Crypto.BlowfishEncryptString Examples

string Crypto.BlowfishEncryptString (

Example 1

sEncryptedString = Crypto.BlowfishEncryptString(sTextToEncrypt, sSecretKey);

Encrypts the text stored in 'sTextToEncrypt' with the key stored in 'sSecretKey', and stores the result in 'sEncryptedString'.

Example 2

-- Initialize Registration/Access variables

bRegistrationRequired = true;

bAllowAccess = false;

-- Initialize registry action variables

nMainKey = HKEY_CURRENT_USER;

sSubKey = "SOFTWARE\\Your_Product\\Registration";

sUserNameValue = "UserName";

sSerialValue = "Serial";

sMD5CheckValue = "CheckKey";

sRegisterKeyValue = "RegKey";

bAutoExpand = true;

-- if the user's registration info was stored in the Windows Registry

-- (in the form of blowfish-encrypted strings), decrypt it

if Registry.DoesKeyExist(nMainKey, sSubKey) then

-- Key exists, pull values from registry

sUserName = Registry.GetValue(nMainKey, sSubKey, sUserNameValue, bAutoExpand);

sSerial = Registry.GetValue(nMainKey, sSubKey, sSerialValue, bAutoExpand);

sMD5Check = Registry.GetValue(nMainKey, sSubKey, sMD5CheckValue, bAutoExpand);

sRegisterKey = Registry.GetValue(nMainKey, sSubKey, sRegisterKeyValue, bAutoExpand);

if (sUserName ~= "") and (sSerial ~= "") and (sMD5Check) and (sRegisterKey ~= "") then

-- All four values are present, perform check

sUserNameDecrypted = Crypto.BlowfishDecryptString(sUserName, sRegisterKey);

sSerialDecrypted = Crypto.BlowfishDecryptString(sSerial, sRegisterKey);

if (Crypto.MD5DigestFromString(sUserNameDecrypted) .. Crypto.MD5DigestFromString(sSerialDecrypted)) == sMD5Check then

-- MD5 check passed, we don't need to register

bRegistrationRequired = false;

-- allow access

bAccessAllowed = true;

end

if bRegistrationRequired then

-- Registration is required

sUserName = Dialog.Input("UserName", "Please enter your username:");

if sUserName ~= "CANCEL" and sUserName ~= "" then

-- User didn't press cancel, get serial

sSerial = Dialog.Input("UserName", "Please enter your serial number:");

if sSerial ~= "CANCEL" and sSerial ~= "" then

-- user didn't press cancel, continue.

-- get install date time in format JULIANsecondsMINUTEShours

sInstallDateTime = System.GetDate(DATE_FMT_JULIAN) .. System.GetTime(TIME_FMT_SEC) ..System.GetTime(TIME_FMT_MIN) .. System.GetTime(TIME_FMT_HOUR);

-- Generate HTTP Submit variables

sURL = "http://www.yourdomain.com/register_app.php"

tSubmitTable = {user = sUserName, serial = sSerial, installed = sInstallDateTime};

nMethod = SUBMITWEB_POST;

nTimeout = 20;

nPort = 80;

tAuth = nil;

tProxy = nil;

-- Submit to web (structure of returned string: UserNameMD5SerialMD5::Key)

sReturnedData = HTTP.Submit(sURL, tSubmitTable, nMethod, nTimeout, nPort, tAuthData, tProxyData);

if sReturnedData == "-1" or sReturnedData == "" then

-- An error occured, deny access

bAccessAllowed = false;

else

-- No error occured, cut apart string

nDelimiterPosition = String.Find(sReturnedData, "::", 1, false);

-- Get everything before the ::

sMD5Check = String.Mid(sReturnedData, 1, nDelimiterPosition - 1);

-- Get everything after the ::

sKey = String.Mid(sReturnedData, nDelimiterPosition + 2, -1);

-- Assign the registry values

Registry.SetValue(nMainKey, sSubKey, sUserNameValue, Crypto.BlowfishEncryptString(sUserName, sKey), REG_SZ);

Registry.SetValue(nMainKey, sSubKey, sSerialValue, Crypto.BlowfishEncryptString(sSerial, sKey), REG_SZ);

Registry.SetValue(nMainKey, sSubKey, sMD5CheckValue, sMD5Check, REG_SZ);

Registry.SetValue(nMainKey, sSubKey, sRegisterKeyValue, sKey, REG_SZ);

-- set register variable to false (so the user isn't prompted to enter info again)

bRegistrationRequired = false;

-- display thank-you message

Dialog.Message("SUCCESS!", "Thank-you for registering. Enjoy the product!");

-- allow access

bAccessAllowed = true;

end

else

-- Cancel was pressed, deny access

bAccessAllowed = false;

end

else

-- Cancel was pressed, deny access

bAccessAllowed = false;

end

if not bAccessAllowed then

Dialog.Message("ERROR", "Invalid registration information provided.", MB_OK, MB_ICONSTOP);

Application.ExitScript();

end

Reads information from the registry and decrypts it. If the information does not exist, the above script will interact with a web-based php script (http://www.yourdomain.com/register_app.php) to verify a serial number. For this example, the following php script will function:

// Check for post data

if ($_POST)

{

// Initialize user array in format "Username"=>"Serial"

$user_array = array(

"John Doe"=>"abc-def-ghi",

"Jane Smith"=>"123-456-789"

);

// Get info from post variables

$user = $_POST['user'];

$serial = $_POST['serial'];

$installed = $_POST['installed'];

// Step through the user array

foreach($user_array as $username=>$serialnumber)

{

// Compare current item to the posted information

if(($user==$username) AND ($serial==$serialnumber))

{

// The current user matched, return info and exit

echo md5($user).md5($serial).'::'.$installed;

exit;

}

// If this script makes it this far, nothing matched, return error code

echo -1;

}

else

{

// no post data was sent, return error code

echo -1;

}

Note: The above php script must be hosted on a PHP-enabled web host, and be called from your application using either an HTTP.Submit or an HTTP.SubmitSecure action.