[U2] ENCRYPT in Universe

Fri, 09 Sep 2011 08:43:45 -0700 

I am exploring the Universe data encryption features...  Its my first try at
this really.
I have decent understanding off ssh and ssl, just not the U2 stuff.

My questions are...
Where is a safe place to store the "key" (as referred to in the docs) that
the function needs to do encrypting and decrypting?
How would I generate this key?
Do I use the same key every time?
Is there a thing to generate a key... like in ssh?

For example, lets say I have a program that encrypts the user's password and
then writes it to the data file like so...

*A test for storing encrypted passwords.
      OPEN \BAS.USERS\ TO f_bas_users ELSE
         CRT \Cannot open BAS.USERS file.\
         STOP
      END
*
      CRT \Enter your email address: \:
      input email_address
      CRT \Enter your password: \:
      input password
*
      key                    = \thisismykey\
      result                 = \\
      encrypt_status = \\
      encrypt_status = ENCRYPT(\des3\, 1, password, 1, key, 1, 1, \\, \\,
result, 1)
      CRT user_password
*Apparently a status of 0 is a success.  Which is just plain weird.
      IF encrypt_status = \0\ THEN
         WRITEV result ON f_bas_users,email_address,3
      END

----------------------
Now lets say I want to check the password to see if it is correct and
decrypt the data to do that...

*A test for reading encrypted passwords.
      OPEN \BAS.USERS\ TO f_bas_users ELSE
         CRT \Cannot open BAS.USERS file.\
         STOP
      END
*
      CRT \Enter your email address: \:
      input email_address
      CRT \Enter your password: \:
      input password
*
      READV stored_password FROM f_bas_users,email_address,3 ELSE
         stored_password = \\
      END
      key                    = \thisismykey\
      result                 = \\
      decrypt_status = \\
      decrypt_status = ENCRYPT(\des3\, 3, stored_password, 1, key, 1, 1, \\,
\\, result, 1) ; *This is actually decrypting, the 3 indicates that.
*Apparently a status of 0 is a success.  Which is just plain weird.
      IF decrypt_status = \0\ THEN
         CRT \This is the stored password decrypted from the file.\:result
         CRT \This is the password entered by the user.\:password
      END
----------------

So... isn't it kind of pointless to store the key in plain text in the
program?
Storing the key in plain text in the file also seems pointless?

Thoughts?

-- 
John Thompson
_______________________________________________
U2-Users mailing list
U2-Users@listserver.u2ug.org
http://listserver.u2ug.org/mailman/listinfo/u2-users

Reply via email to