Published: Friday, November 05, 1999
Encyption with ASP
Update! - A potential security issue has been detected using this system. For a
fix, read A Follow-up to Encryption with ASP.
Introduction:
First a tiny background about encryption. Certain kinds of heavy encryption are illegal to export out of the US. They are actually classified as "munitions", i.e. weapons. This article will teach you how to create simple string encryption from an ASP page, but not the kind you could get in trouble with. Don't be fooled though- the string encryption I am going to show you is heavy duty enough to take some time to crack. It's based on one of the simplest cipher methods known as the Vernum Cipher. If you haven't heard of this before, read my footnote at the bottom of this page.
Basically our code below invloves one text stream and one randomly generated key. The two combined together create the cyphertext.
(plaintext) combined with (encryption key) = encrypted cyphertext
The first item of business is to generate a key. We'll generate one that is 512 bytes in length, which should be plenty for encryption of a text string. Here is the key generation code:
<%
<![CDATA[
'******************************
' KeyGeN.asp
'******************************
Const g_KeyLocation = "C:\key.txt"
Const g_KeyLen = 512
On Error Resume Next
Call WriteKeyToFile(KeyGeN(g_KeyLen),g_KeyLocation)
if Err <> 0 Then
Response.Write "ERROR GENERATING KEY." & "<P>"
Response.Write Err.Number & "<BR>"
Response.Write Err.Description & "<BR>"
Else
Response.Write "KEY SUCCESSFULLY GENERATED."
End If
Sub WriteKeyToFile(MyKeyString,strFileName)
Dim keyFile, fso
set fso = Server.CreateObject("scripting.FileSystemObject")
set keyFile = fso.CreateTextFile(strFileName, true)
keyFile.WriteLine(MyKeyString)
keyFile.Close
End Sub
Function KeyGeN(iKeyLength)
Dim k, iCount, strMyKey
lowerbound = 35
upperbound = 96
Randomize ' Initialize random-number generator.
for i = 1 to iKeyLength
s = 255
k = Int(((upperbound - lowerbound) + 1) * Rnd + lowerbound)
strMyKey = strMyKey & Chr(k) & ""
next
KeyGeN = strMyKey
End Function
]]>
%>
|
Run the above KeyGeN.asp page under IIS. You only need to do this once. It will write a key file out to c:\key.txt (you will probably want to write this to a safe place, not the root of your c drive). Next open the key.txt key file you have just created. Pretty isn't it? It should contain 512 characters between the ASCII Decimal value of 35 and 96. This is a randomly created string, so each person's key.txt will be different. Here is my key.txt:
<![CDATA[
IY/;$>=3)?^-+7M32#Q]VOII.Q=OFMC`:P7_B;<R/8U)XFHC<SR_E$.DLG'=I+@5%*+OP:F_=';'
NSY`-^S.`AA=BJ3M0.WF#T5LGK(=/<:+C2K/^7AI$;PU'OME2+T8ND?W$C(J\,;631'M-LD5F%%1
TF_&K2A-D-54[2P,#'*JU%6`0RF3CMF0(#T07U'FZ=>#,+.AW_/+']DIB;2DTIA57TT&-)O'/*F'
M>H.XH5W^0Y*=71+5*^`^PKJ(=E/X#7A:?,S>R&T;+B#<:-*\@)X9F`_`%QA3Z95.?_T#1,$2#FW
W5PBH^*<])A(S0@AVD8C^Q0R^T1D?(1+,YE71X+.*+U$:3XO^Q].KG&0N0];[LJ<OZ6IN?7N4<GT
L?(M'4S8+3JMK5]HC%^1^+K;\$WBXPA?F&5^E\D$7%*O/U[1/?8(5:1OVWV*1Z-%`:K&V?X1,1KU
RD@3W0^D)<OG40?(VJ4EWL5A5M<$A);CQ36R9I]*U#Q%1<Y\&SA%#1<V
]]>
|
Now take a closer look at the KeyGeN Function, the lowerbound and upperbound values are the 'range' of ASCII characters you'd like to use in the generation of the key.
Next order of business will be encrypting and decrypting a string.
We'll examine this in Part 2!
Read Part 2
