|
Wrapping the Toolkit to Simplify Development
by Daniel Maddox, Jr. and Christopher Hemminger
NCryptoWrapper
This add-on to the Nickellie Encryption Toolkit was developed
to make it even easier to use the Encryption Toolkit to create
applications requiring encryption and decryption from Visual Basic and ASP.
It provides a simple wrapper class for use in Visual Basic and ASP.
This class provides direct support for additional data types and support
for "database-safe" encrypted strings. The class is written in
Visual Basic for ease of understanding and to simplify the example.
The concepts presented in this article could easily be extended to
cover Visual C/C++, MFC, eMbedded Visual Basic, and eMbedded Visual C/C++
projects. It is always a good idea to encapsulate
this kind of functionality to hide complexity and to make your code easier
to understand, debug, and read.
Visual Basic Example
To illustrate the use the of
the NCryptoWrapper class, we have
built an example application in Visual Basic. The example application provides
examples of using the NCryptoWrapper class to encrypt and decrypt
"safe" data, encrypt and decrypt "safe" strings, and encrypt and
decrypt files. Let’s take a look at the example. The example
application allows you to enter data to encrypt or decrypt in the
Source field, click the appropriate button for the action you
intend, and display the results in the Destination field.
Encrypt and Decrypt String Safe
These options illustrate the use of the member functions
EncryptStringSafe and DecryptStringSafe. EncryptStringSafe
can be used to encrypt a string and convert the result into a
string that is safe, i.e. that consists of only alpha-numeric
characters, for insertion into a database, record set, SQL
statement, or XML file. The code behind the EncryptStringSafe
button uses the EncryptStringSafe member function of the
NCryptoWrapper class and displays the results in the destination
field. The source code behind this button can be seen in Listing 1.
Dim obj
As New
NCryptoUtil.NCryptoWrapper
Text2.Text = obj.EncryptStringSafe(Text1.Text, "password")
|
| Listing 1 |
As you can see, using the NCryptoWrapper and the Nickellie
Encryption Toolkit makes this code very simple.
To encrypt the string, we instantiate an NCryptoWrapper object
and call EncryptStringSafe, passing the string from the Source
field (Text1.Text) and an encryption key. In this example, we use
a simple hard-coded encryption key of “password”. For increased
security in your application, you may want to implement a more secure
method for the generation and storage of your encryption keys. The
code behind each of the other buttons is very similar. Now, let’s take
a look at the wrapper class itself.
ASP Example
To illustrate the use of the NCryptoWrapper class in ASP, we have built a sample
ASP page similiar to the VB example application discussed above.
The ASP example provides examples of using the NCryptoWrapper class to
encrypt and decrypt "safe" strings. Let’s take a look at the example. The example
allows you to enter data to encrypt or decrypt in the
Source field, select Encrypt or Decrypt, click Submit, and
display the results in the Destination field.
Like the VB example, the ASP page uses EncryptStringSafe and DecryptStringSafe.
The page posts to itself, and the code to encrypt and decrypt the data can be seen
in Listing 2. As you can see, it would be fairly easy to extend this example
to write the encrypted data into database or pass it to another object for further
processing.
'data was posted to encrypt or decrypt
sourcedata = Request.Form.Item("source")
'Create an NCryptoWrapper Object
Set obj = Server.CreateObject("NCryptoUtil.NCryptoWrapper")
If Request.Form.Item("action") = "Decrypt" Then
'user selected decrypt, call DecryptStringSafe
resultdata = obj.DecryptStringSafe(sourcedata, "password")
Else
'user selected encrypt, call EncryptStringSafe
resultdata = obj.EncryptStringSafe(sourcedata, "password")
End If
| | Listing 2 |
NCryptoWrapper Class
The NCryptoWrapper class provides a simple wrapper for the NCrypto object of the Nickellie
Encryption Toolkit. The NCryptoWrapper class provides a simple but
powerful interface for adding encryption capabilities to your Visual
Basic and ASP applications. Essentially, the encryption methods of
this class do three things:
- Convert the given data to the appropriate type.
- Encrypt the data using the appropriate function call to the Nickellie Encryption Toolkit.
- Translate the data into a database safe string of alphanumeric characters.
All of the source code for this wrapper class
is included in the download of the project so you can modify as needed for your
own applications. In the example above, we used EncryptStringSafe to encrypt a
string and convert the encrypted string to a "database-safe" string. Now let’s
look at the details of this function.
EncryptDataSafe Method
The example we
discussed above used EncryptStringSafe. The EncryptStringSafe method simply call
the EncryptDataSafe method as follows:
EncryptStringSafe = EncryptDataSafe(inData, password)
|
Let’s look at the implementation of EncryptDataSafe in Listing 3.
This function accepts the data to encrypt as a string and returns the
encrypted data as a "safe" encrypted string. First, EncryptDataSafe checks the
data type of the incoming data and converts it to a Byte Array.
If (VarType(inData) = vbString) Then
'The inbound data is a string, so we must convert to an
'array first.
'Convert the String to a Byte Array
StrToByte SrcByte(), CStr(inData)
ElseIf ((VarType(inData) = vbArray + vbByte) Or_
((VarType(inData) = vbArray + vbVariant) _
And (VarType(inData(0)) = vbByte))) Then
'The inbound data is a variant array of bytes or a
'variant array of variant bytes.
'We will just copy it directly into the SrcByte array
'with a conversion.
'The inData array must be base 0
ReDim SrcByte(0 To UBound(inData))
For idx = 0 To UBound(SrcByte)
SrcByte(idx) = CByte(inData(idx))
Next
Else
Err.Raise ncNotSupported, "NCryptoUtil.NCryptoWrapper", _
"The inData argument is not a supported data type."
Exit Function
End If
| | Listing 3 |
As you can see, the above code uses the function StrToByte to convert
from a String to a Byte Array. This function has been implemented as a
private method of the NCryptoWrapper class (see Listing 4). It should
be pretty easy to extend the code to handle just about any custom data type
that you wish to handle in your own applications.
Private Sub StrToByte(dest() As Byte, src As String)
Dim idx As Integer
'We are shifting from a Base 1 String to a Base 0 Array
ReDim dest(0 To Len(src) - 1)
For idx = 1 To Len(src)
'Converts the Unicode character to an ASCII character
'and places it in the byte array
dest(idx - 1) = AscB(Mid(src, idx, 1))
Next
End Sub
| | Listing 4 |
After converting the incoming data to a Byte Array, the data
is encrypted via a call to the NCrypto object (from the Nickellie
Encryption Toolkit) as follows:
Crypto.EncryptData EncByte(), SrcByte(), _
UBound(SrcByte) + 1, pw
|
The encrypted data is returned as a Byte Array into EncByte().
This encrypted data is likely to contain characters that will cause
errors if you attempt to convert this data to a string and store it
in a database. As such, this function converts the encrypted data
to a "database-safe" encrypted string by calling the function in
Listing 5 as follows:
ByteToSafeStr EncString, EncByte()
|
Like StrToByte, ByteToSafeStr has been implemented as a private
method of the NCrytpoWrapper class. The function converts the
encrypted byte data to a string consisting of only alphanumeric
characters.
Private Sub ByteToSafeStr(dest As String, src() As Byte)
Dim idx As Integer
dest = ""
For idx = 0 To UBound(src)
'Converts the ASCII characters in the byte array into
'a safe string of Hexadecimal text
dest = dest + Right("00" + Hex(src(idx)), 2)
Next
End Sub
| | Listing 5 |
After this conversion, EncryptDataSafe returns the encrypted
safe string. The string can then be used as necessary within
the application. In the example, the string is displayed to
the screen.
Conclusion
The NCryptoWrapper class makes using the Nickellie Encryption
Toolkit’s NCrypto Object a snap from any Visual Basic or ASP
application.
Installation Notes
To install the examples discussed in the article, follow these steps:
- Download and install the Nickellie Encryption Toolkit (any version).
- Download the source code for this article which includes source code for
the NCryptoWrapper class, the VB example, and the ASP example.
- Add a new COM+ application and add the NCryptoUtil.NCryptoWrapper component and the NCrypto component to
that application. For step by step instructions, read our instructions on Configuring the NCryptoWrapper in COM+.
NOTE: To use the ASP example, you will need to install the Nickellie Encryption Toolkit on your web
server and ensure that the web user has proper permissions to make calls into the Cryptography API.
With some installations, this varies from the default settings. If the web user does not have the
necessary permissions, the example will produce a string of zeroes for any string you attempt to
encrypt. The most common solution to this problem is to grant access to advapi32.dll to the IUSR and
IWAM accounts used by IIS. If you encounter this problem on your system and need assistance, please
contact Nickellie.
|
