Leaderboard

I feel a little unsure about recommending the use of this tool. I am reluctant as it just* supports OpenSSL but is not cryptographically secure these days. The OpenSSL enc command by itself is not the best option when needing to symmetrically encrypt some file. The enc Command is not secure and no cryptographer recommends it as it is outdated. Encryption in CBC/ECB or even CTR mode, are useless without an authentication step with asymmetric or symmetric signature (HMAC), because the ciphertext can be trivially tampered with and hashed recalculated and, when decrypting, no one will understand or even notice that there is something wrong with the plaintext as these modes are unauthenticated encrypted text. That's why today there are AEAD modes (Authenticated Encryption w/ Associated Data), which is the secure way to use symmetric cryptography nowadays. Well, back to AES-ECB/CBC, even more insecure than the CBC mode, is the ECB not only for not using the initialization vector, but for encrypting each block individually. This makes the Tux image a distorted image if it feels large scale. However, the CBC would also be of no use if used without IV. Both are unsafe and should be used with caution. With that in mind, and assuming that one of the two must be used, either CBC or ECB, it is necessary to take a series of precautions to avoid surprises, that is, if the user of this program is unaware of this information, it is better not to use these codes . But if, as a last resort, it is necessary to use it, it is good to keep in mind that: For repetitive texts, it's better to use CBC (no PHP and OpenSSL compatibility), or use RC4. RC4 is a very good cipher, but it has been widely misused, as in the case of WEP, where the same password was used over and over again to encrypt sequentials of identical length, which jeopardizes the security of RC4. It is good to emphasize that RC4 is considered unsafe, but because it has been misused. Likewise, the ECB has restrictions that prevent its use today, assuming that human error is also a software vulnerability. Well, duly aware, it is necessary: 1-) Do not use the same password for two different messages 2-) Do not use two different passwords for the same message 3-) Authenticate the ciphertext at least with HMAC I'm striving for compatibility and interoperability of my own tools based on OpenSSL reference which is legacy and cross platform, and I'm only going to deal with non-secret sensitive information, but like I said that's crazy. I myself wrote a tool that supplants OpenSSL and doesn't suffer from buffer* overflows and supportsAEAD modes: https://github.com/pedroalbanese/edgetk In short, if you have to deal with sensitive but not secret data, you can use these techniques. But if you are going to deal with large amounts and undertakings and possibility of adversaries and malicious intent, it is better not to use OpenSSL nor Autoit for this. (I mean, the AutoIt part is perfect, the problem is in the native Windows API in terms of encryption./cryptographically.) I mean, I intend to publish these tools but it will contain this foreshadowing..

Today, after 5 minutes of testing, I noticed that the tools worked all the time in CBC mode, to my surprise. The PHP codes worked because the Autoit code permformed CBC-encryption with null IV, which means it is decryptable by ECB mode (only the first 16-bytes for AES). As I had only tested strings shorter than 16, I didn't realize this. This is quite positive, that is, forget what I said about ECB and keep the three rules: 1-) Do not use the same password for two different messages 2-) Do not use two different passwords for the same message 3-) Authenticate the ciphertext at least with HMAC SecurityKit_AutoIt-OpenSSL contains: 1-) Hash tools, including a recursive hasher 2-) HMAC tools 3-) Bulk encryption tools (suports AES128-CBC, RC4-40 and RC4-128) Any tips are welcome. SecurityKit_AutoIt-OpenSSL.zip

@orbs wrote in this post that it's a known issue that won't be fixed, according to the (old) trac ticket 1439

Check if something like this helps you: #include <TrayConstants.au3> #include <Array.au3> HotKeySet("{ESC}", "Abort") Opt("TrayMenuMode", 3) TraySetState($TRAY_ICONSTATE_SHOW) ; Show the tray menu. Global $TrayText Global $aTray[8][2] ; Defines array to hold tray items. $aTray[0][0] = "Test 1 (Name Test 5)" $aTray[1][0] = "Test 2 (Delete Test 5)" $aTray[2][0] = "Test 3 (Restore Test 5)" $aTray[3][0] = "Test 4 (Check if Test 5 is blank or space)" $aTray[4][0] = "Test 5 Delete Me" $aTray[5][0] = "Test 6 (Check Test 5 Text)" $aTray[6][0] = "Test 7 (Read Values)" $aTray[7][0] = "Test 8 (Count Blanks)" $aTray[0][1] = TrayCreateItem($aTray[0][0]) $aTray[1][1] = TrayCreateItem($aTray[1][0]) $aTray[2][1] = TrayCreateItem($aTray[2][0]) $aTray[3][1] = TrayCreateItem($aTray[3][0]) $aTray[4][1] = TrayCreateItem($aTray[4][0]) $aTray[5][1] = TrayCreateItem($aTray[5][0]) $aTray[6][1] = TrayCreateItem($aTray[6][0]) $aTray[7][1] = TrayCreateItem($aTray[7][0]) While 1 Switch TrayGetMsg() Case $aTray[0][1] ; "Test 1" Change Test 5 Text. $TrayText = InputBox("Test", "Choose text for Test 5", "Test 5 Delete Me") TrayItemSetText($aTray[4][1], $TrayText) Case $aTray[1][1] ; "Test 2" Deletes "Test 5". TrayItemDelete($aTray[4][1]) $aTray[4][1] = 999 Case $aTray[2][1] ; "Test 3" Restores "Test 5". $aTray[4][1] = TrayCreateItem($aTray[4][0]) Case $aTray[3][1] ; "Test 4" Check if Test 5 value is blank, space, or filled. If $aTray[4][1] = "" Then MsgBox(0, "Test", "Test 5 is blank") ElseIf $aTray[4][1] = " " Then MsgBox(0, "Test", "Test 5 is not blank (space)") Else MsgBox(0, "Test", "Test 5 is assigned a value") EndIf Case $aTray[4][1] ; "Test 5" (Item to test for, during, and after deletion). MsgBox(0, "Test", "I'm here!") Case $aTray[5][1] ; "Test 6" Displays Text from Test 5 item. $Test5Text = TrayItemGetText($aTray[4]) MsgBox(0, "Test", "Test 5 Text: " & $Test5Text) Case $aTray[6][1] ; "Test 7" Displays all item values. MsgBox(0, "Test", "$aTray[0]: " & $aTray[0][1] & @CRLF & _ "$aTray[1]: " & $aTray[1][1] & @CRLF & _ "$aTray[2]: " & $aTray[2][1] & @CRLF & _ "$aTray[3]: " & $aTray[3][1] & @CRLF & _ "$aTray[4]: " & $aTray[4][1] & @CRLF & _ "$aTray[5]: " & $aTray[5][1] & @CRLF & _ "$aTray[6]: " & $aTray[6][1] & @CRLF & _ "$aTray[7]: " & $aTray[7][1] & @CRLF) Case $aTray[7][1] ; "Test 8" Counts all blanks in tray values. Global $blankCount = _ArrayFindAll($aTray, 999) If $blankCount = -1 Then If @error = 6 Then MsgBox(0, "Test", "Error, No blanks present") EndIf Else MsgBox(0, "Test", "# of blanks: " & $blankCount) EndIf EndSwitch WEnd Func Abort() Exit EndFunc ;==>Abort

If you don't want to use a quite large UDF for just a few lines of code, here a simple way to perform what you want : #AutoIt3Wrapper_Res_File_Add=Pixel.bmp, rt_bitmap, Image, 301 #include <GUIConstants.au3> #include <GuiListView.au3> #include <Constants.au3> If Not @Compiled Then Exit MsgBox($MB_SYSTEMMODAL, "Error", "This script needs to be compiled") Local $hGUI = GUICreate("test", 500, 500) Local $hListView = _GUICtrlListView_Create($hGUI, '', 30, 30, 300, 200) _GUICtrlListView_SetExtendedListViewStyle($hListView, $LVS_EX_FULLROWSELECT) GUISetState() Local $hInstance = _WinAPI_GetModuleHandle(NULL) Local $hBitmap = _WinAPI_LoadImage($hInstance, "Image", $IMAGE_BITMAP , 0, 0, 0) _GUICtrlListView_SetBkHBITMAP($hListView, $hBitmap, 0, 0, 0, True) While GUIGetMsg() <> $GUI_EVENT_CLOSE WEnd ps. use BMP as it will ease your life

TimRude, Take a look at guinness' ResourcesEx UDF - that should let you extract the image and use it. M23

... lol, I am of the same madness. Can never overengineer encryption enough. Never know when the next bug will be found