To read the article online, visit

A Follow-up to Encryption with ASP

By Julian

  • This is a follow-up to Julian's earlier article, Encryption with ASP. If you are not familiar with that article, it is strongly encouraged that you read it first.

    Note that using a one time pad for a string, it is secure for only one use. If you were to reuse the one-time pad for multiple strings, the one-time pad could be comprimised by running the following algorithm:

    CypherText1 = ClearText1 XOR Key
    ClearText1 = CypherText1 XOR Key

    If the key is reused, we can take CypherText1 (which is really ClearText1 XOR key) and XOR it to the original known text and get the Key:

    Key = (ClearText1 XOR key) XOR ClearText1
          this is CypherText1 * 

    * algorithm provided by David Mann

    Therefore, I have included some new code to create a new key everytime the code is executed. It basically writes a new key file out every time the page runs. The 'key file' consists of a randomly generated filename, and the key data is stored inside of it. The newly created key is used to encrypt/decrypt the string data on the fly. If you were not encrypting/decrypting on the fly, you would want to store the encrypted data and location of the key file that encrypted that data. Optionally, as Derrick suggests in his article, you could store all of this data in a secure database, instead of writing out text files. In seems however, you might not want key information and encrypted data stored in the same location for security purposes. That's up to you.

  • Read One Time Pad QueryString Encryption

    The code to use on the fly padding is shown below:

    Dim g_KeyLocation, g_Key
    g_KeyLocation = "C:\crypt\" & BuildFileName() & ".txt"
    Const g_CryptThis = " Rocks"
    Const g_KeyLen = 512
    On Error Resume Next
    strFullKey = KeyGeN(g_KeyLen)
    Call WriteKeyToFile(strFullKey)
    if Err <> 0 Then
       Response.Write "ERROR GENERATING KEY" & "<P>"
       Response.Write Err.Number & "<BR>"
       Response.Write Err.Description & "<BR>"  
    End If
    Sub WriteKeyToFile(MyKeyString)
       Dim keyFile, fso, strFileName
       strFileName = g_KeyLocation
       set fso = Server.CreateObject("scripting.FileSystemObject") 
       set keyFile = fso.CreateTextFile(strFileName, true) 
    End Sub
    Function KeyGeN(iKeyLength)
    Dim k, iCount, strMyKey, lowerbound, upperbound
       lowerbound = 35 ' 35
       upperbound = 96 ' 96
       Randomize      ' Initialize random-number generator.
       for i = 1 to iKeyLength
          s = 255
          k = Int(((upperbound - lowerbound) + 1) * Rnd + lowerbound)
          strMyKey =  strMyKey & Chr(k) & ""
       KeyGeN = strMyKey
    End Function
    Function BuildFileName()
    Dim k, i,  strFileName, lowerbound, upperbound
       lowerbound = 97
       upperbound = 122
       for i = 1 to 24
          k = Int(((upperbound - lowerbound) + 1) * Rnd + lowerbound)
          strFileName =  strFileName & Chr(k) & ""
       BuildFileName = strFileName
    End Function
    g_Key = mid(ReadKeyFromFile(g_KeyLocation),1,Len(g_CryptThis))
    Response.Write "<p>ORIGINAL STRING: " & g_CryptThis & _
    Response.Write "<p>KEY VALUE: " & g_Key  & "<p>"
    Response.Write "<p>ENCRYPTED CYPHERTEXT: " & _
                       EnCrypt(g_CryptThis) & "<p>"
    Response.Write "<p>DECRYPTED CYPHERTEXT: " & _
                       DeCrypt(EnCrypt(g_CryptThis)) & "<p>"
    Function EnCrypt(strCryptThis)
       Dim strChar, iKeyChar, iStringChar, i
       for i = 1 to Len(strCryptThis)
          iKeyChar = Asc(mid(g_Key,i,1))
          iStringChar = Asc(mid(strCryptThis,i,1))
          iCryptChar = iKeyChar Xor iStringChar
          strEncrypted =  strEncrypted & Chr(iCryptChar)
       EnCrypt = strEncrypted
    End Function
    Function DeCrypt(strEncrypted)
    Dim strChar, iKeyChar, iStringChar, i
       for i = 1 to Len(strEncrypted)
          iKeyChar = (Asc(mid(g_Key,i,1)))
          iStringChar = Asc(mid(strEncrypted,i,1))
          iDeCryptChar = iKeyChar Xor iStringChar
          strDecrypted =  strDecrypted & Chr(iDeCryptChar)
       DeCrypt = strDecrypted
    End Function
    Function ReadKeyFromFile(strFileName)
       Dim keyFile, fso, f
       set fso = Server.CreateObject("Scripting.FileSystemObject") 
       set f = fso.GetFile(strFileName) 
       set ts = f.OpenAsTextStream(1, -2)
       Do While not ts.AtEndOfStream
         keyFile = keyFile & ts.ReadLine
       ReadKeyFromFile =  keyFile
    End Function


  • Download the source code in text format
  • Read One Time Pad QueryString Encryption

  • Article Information
    Article Title: A Follow-up to Encryption with ASP
    Article Author: Julian
    Published Date: Friday, January 28, 2000
    Article URL:

    Copyright 2019 QuinStreet Inc. All Rights Reserved.
    Legal Notices, Licensing, Permissions, Privacy Policy.
    Advertise | Newsletters | E-mail Offers