Crypto.BlowfishDecryptString Examples

string Crypto.BlowfishDecryptString (

Example 1

Decrypts the string 'sEncryptedString' using the key stored in 'sKey' and stores the decrypted string in the variable 'sDecryptedString'.

Example 2

-- Initialize Registration/Access variables
bRegistrationRequired = true;
bAllowAccess = false;

-- Initialize registry action variables
nMainKey = HKEY_CURRENT_USER;
sSubKey = "SOFTWARE\\Your_Product\\Registration";
sUserNameValue = "UserName";
sSerialValue = "Serial";
sMD5CheckValue = "CheckKey";
sRegisterKeyValue = "RegKey";
bAutoExpand = true;

-- if the user's registration info was stored in the Windows Registry
-- (in the form of blowfish-encrypted strings), decrypt it
if Registry.DoesKeyExist(nMainKey, sSubKey) then
    -- Key exists, pull values from registry
    sUserName = Registry.GetValue(nMainKey, sSubKey, sUserNameValue, bAutoExpand);
    sSerial = Registry.GetValue(nMainKey, sSubKey, sSerialValue, bAutoExpand);
    sMD5Check = Registry.GetValue(nMainKey, sSubKey, sMD5CheckValue, bAutoExpand);
    sRegisterKey = Registry.GetValue(nMainKey, sSubKey, sRegisterKeyValue, bAutoExpand);

        if (sUserName ~= "") and (sSerial ~= "") and (sMD5Check) and (sRegisterKey ~= "") then
        -- All four values are present, perform check
        sUserNameDecrypted = Crypto.BlowfishDecryptString(sUserName, sRegisterKey);
        sSerialDecrypted = Crypto.BlowfishDecryptString(sSerial, sRegisterKey);

        if (Crypto.MD5DigestFromString(sUserNameDecrypted) .. Crypto.MD5DigestFromString(sSerialDecrypted)) == sMD5Check then
            -- MD5 check passed, we don't need to register
            bRegistrationRequired = false;
            -- allow access
            bAccessAllowed = true;
        end
    end
end

if bRegistrationRequired then
-- Registration is required
sUserName = Dialog.Input("UserName", "Please enter your username:");
    if sUserName ~= "CANCEL" and sUserName ~= "" then
    -- User didn't press cancel, get serial
    sSerial = Dialog.Input("UserName", "Please enter your serial number:");

        if sSerial ~= "CANCEL" and sSerial ~= "" then
        -- user didn't press cancel, continue.

            -- get install date time in format JULIANsecondsMINUTEShours
            sInstallDateTime = System.GetDate(DATE_FMT_JULIAN) .. System.GetTime(TIME_FMT_SEC) ..System.GetTime(TIME_FMT_MIN) .. System.GetTime(TIME_FMT_HOUR);

            -- Generate HTTP Submit variables
            sURL = "http://www.yourdomain.com/register_app.php"
            tSubmitTable = {user = sUserName, serial = sSerial, installed = sInstallDateTime};
            nMethod = SUBMITWEB_POST;
            nTimeout = 20;
            nPort = 80;
            tAuth = nil;
            tProxy = nil;

            -- Submit to web (structure of returned string: UserNameMD5SerialMD5::Key)
            sReturnedData = HTTP.Submit(sURL, tSubmitTable, nMethod, nTimeout, nPort, tAuthData, tProxyData);

            if sReturnedData == "-1" or sReturnedData == "" then
                -- An error occured, deny access
                bAccessAllowed = false;
            else
                -- No error occured, cut apart string
                nDelimiterPosition = String.Find(sReturnedData, "::", 1, false);
                -- Get everything before the ::
                sMD5Check = String.Mid(sReturnedData, 1, nDelimiterPosition - 1);

                -- Get everything after the ::
                sKey = String.Mid(sReturnedData, nDelimiterPosition + 2, -1);

                -- Assign the registry values
                Registry.SetValue(nMainKey, sSubKey, sUserNameValue, Crypto.BlowfishEncryptString(sUserName, sKey), REG_SZ);
                Registry.SetValue(nMainKey, sSubKey, sSerialValue, Crypto.BlowfishEncryptString(sSerial, sKey), REG_SZ);
                Registry.SetValue(nMainKey, sSubKey, sMD5CheckValue, sMD5Check, REG_SZ);
                Registry.SetValue(nMainKey, sSubKey, sRegisterKeyValue, sKey, REG_SZ);

                -- set register variable to false (so the user isn't prompted to enter info again)
                bRegistrationRequired = false;
                -- display thank-you message
                Dialog.Message("SUCCESS!", "Thank-you for registering. Enjoy the product!");

                -- allow access
                bAccessAllowed = true;
            end
        else
            -- Cancel was pressed, deny access
            bAccessAllowed = false;
        end
    else
        -- Cancel was pressed, deny access
        bAccessAllowed = false;
    end
end

if not bAccessAllowed then
    Dialog.Message("ERROR", "Invalid registration information provided.", MB_OK, MB_ICONSTOP);
    Application.Exit();
end

Reads information from the registry and decrypts it. If the information does not exist, the above script will interact with a web-based php script (http://www.yourdomain.com/register_app.php) to verify a serial number. For this example, the following php script will function:

<?
// Check for post data
if ($_POST)
{
    // Initialize user array in format "Username"=>"Serial"
    $user_array = array(
        "John Doe"=>"abc-def-ghi",
        "Jane Smith"=>"123-456-789"
    );

    // Get info from post variables
    $user = $_POST['user'];
    $serial = $_POST['serial'];
    $installed = $_POST['installed'];

    // Step through the user array
    foreach($user_array as $username=>$serialnumber)
    {
        // Compare current item to the posted information
        if(($user==$username) AND ($serial==$serialnumber))
        {
            // The current user matched, return info and exit
            echo md5($user).md5($serial).'::'.$installed;
            exit;
        }
    }

    // If this script makes it this far, nothing matched, return error code
    echo -1;
}
else
{
    // no post data was sent, return error code
    echo -1;
}
?>

Note: The above php script must be hosted on a PHP-enabled web host, and be called from your application using either an HTTP.Submit or an HTTP.SubmitSecure action.