PDA

View Full Version : Crypto Stuff



rhosk
02-23-2004, 06:14 AM
OK, I could be missing something here, but I've been playing with the crypto plug-in and here's my observation so far.

When you encrypt with Blowfish (for example) this is merely copying the file to the different location (original file is still there in the user's temp folder, so wouldn't they still be able to get at it??).

So then I figured I would delete the original after encrypting/moving, but this is not working. Even though I have the encryption taking place "before" the delete action, I'm getting "Invalid Source". Here's the code (clipped), this is all on Startup -

Crypto.BlowfishEncrypt("AutoPlay\\Docs\\myfile.exe", _SourceDrive.."\\encrypted.exe", "trustno1withthispassword");

--more stuff here

File.Delete("AutoPlay\\Docs\\myfile.exe", true, false, true, nil);

Is it just happening too fast or is there something else wrong? If I remove the "File.Delete..." action, it works good, but it leaves the original unencrypted file in the docs folder.

Brett
02-23-2004, 09:57 AM
In general with plugins you need to specify the full path to files:

(_SourceFolder.."AutoPlay\\Docs\\myfile.exe", ...

Lorne
02-23-2004, 10:11 AM
Actually:

(_SourceFolder.."\\AutoPlay\\Docs\\myfile.exe", ...

Also, note that if you're distributing files that need to be encrypted, you would normally encrypt them BEFORE you send them to the user. In other words, build a quick AutoPlay app just to encrypt the files, and then copy those encrypted files into your AutoPlay\Docs folder.

The AutoPlay application that you send to your users should normally only be decrypting files. Otherwise, people will be able to read the originals, as you've noted. (You also won't be able to delete the originals if you're distributing your application on a CD.)

rhosk
02-23-2004, 10:18 AM
Hi Brett,

No, that's not the issue really. AOMOF, this maybe should've been posted in the GD section. The encryption works great, but like I said, when I try to delete the source file (no matter where I put the action), it seems to delete the source file (I confirm this by looking in the docs folder, - tis gone) before the encryption occurs. I've tried Application.Sleeps, I've tried performing the encryption in "on startup" actions and deleting the source file on Show, I've tried the encryption on preload and deleting the source file on.Show - none of these works. If I remove the delete function (wherever it's at), the encryption happens nicely, but leaves the source file intact (in the temp folder).

My app is a web download only, not on CD. And I'm trying to keep my app as small a file size as I can. If I make another application to just encrypt the files, we're talking another 2MB.

Late Edit - Shoot Lorne, I get it now (hits head). Just make a quick plugin app that I can use to encrypt these certain files before I even build! OK, but why can't I just delete the source file in a quick encrypt/move action? The end result is pretty cool, because I can decrypt the file, launch my executable, then delete it in a matter of milliseconds. But I still have that issue of trying to delete the original source in the temp directory.

I'm going to take your suggestion and encrypt these files first, thanks!

rhosk
02-23-2004, 11:36 AM
This is what I've been banging my head about all day!

http://www.indigorose.com/forums/showthread.php?s=&threadid=6692

I could not understand why it worked during preview, but not publishing. I need a drink. Thanks for all the help guys.

John-oh
02-23-2004, 01:48 PM
I toyed, briefly, with the idea of knocking up an encypt/decrypt app which would (say) zip a folder into one file, then encypt.

Then I realised I would need to perform a secure delete and overwrite of the original files and started reading about clearing hard disk cache etc.

At this point I gave up.

Maybe a project for a quiet moment, in the meantime (if required) I'll just distribute encypted files and the users will never see the originals.

Unless somebody has a wizzy util for secure deletes ??

Lorne
02-23-2004, 07:52 PM
Originally posted by rhosk
Late Edit - Shoot Lorne, I get it now (hits head). Just make a quick plugin app that I can use to encrypt these certain files before I even build!Yep, now you've got it! :)


OK, but why can't I just delete the source file in a quick encrypt/move action? The end result is pretty cool, because I can decrypt the file, launch my executable, then delete it in a matter of milliseconds. But I still have that issue of trying to delete the original source in the temp directory.It could be that it's just happening too fast. Try adding a delay before deleting the file. (Try 1 second, and if that works, then decrease it to something less noticeable.)

Although from the error you said you were getting, it seems to have to do with the source path not being valid. I'd recommend adding some actions at that point to see whether the file exists at that path.

rhosk
02-24-2004, 04:51 AM
Thanks for enlightening me Lorne. The problem wasn't that it may have been happening too fast at all. It had to do with a hidden attr file that I was trying to "pack" in the comp. exe. build. Brett says it's a known bug and should be fixed. That's why I couldn't understand why I could merely preview and all the actions worked great. Everything works good now. I just un-hid the particular file and put the hidden attribute back on at runtime. Thanks again.

Lorne
02-24-2004, 09:36 AM
Aha! It all makes sense now. Good sleuthing on your part.

Thanks for letting us know what it was. :)