Hi all,
Has anyone used Crypt32.dll to generate SHA256 level encrpyted data.
If so, can someone enlighten me as to the dll declarations required and any code examples would be gratefully received.
I am on the 9.3.2 software and have looked at the RTI_CRYPTO function, but this appears to not include any SHA256 level encryption.
TIA
Keith
Hi Keith,
Included in OpenInsight 9.3.2 is Data Encryption at Rest. Please see the following document: OpenInsight Data Encryption (RTIDER).
Robert Catalano | Revelation Software
Director of Sales
99 Kinderkamack Road | First Floor | Westwood, NJ 07675 USA
V: +1 800.262.4747 | F: +1 201.722.9815
Hi Robert,
I dont believe RTIDER will use SHA 256 specifically at present. however, I have received an email from Bill C stating that he has received an update that includes this. I am waiting on this before going any further on this.
Thanks
Keith
Hi Keith,
RTI_CRYPTO implements SHA_1, which is not SHA256. So, the update that I provided to Bill will not quite get you there.
I'll get you another example.
Hi Keith,
We will add support for SHA256 to RTI_Crypto in a future release.
In the meantime, here is an example of how to implement it in your own application.
The trick is to employ the open source encryption libraries available at https://code.google.com/p/crypto-js/ and activate them using the windows scripting host. See the RTI_SHA256_EXAMPLE below.
The crypto-js library has a raft of hashing and cipher functions, all of which can be implemented in OpenInsight using a variation on this example.
Function RTI_SHA256_EXAMPLE(method, param1,param2,param3) /* ** SHA256 is considered secure as of 30Jan2013 ** This example uses an open source ( BDS License) javascript library to implement SHA256 in OpenInsight. ** See code.google.com/p/crypto-js ** ** Download the latest crypto-js.vxxx.zip ** Unzip it ** Open the Rollups folder ** Open the SHA256.js file using notepad ** Create an insert named RTI_CRYPTOJS_SHA256_EXAMPLE_JS ** Line 1 is compile insert RTI_CRYPTOJS_SHA256_EXAMPLE_ ** paste the contents of the SHA256.js file into the insert, then save it. ** copy, paste and compile this program ** ** usage: hexEncodedHash = RTI_SHA256_Example('hex_sha256', plainTextValue) */ Declare Function repository $Insert Logical Equ crlf$ To \0D0A\ common /rti_SHA256_example_com/ oScript,bInitialized, oCrypto if assigned(bInitialized) else bInitialized = '' If bInitialized = 1 Else Gosub Init End If Assigned(method) Else method = '' retval = '' Begin Case Case method _eqc 'hex_sha256' s = If Assigned(param1) Then param1 Else '' status = ( s # '' ) If status then * use the crypt object to do the work * It returns another object of type WordArray wordArray = OleCallMethod( oCrypto, 'SHA256', s) status = ( olestatus() eq 0 ) End If status then * Use the stringify method of the wordArray. * It emits a hex-encoded version of the hash hexString = OleCallMEthod(wordArray, 'toString') status = ( olestatus() eq 0 ) End If status then transfer hexString To retval end End Case Return retval Init: * Create the host control, use a common variable so it will persist oScript = OLECreateInstance("MSScriptControl.ScriptControl") oScript->Language = "JScript" codeObject = '' oCrypto = '' * Add the JavaScript Library obtained from google.code work = Repository('ACCESS', 'SYSPROG*STPROCINS**RTI_CRYPTOJS_SHA256_EXAMPLE_JS') status = ( work # '' ) If status then Swap crlf$ With @fm In work jsCode = Delete(work, 1, 0,0) Swap @fm With crlf$ In jscode x = oScript->AddCode( jsCode ) status = ( olestatus() eq 0 ) End * Extract the Crypto object so we can use it as its own full fledged OLE object If status then codeObject = oScript->CodeObject oCrypto = OleGetProperty(codeObject, 'CryptoJS') status = ( olestatus() eq 0 ) End bInitialized = status return
Hi Robert,
I dont believe RTIDER will use SHA 256 specifically at present. however, I have received an email from Bill C stating that he has received an update that includes this. I am waiting on this before going any further on this.
Thanks
Keith
Hi, Keith. I'm wondering, if I may, what you're planning to use the SHA256 encryption for? Perhaps we can help discover if there's a different, less difficult (for you to implement) approach to take that will accomplish the same purpose?
Thanks,
- Bryan Shumsky
Hi Brian
Thanks for the response.
Unfortunately we need to use SHA256 encryption as this is a requirement of a UK government department when sending certain personal data to them.
Keith
Hi Bob,
Many thanks for the coding suggestion, however in the initialise coding you refer to the addcode method
Is this something that should automatically work within OI9.3.2, or is there something I need to do to make this work.
If the latter, can you give me some pointers please, if the former, then I am missing something somewhere …
On testing
x = oScript->AddCode(jsCode)Status = (OleStatus() = 0)OleStatus() returns -2147352567
I should add that this has been tested on both Windows XP and Windows 7 with the same results
Thanks
Keith
Hi Bob,
Further to previously …
I have managed to get a stage further … by using the source version of the download from the website, http://crypto-js.googlecode.com/svn/tags/3.1.2/src/SHA256.js, and removing the starting and trailing parentheses I now get past the AddCode problem. When opened from the unzipped version the contents still appear to be compressed / unformatted.
However, I now fall down on the following section,
CodeObject = oScript->CodeObjectoCrypto = OleGetProperty(CodeObject, 'CryptoJS')Status = (OleStatus() = 0)CodeObject is reported as <idispatch>, which seems reasonable, however the OleStatus() reports error code -2147352570
I have also tried using the pre-supplied insert 'SYSPROG*STPROCINS**RTI_HASHTABLE2_SCRIPT' and this generates the same error
I am guessing that there may be an issue with the ‘CryptoJS’ property … ??
I have tried with some obvious variations on this but with no luck
Regards
Keith
Hi Keith,
The OLE error on addcode means that there is an error in the script. I'm guessing that your insert is not correct. I should be identical to the one shown below. I put an RDK of my program and insert on google drive. See RDK_SHA256_EXAMPLE_20130201
FWIW Addcode is a method on the windows scripting host, not OpenInsight. What I am doing here is embedding the windows scripting host in an OI program, then using it to expose javascript functions to OI as if they were basic+ programs. This is a very powerful technique. It means that all of the JavaScript libraries on Google code or other repositories are available to us. In the case of encryption, using open source public libraries from google code means that an auditor should accept that the encryption is implemented correctly.
compile Insert RTI_CRYPTOJS_SHA256_EXAMPLE_JS /* CryptoJS v3.1.2 code.google.com/p/crypto-js (c) 2009-2013 by Jeff Mott. All rights reserved. code.google.com/p/crypto-js/wiki/License */ var CryptoJS=CryptoJS||function(h,s){var f={},t=f.lib={},g=function(){},j=t.Base={extend:function(a){g.prototype=this;var c=new g;a&&c.mixIn(a);c.hasOwnProperty("init")||(c.init=function(){c.$super.init.apply(this,arguments)});c.init.prototype=c;c.$super=this;return c},create:function(){var a=this.extend();a.init.apply(a,arguments);return a},init:function(){},mixIn:function(a){for(var c in a)a.hasOwnProperty(c)&&(this[c]=a[c]);a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.init.prototype.extend(this)}}, q=t.WordArray=j.extend({init:function(a,c){a=this.words=a||[];this.sigBytes=c!=s?c:4*a.length},toString:function(a){return(a||u).stringify(this)},concat:function(a){var c=this.words,d=a.words,b=this.sigBytes;a=a.sigBytes;this.clamp();if(b%4)for(var e=0;e<a;e++)c[b+e>>>2]|=(d[e>>>2]>>>24-8*(e%4)&255)<<24-8*((b+e)%4);else if(65535<d.length)for(e=0;e<a;e+=4)c[b+e>>>2]=d[e>>>2];else c.push.apply(c,d);this.sigBytes+=a;return this},clamp:function(){var a=this.words,c=this.sigBytes;a[c>>>2]&=4294967295<< 32-8*(c%4);a.length=h.ceil(c/4)},clone:function(){var a=j.clone.call(this);a.words=this.words.slice(0);return a},random:function(a){for(var c=[],d=0;d<a;d+=4)c.push(4294967296*h.random()|0);return new q.init(c,a)}}),v=f.enc={},u=v.Hex={stringify:function(a){var c=a.words;a=a.sigBytes;for(var d=[],b=0;b<a;b++){var e=c[b>>>2]>>>24-8*(b%4)&255;d.push((e>>>4).toString(16));d.push((e&15).toString(16))}return d.join("")},parse:function(a){for(var c=a.length,d=[],b=0;b<c;b+=2)d[b>>>3]|=parseInt(a.substr(b, 2),16)<<24-4*(b%8);return new q.init(d,c/2)}},k=v.Latin1={stringify:function(a){var c=a.words;a=a.sigBytes;for(var d=[],b=0;b<a;b++)d.push(String.fromCharCode(c[b>>>2]>>>24-8*(b%4)&255));return d.join("")},parse:function(a){for(var c=a.length,d=[],b=0;b<c;b++)d[b>>>2]|=(a.charCodeAt(b)&255)<<24-8*(b%4);return new q.init(d,c)}},l=v.Utf8={stringify:function(a){try{return decodeURIComponent(escape(k.stringify(a)))}catch(c){throw Error("Malformed UTF-8 data");}},parse:function(a){return k.parse(unescape(encodeURIComponent(a)))}}, x=t.BufferedBlockAlgorithm=j.extend({reset:function(){this._data=new q.init;this._nDataBytes=0},_append:function(a){"string"==typeof a&&(a=l.parse(a));this._data.concat(a);this._nDataBytes+=a.sigBytes},_process:function(a){var c=this._data,d=c.words,b=c.sigBytes,e=this.blockSize,f=b/(4*e),f=a?h.ceil(f):h.max((f|0)-this._minBufferSize,0);a=f*e;b=h.min(4*a,b);if(a){for(var m=0;m<a;m+=e)this._doProcessBlock(d,m);m=d.splice(0,a);c.sigBytes-=b}return new q.init(m,b)},clone:function(){var a=j.clone.call(this); a._data=this._data.clone();return a},_minBufferSize:0});t.Hasher=x.extend({cfg:j.extend(),init:function(a){this.cfg=this.cfg.extend(a);this.reset()},reset:function(){x.reset.call(this);this._doReset()},update:function(a){this._append(a);this._process();return this},finalize:function(a){a&&this._append(a);return this._doFinalize()},blockSize:16,_createHelper:function(a){return function(c,d){return(new a.init(d)).finalize(c)}},_createHmacHelper:function(a){return function(c,d){return(new w.HMAC.init(a, d)).finalize(c)}}});var w=f.algo={};return f}(Math); (function(h){for(var s=CryptoJS,f=s.lib,t=f.WordArray,g=f.Hasher,f=s.algo,j=[],q=[],v=function(a){return 4294967296*(a-(a|0))|0},u=2,k=0;64>k;){var l;a:{l=u;for(var x=h.sqrt(l),w=2;w<=x;w++)if(!(l%w)){l=!1;break a}l=!0}l&&(8>k&&(j[k]=v(h.pow(u,0.5))),q[k]=v(h.pow(u,1/3)),k++);u++}var a=[],f=f.SHA256=g.extend({_doReset:function(){this._hash=new t.init(j.slice(0))},_doProcessBlock:function(c,d){for(var b=this._hash.words,e=b[0],f=b[1],m=b[2],h=b[3],p=b[4],j=b[5],k=b[6],l=b[7],n=0;64>n;n++){if(16>n)a[n]= c[d+n]|0;else{var r=a[n-15],g=a[n-2];a[n]=((r<<25|r>>>7)^(r<<14|r>>>18)^r>>>3)+a[n-7]+((g<<15|g>>>17)^(g<<13|g>>>19)^g>>>10)+a[n-16]}r=l+((p<<26|p>>>6)^(p<<21|p>>>11)^(p<<7|p>>>25))+(p&j^~p&k)+q[n]+a[n];g=((e<<30|e>>>2)^(e<<19|e>>>13)^(e<<10|e>>>22))+(e&f^e&m^f&m);l=k;k=j;j=p;p=h+r|0;h=m;m=f;f=e;e=r+g|0}b[0]=b[0]+e|0;b[1]=b[1]+f|0;b[2]=b[2]+m|0;b[3]=b[3]+h|0;b[4]=b[4]+p|0;b[5]=b[5]+j|0;b[6]=b[6]+k|0;b[7]=b[7]+l|0},_doFinalize:function(){var a=this._data,d=a.words,b=8*this._nDataBytes,e=8*a.sigBytes; d[e>>>5]|=128<<24-e%32;d[(e+64>>>9<<4)+14]=h.floor(b/4294967296);d[(e+64>>>9<<4)+15]=b;a.sigBytes=4*d.length;this._process();return this._hash},clone:function(){var a=g.clone.call(this);a._hash=this._hash.clone();return a}});s.SHA256=g._createHelper(f);s.HmacSHA256=g._createHmacHelper(f)})(Math);
Hi Bob
Thanks very much for your help.
I have now got it working. I think it may have been a glitch in copying some of the code around.
Regards
Keith