Iam working in powerbuilder and i made two functions the first function called of_enc() for encrypt a string and the second function called of_dec() for decrypt, i encrypet a value in inifile by using the encryption function, the value is encrypted succssfully by using SetProfileString (ls_inifile, "Database", "DBPass", of_enc("password"))
now after that i need to decrypt the value in another window by usingof_dec() but i can't access the ecrypted value in the inifile . any idea on how to implement that?
password = ProfileString(ls_inifile, "Database", "DBPass", "")
password = of_enc(password)
*** Note that this function can only return a string which has a maximum length of 4096 characters.
i think i found what i am looking for . this statement is accessing the stored value in the inifile and working fine with the decryption function:
of_dec(ProfileString(ls_inifile, "Database", "DBPass",""))
Related
I have some data that I need to encrypt and I'd like to use the aes_encrypt function built into Databricks. However, I'm unable to successfully encrypt and then get back the original text using the aes_encrypt() and aes_decrypt() functions build into Databricks.
An example is given below.
What do I need to do to get back the original text?
Query:
select
'test' as original_text,
aes_encrypt('test','foobarfoobarfoobarfoobar') as encrypted,
aes_decrypt(aes_encrypt('test','foobarfoobarfoobarfoobar'), 'foobarfoobarfoobarfoobar') as decrypted
Output:
original_text encrypted decrypted
test shj898e14ahsu3yNcuNiI+iaVy4ajc5NBnReC08GjIA= dGVzdA==
This post was helpful:
https://docs.databricks.com/sql/language-manual/functions/aes_decrypt.html
Which leads to this solution:
-- this works
select
'test' as original_text,
base64(aes_encrypt('test','foobarfoobarfoobarfoobar')) as encrypted,
cast(aes_decrypt(unbase64(base64(aes_encrypt('test','foobarfoobarfoobarfoobar'))), 'foobarfoobarfoobarfoobar') as string) as decrypted;
I am using classic asp to upgrade to SagePay 3.00.
When receiving the crypt response back from SagePay, I am successfully decrypting that and displaying the long string on the screen.
What I need to do is separate the pairs so I can use that information, such as VendorTxCode.
I have successfully used rijndael.asp and includes.asp to Encrypt, send the information to SagePay and decrypt.
How can I perform what I think is the final task by listing the values separately from the string?
I have encrypted and decrypted with these two functions :
public function EncryptAndEncode(strIn)
'** AES encryption, CBC blocking with PKCS5 padding then HEX encoding - DEFAULT **
EncryptAndEncode="#" & AESEncrypt(strIn,strEncryptionPassword)
end function
** Wrapper function do decode then decrypt based on header of the encrypted field **
public function DecodeAndDecrypt(strIn)
DecodeAndDecrypt=AESDecrypt(mid(strIn,2),strEncryptionPassword)
end function
Thanks.
Something like this should work:
dim decryptedString, values, value
decryptedString = "value1,value2,value3"
values = Split("decryptedString", ",")
for each value in values
Response.Write(value & "<br />")
next
Depending on the delimiter a regular expression might be required.
Thank you for your response and help.
This is what I have now :
transinfo = Request.QueryString("Crypt")
decryptthis = DecodeAndDecrypt(transinfo)
Which successfully receives the string, the decrypts it. I am still unsure how to take the individual values out with your code.
I specifically need to take the VendorTxCode & related value out of the string.
when I output decryptthis to the screen, I see it, but I need to take it out of the string so I can use it.
I need a piece of code that defines functions which can encrypt and decrypt a piece of string. What I basically want is that the string should not be visible to third-party users, so that when the string originates in one file, it is converted to, say, an integer value using the encrypt function and then it is passed as parameter to another file. There the decrpyt function then decrypts it back and uses the string to perform actions on it.
Any suggestions or already available codes will be just fine!
Please help me out. Thanks!
Install tcllib. There are several standard encryption algorithms implemented in tcllib.
The following encryption algorithms are available:
blowfish: http://tcllib.sourceforge.net/doc/blowfish.html
aes: http://tcllib.sourceforge.net/doc/aes.html
des (including triple des): http://tcllib.sourceforge.net/doc/des.html
rc4: http://tcllib.sourceforge.net/doc/rc4.html
The des package in Tcllib should do what you want. It's pretty easy to use:
package require des
set key "12345678"; # Must be 8 bytes long
set msg "abcde"
##### ENCRYPTION
set encryptedMsg [DES::des -dir encrypt -key $key $msg]
# $encryptedMsg is a bunch of bytes; you'll want to send this around...
##### DECRYPTION
set decryptedMsg [DES::des -dir decrypt -key $key $encryptedMsg]
puts "I got '$decryptedMsg'"
Note that DES will pad the message out to a multiple of 8 bytes long.
Please visit the TCL/TK homepage e.g
here:http://wiki.tcl.tk/900
That's just one way of doing it. There will be much more, I'm sure.
There are some encrypt method that allow I encrypt a string data with a specific unique encode key (write key) and decode it to an another specific decode key (read key)?
For instance: supposing that we have the string Hello World. So we have two keys, one for encoding (like John) and another to decoding (like Doe). So we create an encoded version of string like:
Note: not limited to PHP, it just an easy example for me...
$string = "Hello World";
$encoded = encode($string, "John", "Doe");
//#function encode(string data, string write_key, string read_key);
//#return string "abcdef123456" -- supposing that it is the encoded string!
Now we have the new encoded string of Hello World data as abcdef123456. Now if we try to read this string with the write key we don't will get the original version, but a strange version or just an error like invalid read key.
$decoded = decode($encoded, "John");
//#function decode(string data, string read_key);
//#return false -- invalid read key! or just a strange result data
$decoded = decode($encoded, "Doe");
//#return string "Hello World"
Note: I just need to know if there are some encrypt project like that, but if you know a library, it's ok too. I need it to my project. I know that is possible hash with a key, but the original result never can back. And I know too read-write key encodings, but it doesn't is really what I need.
You are talking about Public key cryptography.
To suggest a library you should specify the language you will be using in your project.
I have a very simple (rather stupid) question, I hope someone can clear my mind on this :)
I want to send an email to my site user once he clicks a button. This email will contain a link with the userID of a user in the link URL (as query param of a link).
Once the user clicks this email link, my server side code will parse and decrypt the userID query string key to get the user ID and perform some action on it.
I cannot use base64 encoding as it can be reversed and 'hackers' can get to know the real userID. I have to encrypt the ID but when I am using AES alogrithms for encryption, the encrypted text is not "understandable" by the browser, ie I cannot pass the encrypted userId text as a part of the URL because it contains un-encoded characters like "/" which the browser cannot by pass. One option I can think of is to base64 encode the encrypted text once I send it across via URL. Then I can bease64 decode and decyrpt it.
Is this approach better than using Uri.EscapeDataString() on the encyrpted text?
You should continue to base64 encode the AES data, as at that point it is likely binary rather than a string that can be escaped. You should also check that you are using url safe base64 encoding.
Use a one-way hash like SHA1 or MD5, and use JavaScript to send the values as encrypted. Then, if a hacker intercepts the request, they would only have the hashes and not the actual values. They could still send the hashes to login, though; one solution is to include a JavaScript parameter (generated via your server-side language) based on IP (but not possible for a hacker to find the formula for), and use it to salt the username and password hashes.
Then on server-side you would do (in PHP, in this case):
$ipHash = sha1("random" . $_SERVER['REMOTE_ADDR'] . "salt_here10381") // place this as a hidden element in the form and use it in the JavaScript to calculate the hash
$userHash = $_POST['userHash'];
$passwordHash = $_POST['passwordHash']
// TODO: Escape $ipHash, $userHash, $passwordHash
$results = mysqli->query("SELECT * FROM `users` WHERE SHA1(CONCAT('" . $ipHash . "', `user`)) ='$userHash' AND SHA1(CONCAT('" . $ipHash . "', `password`)) = " '$passwordHash'");
Then, if a hacker wanted to login with the hash and username they found, they would need the same IP of the user originally logging in whose credentials were intercepted.
Note that this assumes you have passwords stored in your database as plain-text, which you should never do.
For hashing with SHA1, on client-side, take a look at this.
To answer your specific question (I see I got a bit off topic, oops,) it would be acceptable to base64encode the hashes when you send them to the server. If possible, try to send it as POST data and save it in a cookie or session variable.
I think of a simple solution you try to generate a random number(make it as a key) and for the encryption use some simple technique of yourself like XOR 'ing the ASCII value of the characters in the user name with the key that you have generated .so the long random key results in a greater result.
When creating the email you need to encrypt the user ID, then base64 encode it, then URL encode it. Put this as the userID param in the link.
When decrypting the email you do the same in reverse; get the userID param, URL decode it, base64 decode it then decrypt it.
Remember to use a different intitialisation vector every time you encode a user ID. You will need to put the initialisation vector in the emailed link as a URL parameter too in order to decrypt it.