PDA

View Full Version : Ben Weijers' crypt.pkg for 2021



Oscar
19-Nov-2020, 03:47 PM
Hi,

Has anyone updated the crypt.pkg to work with the new 2021 (BTW, thank you for the name change... I had enough of 2020)

I was able to get it working but when I decrypt data encrypted with the original one it does not give me the original data.

I attached the modified file.

Regards,
Oscar

DaveR
19-Nov-2020, 06:23 PM
Hi,

Has anyone updated the crypt.pkg to work with the new 2021 (BTW, thank you for the name change... I had enough of 2020)

I was able to get it working but when I decrypt data encrypted with the original one it does not give me the original data.

I attached the modified file.

Regards,
Oscar

Here is what we use, courtesy of Wempy. Decodes tings encrypted with crypt but we only use it for a few use cases so a test in your environment would be appropriate. Enjoy.:cool:
14117

Harm Wibier
20-Nov-2020, 02:14 AM
Note that a version of this package is also in the pkg folder, by the name of cCryptographer.pkg. While we never documented it as part of the public API's, it is being maintained, as it is used by some of our other packages. It has had some adjustments for DataFlex 20 and we created a cCryptographerEx that uses UChar arrays for the potentially binary data.

When using cryptography in 20 there are a few things to consider:
- DataFlex 20 uses UTF-8 for its encoding of strings. When encoding strings, that need to be read in older versions of DataFlex, either convert them to OEM before encoding or after decrypting in older revs.
- Since strings are now UTF-8 we recommend against putting binary (non string) data in strings. The debugger and string functions will try to interpret it as UTF-8 so it is hard to work with. We recommend to use UChar arrays for this (which is why we created cCryptographerEx).

danwalsh46
20-Nov-2020, 12:32 PM
I happened on to this same issue yesterday. The following is from the 19.1 help and is the method I'm using to encrypt/decrypt user passwords. Can we safely assume the cCryptographerEx.pkg package will not be going away?

https://docs.dataaccess.com/dataflexhelp/mergedProjects/VDFClassRef/cWebAppUserDataDictionary.htm

There was a pretty slick user password library demonstrated at the EDUC back in the spring. Might we be seeing this in the examples any time soon?

Marco
20-Nov-2020, 05:57 PM
Hi Dan

I think you mean the security library. I’m use it it in one of my new projects and it works great. But you will need to watch the video with your finger close to the pause button to implement it properly.
So I would not be surprised if it will stay a video + library.

danwalsh46
21-Nov-2020, 12:24 PM
Marco,

I don't know if you attended EDUC, but my understanding at the time was that this new library was a step beyond the current library and that we could expect to see it in the near future. I in particular remember an extended file structure and a forgotten password mechanism that emailed a temporary password to the user. Does this sound like the library you're currently using?

Richard Hogg
21-Nov-2020, 04:09 PM
Hi Dan,
I think Marco might be talking about this one https://support.dataaccess.com/Forums/forumdisplay.php?68-DataFlex-Security-Library which I don't think has password reset etc. If there is one available that has all the what could now be called "standard" functions in a web based system, like password reset etc that is great.
Cheers
Richard

Oscar
24-Nov-2020, 07:15 PM
Note that a version of this package is also in the pkg folder, by the name of cCryptographer.pkg. While we never documented it as part of the public API's, it is being maintained, as it is used by some of our other packages. It has had some adjustments for DataFlex 20 and we created a cCryptographerEx that uses UChar arrays for the potentially binary data.

When using cryptography in 20 there are a few things to consider:
- DataFlex 20 uses UTF-8 for its encoding of strings. When encoding strings, that need to be read in older versions of DataFlex, either convert them to OEM before encoding or after decrypting in older revs.
- Since strings are now UTF-8 we recommend against putting binary (non string) data in strings. The debugger and string functions will try to interpret it as UTF-8 so it is hard to work with. We recommend to use UChar arrays for this (which is why we created cCryptographerEx).


Hi Harm,

I changed the code to use cCryptographer.pkg and they both (crypt.pkg and Cryptographer.pkg) behave the same way. When encrypting data they encrypt different in 19.1 and in 20.0... but the decrypt actually does work exactly the same on both versions.
I have try using encrypt by sending the strings as tooem() and toansi() and they both return exactly the same encrypted text as if I omit the conversion... I guess I am not sure when to convert the strings. What I noticed is that the text returned by the CryptEncrypt external function is what is different when encrypting... otherwise everything works exactly the same in both versions. Also is to notice is that this happens only when the key used is small (i.e. 5 characters)

Thank you for looking into this.
Oscar

Oscar
24-Nov-2020, 07:24 PM
Hi Dave,

Thank you for the file... I tested it and I get the same results as with the one I supplied.

Thank you,
Oscar

Harm Wibier
25-Nov-2020, 02:26 AM
Hi Harm,

I changed the code to use cCryptographer.pkg and they both (crypt.pkg and Cryptographer.pkg) behave the same way. When encrypting data they encrypt different in 19.1 and in 20.0... but the decrypt actually does work exactly the same on both versions.
I have try using encrypt by sending the strings as tooem() and toansi() and they both return exactly the same encrypted text as if I omit the conversion... I guess I am not sure when to convert the strings. What I noticed is that the text returned by the CryptEncrypt external function is what is different when encrypting... otherwise everything works exactly the same in both versions. Also is to notice is that this happens only when the key used is small (i.e. 5 characters)

Thank you for looking into this.
Oscar

Hi Oscar,

Note that it is possible that the results are the same but they just look different. That can happen because the debugger now tries to interpret it as UTF-8, so if there are bytes above 128 it will look funky. Which is why using UChar arrays is better, then you can compare the bytes as numbers to see if the data is the same.

If you can post a small example to look at I am happy to give it test run..

DaveR
25-Nov-2020, 06:16 AM
Hi Oscar,

Note that it is possible that the results are the same but they just look different. That can happen because the debugger now tries to interpret it as UTF-8, so if there are bytes above 128 it will look funky. Which is why using UChar arrays is better, then you can compare the bytes as numbers to see if the data is the same.

If you can post a small example to look at I am happy to give it test run..

it's a year ago now, but IIRC we did our own variation on cCryptographer because as supplied it decrypted stuff that had been encrypted with crypt but produced different results. As these were financial data it mattered.:)