Update! - A potential security issue has been detected using this system. For a fix, read A Follow-up to Encryption with ASP.

Introduction:
First a tiny background about encryption. Certain kinds of heavy encryption are illegal to export out of the US. They are actually classified as "munitions", i.e. weapons. This article will teach you how to create simple string encryption from an ASP page, but not the kind you could get in trouble with. Don't be fooled though- the string encryption I am going to show you is heavy duty enough to take some time to crack. It's based on one of the simplest cipher methods known as the Vernum Cipher. If you haven't heard of this before, read my footnote at the bottom of this page.

Basically our code below invloves one text stream and one randomly generated key. The two combined together create the cyphertext.

      (plaintext) combined with (encryption key) = encrypted cyphertext

The first item of business is to generate a key. We'll generate one that is 512 bytes in length, which should be plenty for encryption of a text string. Here is the key generation code:

<% '****************************** ' KeyGeN.asp '****************************** Const g_KeyLocation = "C:\key.txt" Const g_KeyLen = 512 On Error Resume Next Call WriteKeyToFile(KeyGeN(g_KeyLen),g_KeyLocation) if Err <> 0 Then Response.Write "ERROR GENERATING KEY." & "<P>" Response.Write Err.Number & "<BR>" Response.Write Err.Description & "<BR>" Else Response.Write "KEY SUCCESSFULLY GENERATED." End If Sub WriteKeyToFile(MyKeyString,strFileName) Dim keyFile, fso set fso = Server.CreateObject("scripting.FileSystemObject") set keyFile = fso.CreateTextFile(strFileName, true) keyFile.WriteLine(MyKeyString) keyFile.Close End Sub Function KeyGeN(iKeyLength) Dim k, iCount, strMyKey lowerbound = 35 upperbound = 96 Randomize ' Initialize random-number generator. for i = 1 to iKeyLength s = 255 k = Int(((upperbound - lowerbound) + 1) * Rnd + lowerbound) strMyKey = strMyKey & Chr(k) & "" next KeyGeN = strMyKey End Function %>

Run the above KeyGeN.asp page under IIS. You only need to do this once. It will write a key file out to c:\key.txt (you will probably want to write this to a safe place, not the root of your c drive). Next open the key.txt key file you have just created. Pretty isn't it? It should contain 512 characters between the ASCII Decimal value of 35 and 96. This is a randomly created string, so each person's key.txt will be different. Here is my key.txt:

IY/;$>=3)?^-+7M32#Q]VOII.Q=OFMC`:P7_B;<R/8U)XFHC<SR_E$.DLG'=I+@5%*+OP:F_=';' NSY`-^S.`AA=BJ3M0.WF#T5LGK(=/<:+C2K/^7AI$;PU'OME2+T8ND?W$C(J\,;631'M-LD5F%%1 TF_&K2A-D-54[2P,#'*JU%6`0RF3CMF0(#T07U'FZ=>#,+.AW_/+']DIB;2DTIA57TT&-)O'/*F' M>H.XH5W^0Y*=71+5*^`^PKJ(=E/X#7A:?,S>R&T;+B#<:-*\@)X9F`_`%QA3Z95.?_T#1,$2#FW W5PBH^*<])A(S0@AVD8C^Q0R^T1D?(1+,YE71X+.*+U$:3XO^Q].KG&0N0];[LJ<OZ6IN?7N4<GT L?(M'4S8+3JMK5]HC%^1^+K;\$WBXPA?F&5^E\D$7%*O/U[1/?8(5:1OVWV*1Z-%`:K&V?X1,1KU RD@3W0^D)<OG40?(VJ4EWL5A5M<$A);CQ36R9I]*U#Q%1<Y\&SA%#1<V

Now take a closer look at the KeyGeN Function, the lowerbound and upperbound values are the 'range' of ASCII characters you'd like to use in the generation of the key.

Next order of business will be encrypting and decrypting a string. We'll examine this in Part 2!