cant figure out how to encrypt/decrypt data

[Golbez]

#include <Crypt.au3>
#include <WinAPIDiag.au3>
#include <MsgBoxConstants.au3>

Global $encrypt, $g_hKey
Global $secretkey = StringToBinary(_WinAPI_UniqueHardwareID($UHID_All)), $iAlgorithm = $CALG_RC4

_Crypt_Startup()
_Crypt_DestroyKey($g_hKey) ; Destroy the cryptographic key.
$g_hKey = _Crypt_DeriveKey($secretkey, $iAlgorithm)

$data = InputBox("Data to encrypt","Enter data to encrypt")

Local $dEncrypted = _Crypt_EncryptData($data, $g_hKey, $iAlgorithm) ; Encrypt the text with the cryptographic key.
Local $dDecrypted = _Crypt_DecryptData($dEncrypted, $g_hKey, $iAlgorithm) ; Decrypt the text with the new cryptographic key.
MsgBox(0,$dEncrypted, BinaryToString($dDecrypted))

_Crypt_Shutdown()

soo im trying to learn how to encrypt data, ive made a simple script to test stuff but i cant seem to get it to work.

when i run the code and input what i want to encrypt it gives me something new everytime when it should be the same result everytime

[Golbez]

#include <Crypt.au3>
#include <WinAPIDiag.au3>
#include <MsgBoxConstants.au3>

Global $encrypt, $g_hKey
Global $secretkey = StringToBinary(_WinAPI_UniqueHardwareID($UHID_All)), $iAlgorithm = $CALG_RC4

_Crypt_Startup()
_Crypt_DestroyKey($g_hKey) ; Destroy the cryptographic key.
$g_hKey = _Crypt_DeriveKey($secretkey, $iAlgorithm)

$data = InputBox("Data to encrypt","Enter data to encrypt")

$e_data = _Crypt_EncryptData($data, $g_hKey, $CALG_USERKEY)
MsgBox(0,"Encrypted Data", $e_data)

$de_data = _Crypt_DecryptData($e_data, $g_hKey, $CALG_USERKEY)
MsgBox(0,"Decrypted Data", BinaryToString($de_data))

decided to take a new look at it and wiped the file, started over.  seems to work 

[spudw2k]

Just some advice. RC4 is not considered a secure encryption algorithm anymore.  If your goal is to use secure encryption, use AES (256 is best).

[Golbez]

ty for info

[Golbez]

On 4/6/2022 at 9:43 PM, spudw2k said:

Just some advice. RC4 is not considered a secure encryption algorithm anymore.  If your goal is to use secure encryption, use AES (256 is best).

any reason why my encrypted data changes everytime i restart my pc?

[spudw2k]

Do you have a reproducer script; one that shows how you are encrypting and decrypting the data?

[Golbez]

On 5/9/2022 at 7:31 PM, spudw2k said:

Do you have a reproducer script; one that shows how you are encrypting and decrypting the data?

i dont have a break out of the script im using it but all i changed was "$iAlgorithm = $CALG_RC4" 

i changed the key to aes as suggested and then started getting the result i said, so i changed it again to CALG_SHA_256

which i set as a global value at the top of the screen.

[spudw2k]

14 hours ago, Golbez said:

i dont have a break out of the script im using it but all i changed was "$iAlgorithm = $CALG_RC4" 

i changed the key to aes as suggested and then started getting the result i said, so i changed it again to CALG_SHA_256

which i set as a global value at the top of the screen.

SHA isn't and encryption algorithm.  SHA and MD# are hashing algorithms. 

In terms of encryption algorithms (working with the Crypt.au3 UDF), your options are RC2, RC4, DES, 3DES, AES 128, AES 192 and AES 256. *See the _Crypt_EncryptData function in the help file.

You would be best suited to use one of the AES encryption algorithms, 256 is the strongest out of them.

Edited May 12, 2022 by spudw2k

[spudw2k]

For future thread viewers; after some PM exchanges with @Golbez, we settled on a working solution which uses $CALG_AES_256 and and $CALG_USERKEY in conjunction with the _Crypt_DeriveKey function.  

Here is an example.

#include <Crypt.au3>
#include <WinAPIDiag.au3>

Global $hardwareID = _WinAPI_UniqueHardwareID($UHID_All), $g_hKey

_Crypt_Startup()

$g_hKey = _Crypt_DeriveKey(StringToBinary($hardwareID), $CALG_AES_256)
$dEnc = _Crypt_EncryptData("Encrypted Secret", $g_hKey, $CALG_USERKEY)
$dDec = _Crypt_DecryptData($dEnc, $g_hKey, $CALG_USERKEY)
ConsoleWrite("Decrypted Data using key (" & $g_hKey & "): " & BinaryToString($dDec) & @CRLF & @CRLF)

_Crypt_Shutdown()

 

[jchd]

Warning!

The code sample above will work just fine as long as the plaintext is 7-bit ASCII. Unfortunately, AutoIt uses a subset of Unicode (UCS2) and if the plaintext contains Unicode characters which have no exact counterpart in the 0x80-0xFF range of your locale Windows ANSI charset, they will be "converted" to rubbish or ?.

So Alice first needs to convert the plaintext to binary using StringToBinary with option UTF8, encrypt and send the ciphertext to Bob. Bob will decrypt and use BinaryToString with option UTF8 to convert the result to a valid AutoIt string which will then be garanteed equal to the original plaintext.

Below, vd() is a variable dump function to illustrate what happens if conversion to/from UTF8 is not done:

vd(BinaryToString(StringToBinary("mémère 3€ Μεγάλο πρόβλημα  Большая проблема  大问题  बड़ी समस्या  مشكلة كبيرة")))
vd(BinaryToString(StringToBinary("mémère 3€ Μεγάλο πρόβλημα  Большая проблема  大问题  बड़ी समस्या  مشكلة كبيرة", $SB_UTF8), $SB_UTF8))

Result in Unicode console:

String (74)              'mémère 3€ ?e???? p??ß??µa  ??????? ????????  ???  ???? ??????  ????? ?????'

String (74)              'mémère 3€ Μεγάλο πρόβλημα  Большая проблема  大问题  बड़ी समस्या  مشكلة كبيرة'

 

[jchd]

Last point: don't forget to remove the key from memory as soon as possible. Help says: The key needs to be destroyed with _Crypt_DestroyKey().