How safe and feasable is it ?

kee nethery kee at kagi.com
Sun Nov 9 19:11:36 EST 2014


> > I guess I'll have to build my own encryption protocol...
> 
> LiveCode has many very serious encryption options built in - check out the encrypt and decrypt commands.

I have an app that passes private data from it to me. If you were to do the same (except you are going from you to your app):

Create a public/private key. Embedded the public key in your app and use it to decrypt the symmetrical key used for the encryption of the actual data. (A public/private key encodes with one key, and decodes with another.)

Create a hash of the stack (or script). Basically get a fingerprint of the file before you start encrypting it. Use that fingerprint to make sure that when your stack decrypts it, you got what you were sending.

Create a unique key for each stack (or script) that you plan to encrypt.
Encode the stack (or script) with a symmetrical algorithm using that key. (A symmetrical algorithm has the same key used to encode and decode.) Symmetrical algorithms are much faster than public/private algorithms. 
Convert the symmetrically encrypted data to base64. Makes it simple ASCII characters.

Take the symmetrical key, the hash, and the file name, combine into a set of structured data, and encrypt that data using your private public/private key (the key that only lives on your computer). This is a small set of data and it will encrypt quickly.

Convert the public/private key encrypted data to base64. Combine the two base64 sets of data into a single structured text file.

Zip that text file and send it to your receiving stack.

Your receiving stack would have your public key embedded in it. When it grabs the zipped up file it reverses the process:
unzip the file, 
pull the two base64 sets of data apart, 
un-base64 both sets of data, 
use the public key to decrypt the symmetrical key, hash, and end result file name
decrypt the stack (or script) data, 
name the file correctly,
fingerprint the data 
compare to the fingerprint you created and sent with the file you received
If the fingerprints match, use the file.

Not sure which algorithms are recommended these days. Know that MD5 is not recommended. You can pick really big keys since the symmetrical algorithm is quick and the public/private algorithm will be working on a very tiny set of data.

Kee Nethery








More information about the use-livecode mailing list