Encryption Library
The Encryption Library encodes a message string using bitwise XOR encoding. The key is combined with a random hash, and then it too gets converted using XOR. The whole thing is then encrypted using a randomly generated salt for the key. The end result is a message string that is randomized with each call to the rigEncode function, even if the supplied message and key are the same. You'll effectively end up with a double-encrypted message string, which should provide a very high degree of security.
Setting your Key
A key is a piece of information that controls the cryptographic process and permits an encrypted string to be decoded. In fact, the key you chose will provide the only means to decode data that was encrypted with that key, so not only must you choose the key carefully, you must never change it if you intend to use it for persistent data.
It goes without saying that you should guard your key carefully. Should someone gain access to your key, the data will be easily decoded. If your server is not totally under your control it's impossible to ensure key security so you may want to think carefully before using it for anything that requires high security, like storing credit card numbers.
The key should be as random a string as you can concoct, with numbers and uppercase and lowercase letters. Your key should not be a simple text string. In order to be cryptographically secure it needs to be as random as possible.
Your key can be either stored in your application/config/config.lc, or you can design your own storage mechanism and pass the key dynamically when encoding/decoding.
To save your key to your application/config/config.lc, open the file and set:
put "YOUR KEY" into gConfig["encryption_key"]
Message Length
It's important for you to know that, dependent on the chosen cipher, the encoded messages the encryption function generates will be approximately 3 to 4.5 times longer than the original message (we say "approximately" because the increase in length is not exactly linear). For example, if you encrypt the string "my super secret data", which is 20 characters in length, using blowfish you'll end up with an encoded string that is 89 characters. Keep this information in mind when selecting your data storage mechanism. Cookies, for example, can only hold 4K of information.
Initializing the Library
Like most other libraries in revIgniter, the Encryption library is initialized in your controller using the rigLoaderLoadLibrary handler:
rigLoaderLoadLibrary "Encrypt"
rigEncode()
Performs the data encryption and returns it as a string. Example:
put "My secret message" into tMsg
put rigEncode(tMsg) into tEncryptedString
You can optionally pass your encryption key via the second parameter if you don't want to use the one in your config file:
put "My secret message" into tMsg
put "superSecretKey" into tKey
put rigEncode(tMsg, tKey) into tEncryptedString
rigDecode()
Decrypts an encoded string. Example:
put "U2FsdGVkX180lz6BW4yPRwVGYoGusZ0vX7Qe3wyhcxSdCAwTHUrlGyQPpDZQ0rUX+2qoFvf+" & return & "Vew=" into tEncryptedString
put rigDecode(tEncryptedString) into tPlaintextString
You can optionally pass your encryption key via the second parameter if you don't want to use the one in your config file:
put "U2FsdGVkX1+X1ziDFFg/0bkTX9ABsfqoxyWzzhQ3Vlidx9XjCgN6Xd/0Z9G/ZLDJFbFy0KVJ" & return & "eR8=" into tEncryptedString
put "superSecretKey" into tKey
put rigDecode(tEncryptedString, tKey) into tPlaintextString
rigSetCipher
Set the cipher and the key length. The first parameter sets the cipher name and the second the key length. Example:
rigSetCipher "bf", 128
Please see LiveCode's cipherNames() function which returns a list of ciphers and their associated default key lengths in bits.
rigSetHash pType
Set the hash type to be used by the encryption library (LC server 9.0.0 dp 7 or higher required!). Possible parameter values are SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384 and SHA3-512. For backwards compatibility the default value is SHA-1. If you use server version 9.0.0 dp 7 or higher please chose a more secure flavor.
Note: This handler requires LC server 9.0.0 dp 7 or higher.