[flexcoders] SWF Encryption using the Local Encrypted Store

[arieljake]

Hi all, I need some help from the community with this. I am very close to a 
solution, but may have hit a snag.

The accepted approach for encrypting an AIR app is to deliver an encrypted swf 
with a wrapper that decrypts and loads the child.

The issue becomes how/where to store the decryption key for the wrapper to use 
when loading the child.

Nitro-LM / Simplified Logic embeds the key in wrapper and uses proprietary 
methods to make extracting that key difficult.

Here is the alternative I am playing with:

Company X create a simple program compiled with the same product id and AIR 
certificate as the program they are distributing to generate at home base the 
files for an empty Encrypted Local Store that has had the encryption key added 
to it. Then, the Encrypted Local Store files created by AIR are added to the 
AIR file - these files are encrypted with AIR's encryption mechanism. When the 
AIR file is installed, these files are then copied by the wrapper into the 
Encrypted Local Store directory and then read from using the AIR API for the 
Encrypted Local Store - and voila - the wrapper has the decryption key and the 
key is never transmitted in clear text.

I tried this and it seemed to work, but then it seems as if it doesn't work 
from one computer to the next - AIR seems to encrypt the ELS files with a 
formula that includes the program ID, the AIR certificate, AND the user's 
computer id, which prevents the company from distributing the original ELS 
files. 

Can only Adobe verify whether this solution will work? Can anyone lend insight 
/ advice on this? Thanks.

Re: [flexcoders] SWF Encryption using the Local Encrypted Store

[Kevin F. Benz]

We also found that the encrypted local store wasn¹t effective for
pre-popluated or user persisted data. We ended up building our own encrypted
container as we needed to be able to allow a user to backup and recover it
as data in the ELS directory isn¹t necessarily available to the Vista user
without administrative privileges.
K

On 6/2/09 10:23 AM, arieljake arielj...@yahoo.com wrote:
 
 Hi all, I need some help from the community with this. I am very close to a
 solution, but may have hit a snag.
 
 The accepted approach for encrypting an AIR app is to deliver an encrypted swf
 with a wrapper that decrypts and loads the child.
 
 The issue becomes how/where to store the decryption key for the wrapper to use
 when loading the child.
 
 Nitro-LM / Simplified Logic embeds the key in wrapper and uses proprietary
 methods to make extracting that key difficult.
 
 Here is the alternative I am playing with:
 
 Company X create a simple program compiled with the same product id and AIR
 certificate as the program they are distributing to generate at home base the
 files for an empty Encrypted Local Store that has had the encryption key added
 to it. Then, the Encrypted Local Store files created by AIR are added to the
 AIR file - these files are encrypted with AIR's encryption mechanism. When the
 AIR file is installed, these files are then copied by the wrapper into the
 Encrypted Local Store directory and then read from using the AIR API for the
 Encrypted Local Store - and voila - the wrapper has the decryption key and the
 key is never transmitted in clear text.
 
 I tried this and it seemed to work, but then it seems as if it doesn't work
 from one computer to the next - AIR seems to encrypt the ELS files with a
 formula that includes the program ID, the AIR certificate, AND the user's
 computer id, which prevents the company from distributing the original ELS
 files. 
 
 Can only Adobe verify whether this solution will work? Can anyone lend insight
 / advice on this? Thanks.
 
   
 
 
 
 
 Kevin F. Benz
 kb...@kbenz.com425-785-7100
 http://www.kbenz.com
 
 We can't solve problems by using the same kind of thinking we used when we
 created them - Albert Einstein