Difference between revisions of "CryptINI"
From Free Pascal wiki
Jump to navigationJump to searchMinesadorada (talk | contribs) (Download link added) |
Minesadorada (talk | contribs) m (Cleanup) |
||
| Line 1: | Line 1: | ||
==CryptINI== | ==CryptINI== | ||
| − | === | + | * A Crypted alternative to TIniFile |
| + | <br> | ||
| + | --- | ||
| + | ===Purpose=== | ||
This is a TiniFile implementation that is resistant to tampering. | This is a TiniFile implementation that is resistant to tampering. | ||
| − | In normal (PlainTextMode = FALSE) mode, any calls to Write values are | + | In normal (PlainTextMode = FALSE) mode, any calls to Write values are accompanied by an embedded MD5 hash value (and also reversed then Base64/IDEA Encrypted) |
| − | accompanied by an embedded MD5 hash value (and also reversed then Base64/IDEA Encrypted) | + | This is invisible in normal use (i.e. read methods return normal results) but there are added methods to internally verify any entries. |
| − | This is invisible in normal use (i.e. read methods return normal results) | + | It also is able to write a standard ident section containing various details including authorship and copyright. A single function allows you to check on app startup whether this section has been altered. |
| − | but there are added methods to internally verify any entries. | ||
| − | It also is able to write a standard ident section containing various | ||
| − | details including authorship and copyright. A single function allows | ||
| − | you to check on app startup whether this section has been altered. | ||
It also includes a useful 'First Run' functionality. | It also includes a useful 'First Run' functionality. | ||
| − | It's intended purpose is to store information that cannot be easily altered | + | It's intended purpose is to store information that cannot be easily altered in a text editor (such as HiScores etc) by a weekend scripter. |
| − | in a text editor (such as HiScores etc) by a weekend scripter. | + | The WriteInteger method is the most secure as it double-encrypts as well as embedding an MD5Hash value as a checksum. Very handy to save scores etc. |
| − | The WriteInteger method is the most secure as it double-encrypts as well as | ||
| − | embedding an MD5Hash value as a checksum. Very handy to save scores etc. | ||
It is paired with ReadInteger and VerifyInteger | It is paired with ReadInteger and VerifyInteger | ||
| − | === | + | ===Disclaimer=== |
| − | This unit does not claim to pass any security tests nor be used in | + | This unit does not claim to pass any security tests nor be used in any environment where a moderate-level hacker could circumvent it. |
| − | any environment where a moderate-level hacker could circumvent it. | ||
| − | === | + | ===Encryption=== |
By Default CryptINI uses the DCPCrypt package for string encryption. | By Default CryptINI uses the DCPCrypt package for string encryption. | ||
| − | The mode is IDEA cipher with an MD5 hash for the key. The EncryptINI | + | The mode is IDEA cipher with an MD5 hash for the key. The EncryptINI and DecryptINI methods use DCPCrypt RC4 Cipher (With SHA hash) |
| − | and DecryptINI methods use DCPCrypt RC4 Cipher (With SHA hash) | ||
There is a $DEFINE USE_DCPCRYPT directive at the top of this file. | There is a $DEFINE USE_DCPCRYPT directive at the top of this file. | ||
| − | If this DEFINE is commented out, then CryptINI will default | + | If this DEFINE is commented out, then CryptINI will default to BASE64 string encryption, which is weaker. Encrypt/DecryptINI methods will be unavailable. |
| − | to BASE64 string encryption, which is weaker. Encrypt/DecryptINI methods | ||
| − | will be unavailable. | ||
You can then delete any requirement for dcpcrypt in the project inspector. | You can then delete any requirement for dcpcrypt in the project inspector. | ||
| − | === | + | ===FPC versions=== |
| − | Starting in FPC V3.0 there are additional options in TINIFile which | + | Starting in FPC V3.0 there are additional options in TINIFile which are implemented in TCryptINI if the FPC Version >= 3 is detected. |
| − | are implemented in TCryptINI if the FPC Version >= 3 is detected. | ||
| − | === | + | ===Use and Example Code=== |
| − | * You can hard-code an Ident Section in your INI file | + | * You can hard-code an Ident Section in your INI file and check if it has been altered |
| − | and check if it has been altered | ||
* Typical Form.Create() | * Typical Form.Create() | ||
<syntaxhighlight> | <syntaxhighlight> | ||
| Line 82: | Line 73: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | * Has the Ident been tampered with? Put this in Form.Create | + | * Has the Ident been tampered with? Put something like this in Form.Create: |
<syntaxhighlight> | <syntaxhighlight> | ||
// Use the MD5 value from the INI file (use your own!) | // Use the MD5 value from the INI file (use your own!) | ||
| Line 103: | Line 94: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | * When PlainTextMode = FALSE (default) and SectionHashing=TRUE (default),Write<anytype> encrypts the value | + | * When PlainTextMode = FALSE (default) and SectionHashing=TRUE (default),Write<anytype> encrypts the value and prefixes the encrypted value with an MD5Hash |
| − | and prefixes the encrypted value with an MD5Hash | ||
<syntaxhighlight>INI.WriteInteger('MySection', 'Integer',1000);</syntaxhighlight> | <syntaxhighlight>INI.WriteInteger('MySection', 'Integer',1000);</syntaxhighlight> | ||
| Line 126: | Line 116: | ||
INI.ReFlower (useful for testing) | INI.ReFlower (useful for testing) | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | * Original IniFiles methods and properties | + | ===Encrypting/Decrypting the whole INI file=== |
| − | Just use them as normal. Note: you can mix-and-match Plaintext and Encrypted | + | * You can encrypt and decrypt the entire INI file using methods EncryptINI and DecryptINI. |
| − | in the same INI file. Just toggle the property PlainTextMode before Writing/Reading | + | This uses a different cipher and hash method, so is extra-secure. |
| + | * Note: CryptINI methods and properties an only work with an unencrypted INI file, So; Decrypt on startup, and Encrypt before exit. | ||
| + | * By default the routines use the KeyPhrase property, but you can override this in the EncryptINI/DecryptINI method calls along with whether to delete the "old" file and what file extension to use for the encrypted file. | ||
| + | |||
| + | ===Original IniFiles methods and properties=== | ||
| + | Just use them as normal. Note: you can mix-and-match Plaintext and Encrypted in the same INI file. Just toggle the property PlainTextMode before Writing/Reading | ||
===Testing App/Demo=== | ===Testing App/Demo=== | ||
| Line 145: | Line 133: | ||
==Download== | ==Download== | ||
* Sourcecode and Testing app Direct link: https://sourceforge.net/projects/lazautoupdate/files/otherpackages/cryptinitest_source.zip | * Sourcecode and Testing app Direct link: https://sourceforge.net/projects/lazautoupdate/files/otherpackages/cryptinitest_source.zip | ||
| + | |||
| + | ===Installation=== | ||
| + | * To install the CryptINI package, just open it and click "Compile". It is not a visual component, so cannot be "Installed". | ||
| + | * In your project, just add ucryptini to the Uses clause when required. | ||
<br> | <br> | ||
---- | ---- | ||
Revision as of 20:29, 21 November 2016
CryptINI
- A Crypted alternative to TIniFile
---
Purpose
This is a TiniFile implementation that is resistant to tampering. In normal (PlainTextMode = FALSE) mode, any calls to Write values are accompanied by an embedded MD5 hash value (and also reversed then Base64/IDEA Encrypted) This is invisible in normal use (i.e. read methods return normal results) but there are added methods to internally verify any entries. It also is able to write a standard ident section containing various details including authorship and copyright. A single function allows you to check on app startup whether this section has been altered. It also includes a useful 'First Run' functionality. It's intended purpose is to store information that cannot be easily altered in a text editor (such as HiScores etc) by a weekend scripter. The WriteInteger method is the most secure as it double-encrypts as well as embedding an MD5Hash value as a checksum. Very handy to save scores etc. It is paired with ReadInteger and VerifyInteger
Disclaimer
This unit does not claim to pass any security tests nor be used in any environment where a moderate-level hacker could circumvent it.
Encryption
By Default CryptINI uses the DCPCrypt package for string encryption. The mode is IDEA cipher with an MD5 hash for the key. The EncryptINI and DecryptINI methods use DCPCrypt RC4 Cipher (With SHA hash) There is a $DEFINE USE_DCPCRYPT directive at the top of this file.
If this DEFINE is commented out, then CryptINI will default to BASE64 string encryption, which is weaker. Encrypt/DecryptINI methods will be unavailable. You can then delete any requirement for dcpcrypt in the project inspector.
FPC versions
Starting in FPC V3.0 there are additional options in TINIFile which are implemented in TCryptINI if the FPC Version >= 3 is detected.
Use and Example Code
- You can hard-code an Ident Section in your INI file and check if it has been altered
- Typical Form.Create()
procedure TForm1.FormCreate(Sender: TObject);
const
C_KEYPHRASE = 'I do like to be beside the seaside'; // Move this to the top of the unit
Begin
...other code
// Initialise the encrypted config file
INI := TCryptIniFile.Create(ChangeFileExt(Application.EXEName, '.cfg'));
// First ever run. INI is absent
If INI.IsVirgin then INI.WriteIdent('minesadorada','(c)2016','minesadorada@charcodelvalle.com','Creative Commons',TRUE);l
if NOT INI.VerifyIdent('5b319674f5cb55f3ed1e404e33c25868') then // I got this from the INI file
ShowMessage('This is not a genuine copy of ' + Application.Title + '!')
else INI.Deflower; // If not Deflowered then the default ini is used.
// After first run, use the encrypted version
If NOT INI.IsVirgin then
begin
INI.DecryptINI(TRUE,C_KEYPHRASE);
// Check the unencrypted version..
if NOT INI.VerifyIdent('5b319674f5cb55f3ed1e404e33c25868') then // I got this from the INI file
ShowMessage('This is not a genuine copy of ' + Application.Title + '!');
end;
INI.KeyPhrase:=C_KEYPHRASE; // for subsequent read/writes
...other code
end;
procedure Tmainform.FormDestroy(Sender: TObject);
const
C_KEYPHRASE = 'I do like to be beside the seaside'; // Move this to the top of the unit
Begin
...other code
INI.EncryptINI(TRUE,C_KEYPHRASE);
...other code
end;- Has the Ident been tampered with? Put something like this in Form.Create:
// Use the MD5 value from the INI file (use your own!)
If INI.VerifyIdent('92abf0deecbb25c435bff507a396d92a') then
ShowMessage('Ident verified OK') // do nothing
else
ShowMessage('Ident failed verification'); // Warning message/exit- Test for first run
If INI.IsVirgin then // note that doing the test Deflowers the app by default
ShowMessage('First time run of this app');- Toggle to normal UnEncrypted INI use
(by default it is set to FALSE)
INI.PlainTextMode:=TRUE;
INI.WriteString('MySection', 'String', 'MyString'); // just writes normally- When PlainTextMode = FALSE (default) and SectionHashing=TRUE (default),Write<anytype> encrypts the value and prefixes the encrypted value with an MD5Hash
INI.WriteInteger('MySection', 'Integer',1000);- Note WriteInteger adds a '+' (INTEGER_MARKER) to the written Key
This is so that CryptINI can deal with Integers specially Using CryptINI in either mode, this is invisible in use (i.e. don't add a + to the ident for any methods)
- When PlainTextMode = FALSE (default), use these convenient methods if you like:
INI.ReadUnencryptedString
INI.WriteUnencryptedString
INI.ReadUnEncryptedInteger
INI.WriteUnencryptedInteger- Store 'First Run' status using these methods:
INI.IsVirgin
INI.Deflower
INI.ReFlower (useful for testing)Encrypting/Decrypting the whole INI file
- You can encrypt and decrypt the entire INI file using methods EncryptINI and DecryptINI.
This uses a different cipher and hash method, so is extra-secure.
- Note: CryptINI methods and properties an only work with an unencrypted INI file, So; Decrypt on startup, and Encrypt before exit.
- By default the routines use the KeyPhrase property, but you can override this in the EncryptINI/DecryptINI method calls along with whether to delete the "old" file and what file extension to use for the encrypted file.
Original IniFiles methods and properties
Just use them as normal. Note: you can mix-and-match Plaintext and Encrypted in the same INI file. Just toggle the property PlainTextMode before Writing/Reading
Testing App/Demo
- This can be downloaded from https://sourceforge.net/projects/lazautoupdate/files/otherpackages/testcryptini_compiled.zip
- There are compiled versions for Windows 32/64-bit and Linux 32/64-bit in the archive
Download
- Sourcecode and Testing app Direct link: https://sourceforge.net/projects/lazautoupdate/files/otherpackages/cryptinitest_source.zip
Installation
- To install the CryptINI package, just open it and click "Compile". It is not a visual component, so cannot be "Installed".
- In your project, just add ucryptini to the Uses clause when required.
