I am exploring the Universe data encryption features... Its my first try at this really. I have decent understanding off ssh and ssl, just not the U2 stuff.
My questions are... Where is a safe place to store the "key" (as referred to in the docs) that the function needs to do encrypting and decrypting? How would I generate this key? Do I use the same key every time? Is there a thing to generate a key... like in ssh? For example, lets say I have a program that encrypts the user's password and then writes it to the data file like so... *A test for storing encrypted passwords. OPEN \BAS.USERS\ TO f_bas_users ELSE CRT \Cannot open BAS.USERS file.\ STOP END * CRT \Enter your email address: \: input email_address CRT \Enter your password: \: input password * key = \thisismykey\ result = \\ encrypt_status = \\ encrypt_status = ENCRYPT(\des3\, 1, password, 1, key, 1, 1, \\, \\, result, 1) CRT user_password *Apparently a status of 0 is a success. Which is just plain weird. IF encrypt_status = \0\ THEN WRITEV result ON f_bas_users,email_address,3 END ---------------------- Now lets say I want to check the password to see if it is correct and decrypt the data to do that... *A test for reading encrypted passwords. OPEN \BAS.USERS\ TO f_bas_users ELSE CRT \Cannot open BAS.USERS file.\ STOP END * CRT \Enter your email address: \: input email_address CRT \Enter your password: \: input password * READV stored_password FROM f_bas_users,email_address,3 ELSE stored_password = \\ END key = \thisismykey\ result = \\ decrypt_status = \\ decrypt_status = ENCRYPT(\des3\, 3, stored_password, 1, key, 1, 1, \\, \\, result, 1) ; *This is actually decrypting, the 3 indicates that. *Apparently a status of 0 is a success. Which is just plain weird. IF decrypt_status = \0\ THEN CRT \This is the stored password decrypted from the file.\:result CRT \This is the password entered by the user.\:password END ---------------- So... isn't it kind of pointless to store the key in plain text in the program? Storing the key in plain text in the file also seems pointless? Thoughts? -- John Thompson _______________________________________________ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users