AutoHotkey Homepage AutoHotkey Community
Let's help each other out
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

AES Encrypt/Decrypt of A File in WXP or Higher
Goto page 1, 2  Next
 
Post new topic   Reply to topic    AutoHotkey Community Forum Index -> Scripts & Functions
View previous topic :: View next topic  
Author Message
Sean



Joined: 12 Feb 2007
Posts: 1247
PostPosted: Sun Sep 30, 2007 6:43 am    Post subject: AES Encrypt/Decrypt of A File in WXP or Higher Reply with quote
This script requires Windows XP or higher, and tested only on XPSP2.
It'll encrypt/decrypt a file using AES-128/192/256. This time, Password based only.
If there is sufficient interest, I'll extend it further, probably rewite it.

DOWNLOAD AES.ahk.
Require StandardLibrary File.ahk.
Back to top
View user's profile Send private message
olfen



Joined: 04 Jun 2005
Posts: 99
Location: Stuttgart, Germany
PostPosted: Sun Sep 30, 2007 7:39 am    Post subject: Reply with quote
Nice! Does the API also provide funtions to use the cipher in different modes of operation? What padding scheme is involved?
Back to top
View user's profile Send private message Visit poster's website
Sean



Joined: 12 Feb 2007
Posts: 1247
PostPosted: Sun Sep 30, 2007 8:08 am    Post subject: Reply with quote
olfen wrote:
Does the API also provide funtions to use the cipher in different modes of operation? What padding scheme is involved?

It's implemented at the minimum, i.e., to use the defaults: CRYPT_MODE_CBC for cipher mode and PKCS5_PADDING for padding.
You may easily change the cipher mode and padding scheme using CryptSetKeyParam, but, looks like PKCS5_PADDING is the only padding method supported according to the documentation, however different methods are also defined in the header file.

Code:
// KP_PADDING
#define PKCS5_PADDING           1       // PKCS 5 (sec 6.2) padding method
#define RANDOM_PADDING          2
#define ZERO_PADDING            3

// KP_MODE
#define CRYPT_MODE_CBC          1       // Cipher block chaining
#define CRYPT_MODE_ECB          2       // Electronic code book
#define CRYPT_MODE_OFB          3       // Output feedback mode
#define CRYPT_MODE_CFB          4       // Cipher feedback mode
#define CRYPT_MODE_CTS          5       // Ciphertext stealing mode
Back to top
View user's profile Send private message
olfen



Joined: 04 Jun 2005
Posts: 99
Location: Stuttgart, Germany
PostPosted: Sun Sep 30, 2007 12:54 pm    Post subject: Reply with quote
Thanks for the valueable info.
Is it CryptDeriveKey generating the initialization vector? I remember Laszlo saying that there should be no correlation between IV and the first plaintext block, this is obviously not the case here, but if I get it right, there is a correlation between the key and the IV, as the IV (which is public) is derived from the hash of the password.
I wonder if this is a problem. Also the derived IV appears to always be the same, when encrypting the same data repeatedly, no SALT in it.
Back to top
View user's profile Send private message Visit poster's website
Sean



Joined: 12 Feb 2007
Posts: 1247
PostPosted: Sun Sep 30, 2007 2:53 pm    Post subject: Reply with quote
olfen wrote:
Is it CryptDeriveKey generating the initialization vector? I remember Laszlo saying that there should be no correlation between IV and the first plaintext block, this is obviously not the case here, but if I get it right, there is a correlation between the key and the IV, as the IV (which is public) is derived from the hash of the password.
I wonder if this is a problem. Also the derived IV appears to always be the same, when encrypting the same data repeatedly, no SALT in it.

I think IV is zero defaultly, but not so sure. I entered this subject only yesterday. Laszlo may shed a light on this.
BTW, CryptSetKeyParam has parameter values KP_SALT, KP_SALT_EX, and KP_IV which can be used with this block cipher session key, so may control these if necessary, probably in conjunction with CryptGenRandom.
Back to top
View user's profile Send private message
olfen



Joined: 04 Jun 2005
Posts: 99
Location: Stuttgart, Germany
PostPosted: Sun Sep 30, 2007 3:07 pm    Post subject: Reply with quote
Sean wrote:
BTW, CryptSetKeyParam has parameter values KP_SALT, KP_SALT_EX, and KP_IV which can be used with this block cipher session key, so may control these if necessary, probably in conjunction with CryptGenRandom.
Looking good, CryptGenKey seems to let us generate an IV directly.
Back to top
View user's profile Send private message Visit poster's website
Sean



Joined: 12 Feb 2007
Posts: 1247
PostPosted: Sun Sep 30, 2007 3:29 pm    Post subject: Reply with quote
olfen wrote:
CryptGenKey seems to let us generate an IV directly.

CryptGenKey can't be used with Password, however.
Anyway, that will be the next generation/extension, may be called key file/data based, if there is a sufficient interest.
Back to top
View user's profile Send private message
olfen



Joined: 04 Jun 2005
Posts: 99
Location: Stuttgart, Germany
PostPosted: Sun Sep 30, 2007 3:49 pm    Post subject: Reply with quote
Sorry, I think I was wrong on CryptGenKey: It generates a session key\password and no IV.
CryptSetKeyParam can be passed a pointer to an IV, which we can choose\create ourselfes. IV and key are two seperate things, both needed when not using the cipher in ECB mode.
If not provided IV defaults to 0, as you mentioned before.

As you have written before, we can probably call CryptGenRandom to get our 16 byte IV and pass the pointer to the buffer to CryptSetKeyParam.
Back to top
View user's profile Send private message Visit poster's website
Laszlo



Joined: 14 Feb 2005
Posts: 3942
Location: Pittsburgh
PostPosted: Sun Sep 30, 2007 6:06 pm    Post subject: Reply with quote
Great work! Thanks, Sean!

As I understand, this version takes a password and hashes it to create an encryption key, to be used to encrypt a file (or any buffer in memory). This could be the most important application.

Often we need to encrypt several files with the same key. Some execution time could be saved, if the key object could be generated (and destroyed when not needed) outside of the Crypt_AES function, but a user could break up the script himself, easily.

For testing (and for saving some processing), it would be very useful if a raw key, stored in a binary buffer of 128/192/256 bit length could be turned to a key object. This looks harder. Does the crypto API has a function for this?
Back to top
View user's profile Send private message
Sean



Joined: 12 Feb 2007
Posts: 1247
PostPosted: Mon Oct 01, 2007 1:27 am    Post subject: Reply with quote
Laszlo wrote:
For testing (and for saving some processing), it would be very useful if a raw key, stored in a binary buffer of 128/192/256 bit length could be turned to a key object. This looks harder. Does the crypto API has a function for this?

There exist functions CryptExportKey and CryptImportKey which I believe are doing the jobs.
BTW, to be able to export the key, have to set the flag CRYPT_EXPORTABLE (0x1) in CryptDeriveKey, which is currently not set in the script.

I did a quick test, and strangely did not work with the flag SIMPLEBLOB (0x1) but did work with PLAINTEXTKEYBLOB (0x8) when exporting this session key.

PS. I forgot to post the code:
Code:
; SID: 128, 192, 256   
nSize := 8 + 4 + SID//8      ; BLOBHEADER + Key-Length (in Bytes) + Key
VarSetCapacity(bKeyBlob, nSize)

; Export Key
DllCall("advapi32\CryptExportKey", "Uint", hKey, "Uint", 0, "Uint", 8, "Uint", 0, "Uint", &bKeyBlob, "UintP", nSize)

; Import Key
DllCall("advapi32\CryptImportKey", "Uint", hProv, "Uint", &bKeyBlob, "Uint", nSize, "Uint", 0, "Uint", 0, "UintP", hKey)


Last edited by Sean on Mon Oct 01, 2007 9:12 am; edited 1 time in total
Back to top
View user's profile Send private message
Sean



Joined: 12 Feb 2007
Posts: 1247
PostPosted: Mon Oct 01, 2007 4:57 am    Post subject: Reply with quote
I switched the order of the parameters sPassword and SID.
I hope it cause not much inconvenience.
Back to top
View user's profile Send private message
majkinetor



Joined: 24 May 2006
Posts: 3592
Location: Belgrade
PostPosted: Mon Oct 01, 2007 10:08 am    Post subject: Reply with quote
Thank you.
_________________
Back to top
View user's profile Send private message MSN Messenger
air
Guest
PostPosted: Sun Oct 07, 2007 2:17 pm    Post subject: Reply with quote
hi, can anybody to this thread show me how to invoke this to encrypt a file?
Back to top
Sean



Joined: 12 Feb 2007
Posts: 1247
PostPosted: Sun Oct 07, 2007 11:16 pm    Post subject: Reply with quote
air wrote:
hi, can anybody to this thread show me how to invoke this to encrypt a file?

There is an example in the script AES.ahk, or here:
http://www.autohotkey.com/forum/topic19608-15.html
Back to top
View user's profile Send private message
FrankBuurman
Guest
PostPosted: Mon Oct 15, 2007 1:58 pm    Post subject: Easy Encryption ? Reply with quote
Hi

I was trying to implement encryption, but it's unclear how to encrypt in the resulting exe (my password has to be filled in a shadowed textfield, without anyone giving the opportunity to read it)

Could you give a simple example how to implement the mods you made ?

thnx lot !
Cool
Back to top
Display posts from previous:   
Post new topic   Reply to topic    AutoHotkey Community Forum Index -> Scripts & Functions All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum


Powered by phpBB © 2001, 2005 phpBB Group