How can I encrypt a .txt file? - Developers

I created a little program in Visual Basic (I like messing around in it when I'm bored) that writes a text file when you enter something in a text box and press the button. How can I encrypt this so that only the program can read these?

You could devise an encryption method of your own. For example, read the file into a string and convert the string to it's ASCII characters, then perform some maths on that whole thing then write THAT to the text file. You'd get a load of numbers, but only you would know the maths behind getting the text back.

Heh, quick reply :) Not quite sure how to do that all off the top of my head sadly :\

[url]http://www.devx.com/vb2themax/Tip/19462[/url] I don't use VisualBasic that much, but classic ASP is similar. You would send the string to that function and get the return of it. After that, convert the string to a long data type (I think it's long) then start doing some maths on it. Maybe multiply the number by 2 then divide by 4.

Ah, seems good. I'll try to figure it out soon :D

As an alternate, [code] IO.File.Encrypt( filenamehere ) [/code] Uses the default encryption scheme in windows ( same as right click, encrypt ). Not quite what you want, but it prevents other user accounts from accessing the file.

Would it be possible to use another program to read the file?

[QUOTE=Chad Mobile;20483374]Would it be possible to use another program to read the file?[/QUOTE] From the same user account, yes. If we have user accounts Bob and Bill, and Bob encrypts his file, Bill can't read it from his own account and must read it from Bob's.

Alright, what if I wasn't in the program and went and opened the .txt file?

[QUOTE=Chad Mobile;20483482]Alright, what if I wasn't in the program and went and opened the .txt file?[/QUOTE] If you're on the same account that created the file, it will open like a normal text file. This prevents people on [i]other[/i] user accounts from opening the file and reading it.

Okay, that clears it up. Thanks :)

I'd assume you'd want to use a shift or replacement cipher.

Basically something that would store a file in a folder, and let only a certain "user" be able to open it. You log in, and if you log in with say..the name "Jim" you would see your folder and your files. But if you hit browse and went to another users folder you couldn't read their files because they are encrypted.

I think .net has other encryption algos built it that will take a hash too, that don't use window's encryption. It's hanging out in System.Security.Cryptography, but you're on your own on how to use that stuff.

Here is something I wrote ages ago when I was learning VB 6.0. It doesnt have saving, but its pretty easy to understand and I think its what you are looking for. It just changes the ascii/character values. [code] Private Sub cmdDe_Click() Dim crpyt(100) As String Dim crpyt2(1000) As Integer Dim i As Integer Erase crpyt Erase crpyt2 If L2 = False And L1 = False And L3 = False Then MsgBox "Please Select Level" ElseIf L1 = True Then For i = 1 To Len(Text1) crpyt(i) = Mid(Text1, i, 1) Next i For i = 1 To Len(Text1) crpyt2(i) = Asc(crpyt(i)) - 1 Next i Text1 = "" For i = 1 To 100 Text1 = Text1 + Chr(crpyt2(i)) Next i ElseIf L2 = True Then For i = 1 To Len(Text1) crpyt(i) = Mid(Text1, i, 1) Next i For i = 1 To Len(Text1) crpyt2(i) = Asc(crpyt(i)) + 22 Next i Text1 = "" For i = 1 To 100 Text1 = Text1 + Chr(crpyt2(i)) Next i ElseIf L3 = True Then q = txtCust For i = 1 To Len(Text1) crpyt(i) = Mid(Text1, i, 1) Next i For i = 1 To Len(Text1) crpyt2(i) = Asc(crpyt(i)) - q Next i Text1 = "" For i = 1 To 100 Text1 = Text1 + Chr(crpyt2(i)) Next i End If End Sub Private Sub cmdEn_Click() Dim crpyt(100) As String Dim crpyt2(1000) As Integer Dim i As Integer Dim q As Integer If L2 = False And L1 = False And L3 = False Then MsgBox "Please Select Level" ElseIf L1 = True Then For i = 1 To Len(Text1) crpyt(i) = Mid(Text1, i, 1) Next i For i = 1 To Len(Text1) crpyt2(i) = Asc(crpyt(i)) + 1 Next i Text1 = "" For i = 1 To 100 Text1 = Text1 + Chr(crpyt2(i)) Next i ElseIf L2 = True Then For i = 1 To Len(Text1) crpyt(i) = Mid(Text1, i, 1) Next i For i = 1 To Len(Text1) crpyt2(i) = Asc(crpyt(i)) - 22 Next i Text1 = "" For i = 1 To 100 Text1 = Text1 + Chr(crpyt2(i)) Next i ElseIf L3 = True Then q = txtCust For i = 1 To Len(Text1) crpyt(i) = Mid(Text1, i, 1) Next i For i = 1 To Len(Text1) crpyt2(i) = Asc(crpyt(i)) + q Next i Text1 = "" For i = 1 To 100 Text1 = Text1 + Chr(crpyt2(i)) Next i End If End Sub Private Sub Form_Load() Dim txt As String End Sub [/code]

[QUOTE=UberMensch;20482193]You could devise an encryption method of your own. For example, read the file into a string and convert the string to it's ASCII characters, then perform some maths on that whole thing then write THAT to the text file. You'd get a load of numbers, but only you would know the maths behind getting the text back.[/QUOTE] I believe that it should work the other way: that you should make the method as public as possible, in order that it can be tested and improved upon by anyone who uses it, but that you should use a "key": a special parameter without which the program cannot correctly decrypt the file, so that a would-be sleuth is met with a string of garbage instead of your private information. For Chad's purpose, something like XORing the string with the key with the string and then key spacing to prevent a known-plaintext attack should be sufficient - to that end, Wikipedia would probably be a much better source of information than most of the guys on this forum. If you're really serious about protecting your stuff, though, you would be better off using a more well-known method; again, Wikipedia would be your best bet to that end.

[QUOTE=UberMensch;20482193]You'd get a load of numbers, but only you would know the maths behind getting the text back.[/QUOTE] Until someone looks at the bytecode and reverse-engineers the algorithm. It's not as difficult as you might think, especially for a simple homemade cipher. The .NET platform provides real crypto algorithms. Use those; don't try to make up your own.

I know with Pascal you can convert a character to ASCII. Then you can XOR the characters with a number e.g. For i:=1 to length(string) do ch:=ORD string[i] XOR 15 // Converts each character to ASCII then applies a symmetrical encryption but isn't very secure but if someone opens the text file they won't understand it. The to decrypt it just run the same command over it again. Not the best method for doing it but it get the job done.

If you just want obfuscation and don't care about actual security, that would suffice, as long as you understand that there's no actual security. From a security standpoint: [list] [*]The key (the number 15) is stored right there in the program, visible to anyone who reads it. Even if you don't distribute the source code, someone using a disassembler wouldn't have much trouble finding it. [*]Even if one doesn't have access to the program itself to read the key out of it, the effective key size is 8 bits so there are only 256 possibilities for what it might be. A simple program could try them all in a few milliseconds. [*]Brute force aside, a single-character substitution cipher like this does nothing to prevent letter-frequency analysis. Someone could count the number of times each letter appears in the file and compare against (readily available) tables of the statistical frequency of letters in English text, and come up with a pretty good set of guesses as to what each letter decrypts to. Once they notice that each "encrypted" letter is just the original letter with the bottom four bits flipped (since that's what XOR 15 does), the whole house of cards falls down. [/list]

Yeah, I remember reading about ciphers and stuff, it's pretty interesting. I've always had fun reading about those.

[URL="http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099/"]Applied Cryptography[/URL] is a good starting point to learn more about the field.

[url]http://msdn.microsoft.com/en-us/magazine/cc164055.aspx[/url] AES for .net

[url]http://www.bouncycastle.org/[/url] [editline]08:25PM[/editline] It doesn't SAY vb, but it's C# and as a .net library any .net language can use it. [editline]08:26PM[/editline] And of course there's no way to 100% secure it. If someone wants to make something else to open it, they can and will (Assuming they have the knowhow)

As a security (cryptography, specifically) expert, I would suggest you avoid creating your own encryption algorithm. Encryption algorithms are pretty difficult to come up with, if you want them to be secure. Not only that, but you sometimes can miss vulnerabilities, and this is why most algorithms are not considered secure until they have had many years of public cryptanalysis. One thing you should also stay away from is the AES finalist known as, AES. An algorithm you should use instead is known as Serpent. Serpent is a 256-bit capable block cipher which is not vulnerable to any attacks other than brute force, at this time. AES128 and AES256 are both vulnerable to practical attacks. AES128 has a small key size, which makes it a suitable target for brute force. AES256 has a related key attack and block level distinguisher vulnerability. Serpent is only vulnerable to brute force as far as the public knows; a brute force attack on a 256-bit key is pretty much pointless. Now, if you're intending to encrypt some sort of resource file or text file, to secure it from people modifying it or doing other things to your application, that's pretty much pointless. You see, people can simply modify your application or extract information from it, and obtain your encryption key; this is how the most common digital rights management systems are broken. DRM schemes usually use industry standard algorithms, but do not implement secure schemes. The problem with DRM is that the client has control of the hardware the cipher is executing on, and this means they can have it do whatever they want, really. So consider what I've written here, do a bit of research through Wikipedia, and take the suggestion of another person here, and get the book Applied Cryptography by Bruce Schneier. Applied Cryptography is a wonderfully useful book and it'll get you started on learning about all of these things. Also, make sure your encryption keys are generated using a cryptographically secure random number generator, not your typical rand(..) function. Keywords: related key attack, distinguisher, brute force, AES, Serpent, applied cryptography, bruce schenier, encryption key, cryptographically secure random number generator

You could try Huffman coding. Basically you convert all the characters to binary data. It would be impossible for other people to read the files without the program. It's still possible for someone else to make a program to decode it since Huffman coding isn't really that complex when you understand how it works. Link: [url]http://en.wikipedia.org/wiki/Huffman_coding[/url]

[QUOTE=Sakarias88;20682628]You could try Huffman coding. Basically you convert all the characters to binary data. It would be impossible for other people to read the files without the program. It's still possible for someone else to make a program to decode it since Huffman coding isn't really that complex when you understand how it works. Link: [url]http://en.wikipedia.org/wiki/Huffman_coding[/url][/QUOTE] That's compression, not encryption.

Didn't we have this thread already?

If you want to make the common xor encryption sightly more secure, use a random number generator seeded by the key, and xor by that. Don't use the default C one though, use a better one like boost's random number library. It still won't protect from disassembly though, but might make it more difficult.

[QUOTE=noctune9;20699643]If you want to make the common xor encryption sightly more secure, use a random number generator seeded by the key, and xor by that. Don't use the default C one though, use a better one like boost's random number library. It still won't protect from disassembly though, but might make it more difficult.[/QUOTE] Why would you still use xor. At least use a good stream cipher, eStream suggested HC-256. Here's example code for that bouncy castle library, should make it easy. [code]using System.IO; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Engines; using Org.BouncyCastle.Crypto.IO; using Org.BouncyCastle.Crypto.Parameters; namespace EncryptUtils { /// <summary> /// A class for simple use of HC256. /// </summary> public static class HC256Utils { /// <summary> /// Process data with the HC256 cipher. Encryption and decrytion is the same thing in this particular cipher, so there's no need for seperate functions. /// </summary> /// <param name="cipher">This is a reference to an existing, initialized HC256 engine. You can use the GetHC256 function for this if you wish.</param> /// <param name="input">This is the byte array you want to encrypt / decrypt.</param> /// <returns>The encrypted byte array.</returns> public static byte[] ProcessHC256(ref HC256Engine cipher, byte[] input) { byte[] output = new byte[input.Length]; cipher.ProcessBytes(input, 0, input.Length, output, 0); return output; } /// <summary> /// This makes a new, already set up HC256 engine. /// </summary> /// <param name="key">This is the key you want to use.</param> /// <param name="iv">This is the IV you want to use.</param> /// <returns>The initialized engine.</returns> public static HC256Engine GetHC256(byte[] key, byte[] iv) { HC256Engine cipher = new HC256Engine(); cipher.Init(true, GetIVParams(key, iv)); return cipher; } /// <summary> /// This creates a new ParametersWithIV class to set up the HC256 cipher. It's not needed outside of that one function. /// </summary> /// <param name="key">Byte array for the key.</param> /// <param name="iv">Byte array for the IV.</param> /// <returns>A new ParametersWithIV class with the specified key and IV.</returns> private static ParametersWithIV GetIVParams(byte[] key, byte[] iv) { KeyParameter keyParameter = new KeyParameter(key); ParametersWithIV IVParam = new ParametersWithIV(keyParameter, iv); return IVParam; } /// <summary> /// Creates a cipherstream to use. /// </summary> /// <param name="engine">The initalized HC256 engine.</param> /// <param name="stream">A stream to use as a backing store.</param> /// <returns></returns> public static CipherStream GetCipherStream(HC256Engine engine, Stream stream) { return new CipherStream(stream, new BufferedStreamCipher(engine), new BufferedStreamCipher(engine)); } } } [/code] [editline]09:06AM[/editline] Oh wait, it's VB. Here's reflector-converted-code. [code]Public Class HC256Utils ' Methods Public Shared Function GetCipherStream(ByVal engine As HC256Engine, ByVal stream As Stream) As CipherStream Return New CipherStream(stream, New BufferedStreamCipher(engine), New BufferedStreamCipher(engine)) End Function Public Shared Function GetHC256(ByVal key As Byte(), ByVal iv As Byte()) As HC256Engine Dim cipher As New HC256Engine cipher.Init(True, HC256Utils.GetIVParams(key, iv)) Return cipher End Function Private Shared Function GetIVParams(ByVal key As Byte(), ByVal iv As Byte()) As ParametersWithIV Return New ParametersWithIV(New KeyParameter(key), iv) End Function Public Shared Function ProcessHC256(ByRef cipher As HC256Engine, ByVal input As Byte()) As Byte() Dim output As Byte() = New Byte(input.Length - 1) {} cipher.ProcessBytes(input, 0, input.Length, output, 0) Return output End Function End Class [/code]

[QUOTE=UberMensch;20482345] Maybe multiply the number by 2 then divide by 4.[/QUOTE] Lol, or just divide by 2? But I don't know if it counts as encryption as you want, but I remember I just changed each letter to another letter. It is easy to crack if they really want to crack it but if it isn't super secret launch codes no one is going to waste time figuring it out. This was the easiest way I did it. The methods everyone else have mentioned are all viable options too and probably better.