When you think ASP, think...
Recent Articles
All Articles
ASP.NET Articles
ASPFAQs.com
Message Board
Related Web Technologies
User Tips!
Coding Tips

Sections:
Sample Chapters
Commonly Asked Message Board Questions
JavaScript Tutorials
MSDN Communities Hub
Official Docs
Security
Stump the SQL Guru!
XML Info
Information:
Feedback
Author an Article
ASP ASP.NET ASP FAQs Message Board Feedback
Print this page.
Published: Friday, January 28, 2000

A Follow-up to Encryption with ASP

By Julian


  • This is a follow-up to Julian's earlier article, Encryption with ASP. If you are not familiar with that article, it is strongly encouraged that you read it first.

    - continued -

    Note that using a one time pad for a string, it is secure for only one use. If you were to reuse the one-time pad for multiple strings, the one-time pad could be comprimised by running the following algorithm:

    CypherText1 = ClearText1 XOR Key
    ClearText1 = CypherText1 XOR Key

    If the key is reused, we can take CypherText1 (which is really ClearText1 XOR key) and XOR it to the original known text and get the Key:

    Key = (ClearText1 XOR key) XOR ClearText1
           ^^^^^^^^^^^^^^^^^^
          this is CypherText1 * 
    

    * algorithm provided by David Mann

    Therefore, I have included some new code to create a new key everytime the code is executed. It basically writes a new key file out every time the page runs. The 'key file' consists of a randomly generated filename, and the key data is stored inside of it. The newly created key is used to encrypt/decrypt the string data on the fly. If you were not encrypting/decrypting on the fly, you would want to store the encrypted data and location of the key file that encrypted that data. Optionally, as Derrick suggests in his article, you could store all of this data in a secure database, instead of writing out text files. In seems however, you might not want key information and encrypted data stored in the same location for security purposes. That's up to you.

  • Read One Time Pad QueryString Encryption

    The code to use on the fly padding is shown below:

    
    <%
    Dim g_KeyLocation, g_Key
    
    g_KeyLocation = "C:\crypt\" & BuildFileName() & ".txt"
    
    Const g_CryptThis = "4GuysFromRolla.com Rocks"
    Const g_KeyLen = 512
    
    On Error Resume Next
    
    strFullKey = KeyGeN(g_KeyLen)
    Call WriteKeyToFile(strFullKey)
    
    if Err <> 0 Then
       Response.Write "ERROR GENERATING KEY" & "<P>"
       Response.Write Err.Number & "<BR>"
       Response.Write Err.Description & "<BR>"  
    Else
       Response.Write "KEY SUCCESSFULLY GENERATED"
    End If
    
    Sub WriteKeyToFile(MyKeyString)
       Dim keyFile, fso, strFileName
       strFileName = g_KeyLocation
       set fso = Server.CreateObject("scripting.FileSystemObject") 
       set keyFile = fso.CreateTextFile(strFileName, true) 
       keyFile.WriteLine(MyKeyString)
       keyFile.Close
    End Sub
    
    Function KeyGeN(iKeyLength)
    Dim k, iCount, strMyKey, lowerbound, upperbound
       lowerbound = 35 ' 35
       upperbound = 96 ' 96
       Randomize      ' Initialize random-number generator.
       for i = 1 to iKeyLength
          s = 255
          k = Int(((upperbound - lowerbound) + 1) * Rnd + lowerbound)
          strMyKey =  strMyKey & Chr(k) & ""
       next
       KeyGeN = strMyKey
    End Function
    
    Function BuildFileName()
    Dim k, i,  strFileName, lowerbound, upperbound
       lowerbound = 97
       upperbound = 122
       Randomize
       for i = 1 to 24
          k = Int(((upperbound - lowerbound) + 1) * Rnd + lowerbound)
          strFileName =  strFileName & Chr(k) & ""
       next
       BuildFileName = strFileName
    End Function
    
    g_Key = mid(ReadKeyFromFile(g_KeyLocation),1,Len(g_CryptThis))
    
    Response.Write "<p>ORIGINAL STRING: " & g_CryptThis & _
                       "<p>"
    Response.Write "<p>KEY VALUE: " & g_Key  & "<p>"
    Response.Write "<p>ENCRYPTED CYPHERTEXT: " & _
                       EnCrypt(g_CryptThis) & "<p>"
    Response.Write "<p>DECRYPTED CYPHERTEXT: " & _
                       DeCrypt(EnCrypt(g_CryptThis)) & "<p>"
    
    Function EnCrypt(strCryptThis)
       Dim strChar, iKeyChar, iStringChar, i
       for i = 1 to Len(strCryptThis)
          iKeyChar = Asc(mid(g_Key,i,1))
          iStringChar = Asc(mid(strCryptThis,i,1))
          iCryptChar = iKeyChar Xor iStringChar
          strEncrypted =  strEncrypted & Chr(iCryptChar)
       next
       EnCrypt = strEncrypted
    End Function
    
    Function DeCrypt(strEncrypted)
    Dim strChar, iKeyChar, iStringChar, i
       for i = 1 to Len(strEncrypted)
          iKeyChar = (Asc(mid(g_Key,i,1)))
          iStringChar = Asc(mid(strEncrypted,i,1))
          iDeCryptChar = iKeyChar Xor iStringChar
          strDecrypted =  strDecrypted & Chr(iDeCryptChar)
       next
       DeCrypt = strDecrypted
    End Function
    
    Function ReadKeyFromFile(strFileName)
       Dim keyFile, fso, f
       set fso = Server.CreateObject("Scripting.FileSystemObject") 
       set f = fso.GetFile(strFileName) 
       set ts = f.OpenAsTextStream(1, -2)
    
       Do While not ts.AtEndOfStream
         keyFile = keyFile & ts.ReadLine
       Loop 
    
       ReadKeyFromFile =  keyFile
    End Function
    %>
    </BODY></HTML>
    


    Attachments:

  • Download the source code in text format
  • Read One Time Pad QueryString Encryption


  • ASP.NET [1.x] [2.0] | ASPMessageboard.com | ASPFAQs.com | Advertise | Feedback | Author an Article