plug-in... If you don't get a solid answer by Monday from someone else, bump this post back up and I'm sure you will get something from one of the programmers.

**Intrigued** · 01-28-2005, 07:22 PM

Sounds good Corey. Thanks for your fast response nontheless!

I'm so content with the speed of the reply I will regress to a movie (Intermission).

:yes

**TJ_Tigger** · 01-28-2005, 08:36 PM

I haven't tried yet, but what happens when you decrypt a file with a wrong key? What does it return. I looked at the help and didn't see an error for a wrong key. What if you were to keep a list of files that were encrypted and a MD5digest for the password for that file, maybe in an INI file. Then when the file is selected to be opened you can band the password against the digest and if it passes then decrypt the file.

Might be more steps then you want but it might work.

**Intrigued** · 01-28-2005, 09:13 PM

Originally posted by TJ_Tigger

I haven't tried yet, but what happens when you decrypt a file with a wrong key? What does it return. I looked at the help and didn't see an error for a wrong key. What if you were to keep a list of files that were encrypted and a MD5digest for the password for that file, maybe in an INI file. Then when the file is selected to be opened you can band the password against the digest and if it passes then decrypt the file.

Might be more steps then you want but it might work.

Some good ideas TJ_TIGGER...

But, the data returned is the encrypted contents of the file. Definitely not what I wanted. I just want nothing to return if the Key (password) is not correct.

It might have to be an update to the plugin, if possible.

Hmmm....

Thanks for your suggestions for the workaround avenue though.

**Worm** · 01-28-2005, 09:47 PM

I haven't played with that plug-in yet, but have you tried getting the value of Application.GetLastError() after the decrypt. I'll betcha that it isn't 0 and that would let you know the key was wrong.

Again, just a guess. As I said, I haven't used this plug-in as of yet.

This is from the Crypto Plugin template:

Code:

	Crypto.BlowfishDecrypt(strSourceFile, strDestinationFile, strKey);
	if(Application.GetLastError() ~= 0)then
		Dialog.Message("Error", _tblErrorMessages[Application.GetLastError()]);
	else
		Dialog.Message("Status", "File decrypted successfully.");
	end

**SUF6NEWBIE** · 01-28-2005, 10:36 PM

My experiences thus far while getting creative with Blowfish etc
..these are the two error code values that will nail if ecrypt\decrypt has failed

Code:

Crypto.BlowfishDecrypt(strSourceFile, strDestinationFile, strKey);
	ndecerror = Application.GetLastError();
	if (ndecerror == 34002) or (ndecerror == 34003) then
		Dialog.Message("Decrypt Error", _tblErrorMessages[Application.GetLastError()]);
	else
		Dialog.Message("Status", "File decrypted successfully.");
	end

One tip is using the md5 functionality ..the value can be stored in memory
or 'recorded' - changed for any purpose..the md5 value can be used as it
were to encrypt the correct password entered, then used with blowfish
as the encrypt - decrypt key.

..so you could always do a string.compare with the user password entered
(converted to md5 string) with the 'original approved' password(also md5'd)

HTH

PS the above two error codes are 'independant' of the autorun.exe codes
..so you may need to drop the returning of tabled errors as above in WORMS's.

The returnable error codes are those stated in the Help doc for the Plugin..

**Intrigued** · 01-28-2005, 10:52 PM

Thanks for those suggestions guys.

I believe a solution for my purposes can work through a two-step process.

1. Decrypt the file to memory (Table)
2. Then test for the (Application.GetLastError() == 0) .. .. (or ~=0)

I'll report back my findings soon.

:yes

**csd214** · 01-29-2005, 02:34 AM

Some months ago I hastily tested the Crypto plug-in. "Easy to use this plug-in", I said and went on. â€“ Where is my test project to day? Oh, I found it in Corey Lessons.am5.

Worm is right (surprised?). The help doc says:
Returns: Nothing. You can use Application.GetLastError() to determine whether this action failed, and why.

Code:

error = Application.GetLastError();
if (error ~= 0) then
	-- the error code might be 34000-34003 [SUF6NEWBIE's post]
    Dialog.Message("Error", "Wrong password\r\n"..
    "The error message is:\r\n"..
    "    ".._tblErrorMessages[error], MB_OK, MB_ICONEXCLAMATION, MB_DEFBUTTON1);
	
else
	-- Ok, go on; do what you want
end

I discovered something important to day:
AVOID AN EMPTY STRING KEY; OTHERWISE THE EXECUTABLE WILL CRASH.

Code:

sSource = "AutoPlay\\Docs\\AMSdata.enc";
sDestination = "AutoPlay\\Docs\\AMSdata.txt";
sKey = Dialog.Input("Key", "Enter Key", "pos5t5v", MB_ICONQUESTION);
if sKey ~= "" then
	Crypto.BlowfishDecrypt(sSource, sDestination, sKey);
	-- test for error code

else
	Dialog.TimedMessage("Error", "No password entered", 2000, MB_ICONINFORMATION);
end

Intrigued, thanks for asking your question!

Question about the Crypto Action...

Question about the Crypto Action...

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment