Encrypting and decrypting files from internet

[Joakim Christiansen]

Well, let's say I want to encrypt the channel list for my Internet TV program so other people can't access it, how should I do this? (and do you recommend it)
I need something in PHP that can encrypt the strings and then I need something in PB that decrypts them. But PB lacks this kind of stuff, so I'm asking here if anybody knows about some stuff I could use? Hopefully a method that doesn't "hog" my server each time someone download the list. Each line will be encrypted, but not the whole file.

[..::Origin::..]

[5 cents]
In my opinnion, RC4.

MD5 where you can.

[/5 cents]

[Num3]

Maybe a simple Xor with password for salting it...

Password is only on the PHP script and inside the executable...

Not very sofisticated but it will work simple and quick!

[codemaniac]

Well, let's say I want to encrypt the channel list for my Internet TV program so other people can't access it, how should I do this? (and do you recommend it)
I need something in PHP that can encrypt the strings and then I need something in PB that decrypts them. But PB lacks this kind of stuff, so I'm asking here if anybody knows about some stuff I could use? Hopefully a method that doesn't "hog" my server each time someone download the list. Each line will be encrypted, but not the whole file.

My friend had made a similar program, but which had the data in a password-protected archive. And when the user opens his program, the program silently unpacks the archive to memory and reads the data into his application.

Or how about simply make an SQL database where you put your channels and then read the SQL db through your program? Flype had made a great MySQL lib for PB: http://www.purebasic.fr/english/viewtopic.php?t=21862

[Joakim Christiansen]

Or how about simply make an SQL database where you put your channels and then read the SQL db through your program? Flype had made a great MySQL lib for PB: http://www.purebasic.fr/english/viewtopic.php?t=21862

It's in a MySQL database on my internet server, would it be safe reading directly from it with my program? Wouldn't it be possible for a geek to get the server user name and password then? If that was what you meant...

[Joakim Christiansen]

Maybe a simple Xor with password for salting it...

Password is only on the PHP script and inside the executable...

Not very sofisticated but it will work simple and quick!

I think that could work, but the thing is... I'm not good at a simple "Xor with password for salting". I hope there is some stuff I could find and not inventing stuff myself.

And the one who mentioned RC4, anyone know how to use it with PB?

[JCV]

Wouldn't it be possible for a geek to get the server user name and password then? If that was what you meant...

username & password are inside the exe right? It is easy to get even if you encrypt the username since its easy to find the mysql connect function.

The easy/better way:
Just upload an encrypted package in your server and your program will download and decrypt it on runtime.

hmm or if you want to use your mysql
Create a user account in mysql and set all to read-only privilege & all data must be encrypted. Even if users got the user & pass, they can only read and cannot modify the encrypted data. But you need to set your host to accept sql connection on all ip which isn't good. I prefer the first one.

[gnozal]

And the one who mentioned RC4, anyone know how to use it with PB?

PB code : many examples on the forums, like http://www.purebasic.fr/german/viewtopic.php?p=131357
PB LIB : http://www.reelmedia.org/cgi-bin/PurePr ... s&sub=ASM4

[Kukulkan]

Hi Joakim,

I suggest you to use AES algorithm. You can use the diCryptoSys API library (http://www.cryptosys.net/) inside your client application to decrypt. On PHP side, I would create a senderlist.php file which reacts on URL encoded questions:

http://yourdomain/senderlist.php?action ... arameter=2...

The result may be encrypted using PHP aes_encrypt() function (part of PHP MCRYPT extension).

So far, you may use HTTPS connections, too.

Kukulkan

[kake26]

Here is a little gem I wrote that allows me to use Mcrypt in Lunux. I'm posting it here in hopes it helps. Its not perfect, but the example should be able to be moded to use the cipher and mode of choice.

Code: Select all

OpenLibrary(255,"/usr/local/lib/libmcrypt.so")

; This code was translated from mcrypt.h
; Completed 10:01 PM 3/17/05, test shows it works
; functions

*mc_open = IsFunction(255, "mcrypt_module_open")
*mc_close = IsFunction(255, "mcrypt_module_close")
*mc_init = IsFunction(255, "mcrypt_generic_init")
*mc_deinit = IsFunction(255, "mcrypt_generic_deinit")
*mcg_end = IsFunction(255, "mcrypt_generic_end")
*mc_decrypt = IsFunction(255, "mdecrypt_generic")
*mc_generic = IsFunction(255, "mcrypt_generic")
*mc_perror = IsFunction(255, "mcrypt_perror")
*mc_ivsize = IsFunction(255, "mcrypt_enc_get_iv_size")
*mc_ksize = IsFunction(255, "mcrypt_enc_get_key_size")

 Structure MCRYPT
    *algorithm.s
    *a_directory.s 
    *mode.s
    *m_directory.s
     
  EndStructure
  
Dim td.MCRYPT(4)

; algorythems and mode defs

; Algorithms
#MCRYPT_BLOWFISH	=	"blowfish"
#MCRYPT_DES 	=	"des"
#MCRYPT_3DES 	=	"tripledes"
#MCRYPT_3WAY 	=	"threeway"
#MCRYPT_GOST 	=	"gost"
#MCRYPT_SAFER_SK64 =	"safer-sk64"
#MCRYPT_SAFER_SK128 =	"safer-sk128"
#MCRYPT_CAST_128 =	"cast-128"
#MCRYPT_XTEA 	=	"xtea"
#MCRYPT_RC2	 =	"rc2"
#MCRYPT_TWOFISH 	=	"twofish"
#MCRYPT_CAST_256 =	"cast-256"
#MCRYPT_SAFERPLUS =	"saferplus"
#MCRYPT_LOKI97 	=	"loki97"
#MCRYPT_SERPENT 	=	"serpent"
#MCRYPT_RIJNDAEL_128 =	"rijndael-128"
#MCRYPT_RIJNDAEL_192 =	"rijndael-192"
#MCRYPT_RIJNDAEL_256 =	"rijndael-256"
#MCRYPT_ENIGMA 	=	"enigma"
#MCRYPT_ARCFOUR	 =	"arcfour"
#MCRYPT_WAKE	=	"wake"

; Modes
#MCRYPT_CBC	=	"cbc"
#MCRYPT_ECB	=	"ecb"
#MCRYPT_CFB	=	"cfb"
#MCRYPT_OFB	=	"ofb"
#MCRYPT_nOFB	=	"nofb"
#MCRYPT_STREAM	=	"stream"

; Test code
; Encrypt first, note dat should be the same as it started in the end

td = CallFunctionFast(*mc_open,#MCRYPT_BLOWFISH,@"",#MCRYPT_CBC,@"")
ivs.l = CallFunctionFast(*mc_ivsize,td)
PrintN(Str(ivs))
ks.l = CallFunctionFast(*mc_ksize,td)
PrintN(Str(ks))
*Buffer = AllocateMemory(6)
PokeS(*Buffer, "kha123")
key.s = MD5Fingerprint(*Buffer,6)
PrintN(key)
result = CallFunctionFast(*mc_init,td,@key,32,@"12345678")
PrintN(Str(result))
CallFunctionFast(*mc_perror,result)
dat.s = "Hi there world!Hi there world!Hi there world!Hi there world!"
PrintN(dat)
result = CallFunctionFast(*mc_generic,td,@dat,60)
PrintN(dat)
CallFunctionFast(*mc_deinit,td)
CallFunctionFast(*mc_close,td)
FreeMemory(*Buffer)

; Decrypt

td = CallFunctionFast(*mc_open,#MCRYPT_BLOWFISH,@"",#MCRYPT_CBC,@"")
CallFunctionFast(*mc_perror,result)
ivs.l = CallFunctionFast(*mc_ivsize,td)
PrintN(Str(ivs))
ks.l = CallFunctionFast(*mc_ksize,td)
PrintN(Str(ks))
*Buffer = AllocateMemory(6)
PokeS(*Buffer, "kha123")
key.s = MD5Fingerprint(*Buffer,6)
PrintN(key)
result = CallFunctionFast(*mc_init,td,@key,32,@"12345678")
PrintN(Str(result))
CallFunctionFast(*mc_perror,result)
CallFunctionFast(*mc_decrypt,td,@dat,Len(dat))
PrintN(dat)
CallFunctionFast(*mc_deinit,td)
CallFunctionFast(*mc_close,td)
FreeMemory(*Buffer)

[pdwyer]

I guess if you're bothering with encryption then authentication is an issue. Will users have a pwd to send to you that you can check in some sort of challenge/response way or will it be some kind of negotiation handshake?

Generally decrypting needs some key, a mistake to avoid is to have the key hardcoded and hidden in the client app because once it's know you have to change all the clients to fix it.

If clients have a pwd then it can be used to encrypt in the server side but if not then you need some sort of negotiation.

For encyption, I guess that conventional SSL is out? not sure if PB has any libs but I think there are APIs to do this. Then the PHP side needs not code and the web server can handle that part you just need to get the client working.

Other than that, just make sure the algorithm you choose streams well XOR can be fine you just need a very large key and try not to repeat it, encryption grade random number generators are good for this, the key is the seed and then XOR to a random stream. As close to the unbreakable OTP as you can get (depending on the random numbers) and very fast.

There was a Euler project question on cracking XOR with a three letter pwd with brute force. XOR can be good but it's only as good as the key.

OTP info is here http://en.wikipedia.org/wiki/One-time_pad and is the only thing that provides "Perfect Encryption" known to mankind as far as I'm aware! (but won't be perfect if you use a number generator)

[KingNips]

Use AES. It's not that hard to roll your own AES algorithm.

I've got some source code around here somewhere... (in C# tho)...

AES is fast because it is a symmetric block cipher. You can use a asymmetric algorithm to encipher the symmetric key to set up a session... something like RSA or some other public key algorithm.

King Nips
________
Only Aussie in Marrickville

[pdwyer]

KingNips in Marrickville?

hmmmmm