Data encryption and decryption. 1

[nitinmca]

hi,

i m working in a concern where data security is on top priority. I m using FoxPro 2.6 for Dos. Can anyone of my dear friend can help me to enrypt and decrypt my dbf files so that no one can view it except me.

As all of you knows DBF files can easily be opened and manipulated.

Waiting for earlies reposnse.

Thanks,

Nitin Gupta
System Manager.

 

[dgrewe]

1. FoxPro has a Data encryption program built into it.
(Consult your FoxPro Manual)

2. There were 3rd party data encryption programs for DOS.

http://www.hallogram.com/foxpro

3. If you want to just encrypt a few fields in a table.

http://www.internationalbid.net/home/dave/code_html/codein.html

http://www.internationalbid.net/home/dave/code_html/codeout.html

David W. Grewe
Dave@internationalbid.com

 

[JRB-Bldr]

Just some additional suggestions from a non-expert in encryption, but someone who has had to previously incorporate it.

It may be obvious to many of us, but not to everyone - keep in mind that your table field names can also be a "give-away" to someone looking to break your encryption.

If the field name is relatively self-explanatory (example: "Username", "Password&quot , the hacker need only concentrate on breaking the encryption for one field's data and need not spend time on the others.

Another idea is to "float" the valid encrypted data within a field which is larger than needed and surround it with random dummy pieces of data while knowing how and where to extract it. Possibly using one table for encrypted data and another separate table containing encryption/extraction keys (rules).

Also don't forget that your code can be hacked (e.g. ReFox) also to find out about your encryption methodology.

Good Luck,
JRB-Bldr
VisionQuest Consulting
Business Analyst & CIO Consulting Services
CIOServices@yahoo.com

 

[advancepack]

Hi jrbbldr ,

Above you typed, "Also don't forget that your code can be hacked (e.g. ReFox) also to find out about your encryption methodology. "

you mean to say if I developed myapp.exe, refox can convert to myapp.prg

 

[rgbean]

Yes - ReFox can decompile a FoxPro .EXE or .APP back into it's component parts UNLESS it's been branded by ReFox! Of course there are other products that claim to be asble to even decompile these "protected" files. Bottom line, don't worry about protecting your code, simply provide customer service and updates, so that users of "hacked" copies will miss out on the critical aspect of your product.

Rick

 

[StewartJ]

Xitech supply ReFox and also an on-the-fly encryption/decryption product called Cryptor. Give them a call - they are very helpful.

 

[Scott24x7]

Nitinmca,

Here is a routine that you can customize, by changing the substitution table (the value known as lcCode in the code below). It contains all character values from 1 to 254. If you re-arrange their order, you'll have a unique encryption scheme that is very useful, and fairly clever. It will keep 99% or better of your even fairly strong hacks out of your data. (And, I wrote it, so it's free, which makes it nice too... free, free is good...)

The syntax is:

lcReturnValue = ENCRYPT(DATABASE.FIELD,'E')
Or, to change all the values to encrypted initiall in a table:

REPLACE ALL DATABASE.FIELD WITH ENCRYPT(DATABASE.FIELD,'E')

This will encrypt the value(s). To Decrypt, simply pass:

lcReturnValue = ENCRYPT(DATABASE.FIELD,'D')

And that decrypts. For things like passwords, I recommend not decrypting, but to rather Encrypt the value passed, and then check that value against the encrypted value. This protects you even further.

If you have questions about how it works, fire away. Also, max string length for encryption is 46 characters. If you have fields greater than 46 characters to encrypt, simply break them into 46 character "chuncks".

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*
* This function receives a character value of no more than 49 characters long, and
* creates an encryption string for the value. It can also receive an encrypted string,
* and reverse the process to return the unencrypted value.
*
* M.CHARSTRING = Database character string to Encrypt/Decrypt.
* M.OFFSET = String offset determined by the first character of the string.
* This adds an additional measure of security to the encryption
* process.
* M.CODE = 220 character random ASCII string.
* M.CONVERSION = Encrypted/Decrypted converted characters.
*
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

FUNCTION ENCRYPT

PARAMETERS lcCHARSTRING, lcCNVTTYPE
*
IF PARAMETERS() # 2
MESSAGEBOX('Invalid Number of Parameters. Please Correct this Problem before Trying Agian.',16,;
'Encryption Error')
RETURN
ENDIF
*
IF LEN(lcCHARSTRING) > 46
MESSAGEBOX('Value Too Large To Encrypt. Must Be 46 Characters Or Less.',16,;
'Encryption Error')
RETURN
ENDIF
*
lcCNVTTYPE = UPPER(lcCNVTTYPE)
lnCOUNT = 1
lcCONVERSION = ""
lnOFFSET = 11 - MIN(25,LEN(TRIM(lcCHARSTRING)))
lnINCREMENT = 0
*

lcCODE = "7l{ªÙz[qûL®÷ÁTUJP6 î£5È”²Å¿DÒy§MËåÝH.Öha*áë™›:­Ã˜ò,EW¥â¹Oƒù¦Õ¼Š/Î\Q³>|“" + ;
&quot;Gc×’Bv¢ÍŽ`—A‡r‚uf$CÞó(í_‘ºãd&æ½ñðnÜÇž´¡Ÿ†–8ø<Nšˆ9·úľbk#‰ì2€~çgï¬YÐt„wü'p&quot; + ;
&quot;jéà1m0o«eÊ4»õ}@þœÓßö¯èKZ‹©iÚýÉ!?êVØ+S^±ÔϤ)X]x=s3ÂÌ…FÀ-¸Ñô¶Æ°Œµ%;•¨ÛäRI&quot;
*
IF NOT lcCNVTTYPE $ 'E D'
MESSAGEBOX('Not a Valid Encryption Type',16,'Encryption Error')
RETURN
ENDIF
*
DO WHILE lnCOUNT <= LEN(TRIM(lcCHARSTRING))
IF lcCNVTTYPE = 'E'
lcCONVERSION = lcCONVERSION + ;
SUBSTR(lcCODE,ASC(SUBSTR(lcCHARSTRING, lnCOUNT,1))-lnOFFSET,1)
ELSE
lcCONVERSION = lcCONVERSION +;
CHR(lnOFFSET + AT(SUBSTR(lcCHARSTRING,lnCOUNT,1),lcCODE))
ENDIF
*
lnCOUNT = lnCOUNT + 1
IF lnINCREMENT = 4
lnINCREMENT = 0
lnOFFSET = lnOFFSET-3
ELSE
lnINCREMENT = lnINCREMENT + 1
lnOFFSET = lnOFFSET+lnINCREMENT
ENDIF
ENDDO
*
RETURN lcCONVERSION


Best Regards,
Scott

&quot;Everything should be made as simple as possible, and no simpler.&quot;

 

[RoadRunnerOz]

1) I use an ENCRYPTION/DECRYPTION program (for tables) written by E. Scott Jones in 1992. There are no limitations on field sizes. email me for code

Michael Ouellette
mouellette@compuserve.com