How safe and feasable is it ?

Richard Gaskin ambassador at fourthworld.com
Sat Nov 15 08:58:24 EST 2014


Kee, What asymmetrical encryption do you use with LiveCode?

-- 
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  Ambassador at FourthWorld.com                http://www.FourthWorld.com


kee nethery wrote:

> I have an app that passes private data from it to me. If you were to do the same (except you are going from you to your app):
>
> Create a public/private key. Embedded the public key in your app and use it to decrypt the symmetrical key used for the encryption of the actual data. (A public/private key encodes with one key, and decodes with another.)
>
> Create a hash of the stack (or script). Basically get a fingerprint of the file before you start encrypting it. Use that fingerprint to make sure that when your stack decrypts it, you got what you were sending.
>
> Create a unique key for each stack (or script) that you plan to encrypt.
> Encode the stack (or script) with a symmetrical algorithm using that key. (A symmetrical algorithm has the same key used to encode and decode.) Symmetrical algorithms are much faster than public/private algorithms.
> Convert the symmetrically encrypted data to base64. Makes it simple ASCII characters.
>
> Take the symmetrical key, the hash, and the file name, combine into a set of structured data, and encrypt that data using your private public/private key (the key that only lives on your computer). This is a small set of data and it will encrypt quickly.
>
> Convert the public/private key encrypted data to base64. Combine the two base64 sets of data into a single structured text file.
>
> Zip that text file and send it to your receiving stack.
>
> Your receiving stack would have your public key embedded in it. When it grabs the zipped up file it reverses the process:
> unzip the file,
> pull the two base64 sets of data apart,
> un-base64 both sets of data,
> use the public key to decrypt the symmetrical key, hash, and end result file name
> decrypt the stack (or script) data,
> name the file correctly,
> fingerprint the data
> compare to the fingerprint you created and sent with the file you received
> If the fingerprints match, use the file.
>
> Not sure which algorithms are recommended these days. Know that MD5 is not recommended. You can pick really big keys since the symmetrical algorithm is quick and the public/private algorithm will be working on a very tiny set of data.
>
> Kee Nethery




More information about the use-livecode mailing list