No announcement yet.

Easy-to-use, powerful encryption (Blowfish) for your projects... Secure your data for emailing or st

  • Filter
  • Time
  • Show
Clear All
new posts

  • Easy-to-use, powerful encryption (Blowfish) for your projects... Secure your data for emailing or st

    A point of interest for many people is, "How can I email secure data to myself from my AutoPlay Media Studio applications?" it has been asked here many times. So here I will attempt to offer "a" solution. I don't guarantee the security of this method though and Indigo Rose does not reccomend you use it to send secure data, use it at your own risk.

    Download the files here

    Incidentally Indigo Rose reccomends that to best send secure credit card data (or any other secure data) you should be using a two part system made of a secure server as well as a professional encryption system such as PGP, etc. Have your users enter their secure data via a web object within your AMS app directly to a form on secure server page (https) on your domain, you may have to get a certificate to do this, if you need more info on this contact your systems operator, webhost, or webmaster. The info from this secure form should be processed by your encryption system directly upon submission by the user (never stored as a file) to produce encrypted info which can then be sent or stored. That is the official reccomended method from Indigo Rose. Indigo Rose assumes no liabilty resulting from either the use nor the misuse of the method(s) described below. Use them at your own risk.

    Ok so back to our unofficial discussion, the issue is kind of foggy because we want to encrypt the data locally but any reasonably secure encryption system, no matter how simple requires a key/seed/salt number or string to generate the encryption and it's completely insecure to store that key locally, i.e. we want to encrypt locally but keep our key in a secure remote location and this is not possible. So for the purposes of this method we'll store the key in our application as a string since AMS files are encrypted at build time and are a reasonably secure envelope for your data.

    Furthermore the issue becomes even more difficult in that the solution must be exceedingly simple or users simply won't use it due to inconvenience yet it must be reasonably secure or I can't reccomend using it to send secure data. People want a ready-to-use click-and-go solution to this very complex issue. So I did my best towards striking a balance between all these issues here.

    Ok so let's get started. There are many ways to do this, this is but one simple way and by no means the best or only way.

    1. For our encryption we will be using a superb freeware command line utility named "MySecret Blowfish Encryption Utility" which uses blowfish encryption, a very decent method which, as far as I know, has never been defeated. First thing you need to do is go download this tool, it can be found at . I cannot say enough good things about this tool, its free, it's tiny, it's fast, it's easy to use, and it's powerful, what more can you ask?

    2. Unzip the file and place the file "MySecret.exe" into your Distribution Folder. Do not alter that file in any way.

    3. OK the hard part is done. Now we need to build a small app which gathers user input. To keep it very simple we'll do a single part form with "message" being the sole input field. In your case you can do as many fields as you like. So we setup a blank Autoplay Studio application and then we place an edit field on the page, named "message". Then we place a text object on the page named "submit" which contains the text, "Click Here to Submit". That's it, we're done setting up the application, just a few actions to go and we're ready to build.

    4. The whole app hinges on the submit button as it will contain all our actions. An abstract of the process we need to do is:

    a) Get info from edit field
    b) Encrypt text
    c) Send encrypted data to email client using mailto (not 100% reliable but easy to use)

    Ok so now that we have a strategy, let's get to it (don't forget to place MySecret.exe in your distribution folder first):

    1. On our submit button we add all the following actions to the OnClick event. First we use an EDIT FIELD > GET TEXT action to gather the user input from the message field into the variable %message%. Then we use Brett's clipboard .dll to place that info in the clipboard.

    2. Now we're going to encrypt that info. That means you need to pick a key string (no special characters, go to MySecret site for specific guidelines), this is the same string you will use later to decrypt your info so make note of it. For the purposes of this tutorial we'll use the key "12345678" (you should pick something better). OK so we need to use a FILE > EXECUTE action to launch MySecret.exe and pass the neccesary command line arguments to it to create our new file. If this is confusing just cut and paste what I say here or download the source file from the link above to get the working code (it will work 100% as is with no editing if you prefer that, feel free to use it).

    Ok so we add the FILE > EXECUTE action, in the "file to execute" path we type in "%SrcDir%\MySecret.exe" (no quotes) and in the "command line arguments" area we type, "-p 12345678". There is full documentation on the control switches at the product download link above, but if you would rather just cut and paste the example here will work fine. Basically what we did was run MySecret.exe and tell it that the password [-p] is 12345678 and to encrypt all data in the clipboard using that key.

    3. Now we use Brett's clipboard .dll to retrieve the encrypted data from the clipboard, and store it ina variable. We add ASCII line breaks and carriage returns for the mailto formatting and then launch the default email client with the encrypted data as the email body.

    That's it we're done... If you wish to really use this tool simply go into the actions by clicking on the submit text button and change the "[email protected]" text to whatever your email address is and then change the key to something better than 12345678 by changing the -p 12345678 command line argument in the FILE > EXECUTE action to whatever key you'd like, if you are going to use spaces then you need to use quotes, i.e. "my code"...

    I have included a decryption tool also so you can read your email messages, if you changed the key in the email application you must also change it in the decryption tool in order to decrypt text. So just change the -p 12345678 command line argument in the FILE > EXECUTE action to match your chosen key string. Simply run this app and paste your encrypted email text into the field and press the button to retrieve the original message.

    If you have any questions just ask. This method should work very well for many users, feel free to use it but make sure you follow whatever rules the makers of MySecret.exe have put forth on their site.

    Have fun, I know I'll be using this one lots from now on myself... Blowfish encryption is pretty strong, add a twist to the script so that the key is generated and retrieved dynamically from your site (as a signed one-time token) at runtime (OR add this to a secure server and remote database combo) and this method offers reasonably trustable data security for many common applications. Please feel free to use or alter the AMS project code any way you choose. [img]/ubbthreads/images/icons/smile.gif[/img]


    Corey Milner
    Creative Director, Indigo Rose Software