I just found the document called "security" in the universe docs... I guess I better set about reading that.
On Fri, Sep 9, 2011 at 11:43 AM, John Thompson <[email protected]>wrote: > I am exploring the Universe data encryption features... Its my first try > at this really. > I have decent understanding off ssh and ssl, just not the U2 stuff. > > My questions are... > Where is a safe place to store the "key" (as referred to in the docs) that > the function needs to do encrypting and decrypting? > How would I generate this key? > Do I use the same key every time? > Is there a thing to generate a key... like in ssh? > > For example, lets say I have a program that encrypts the user's password > and then writes it to the data file like so... > > *A test for storing encrypted passwords. > OPEN \BAS.USERS\ TO f_bas_users ELSE > CRT \Cannot open BAS.USERS file.\ > STOP > END > * > CRT \Enter your email address: \: > input email_address > CRT \Enter your password: \: > input password > * > key = \thisismykey\ > result = \\ > encrypt_status = \\ > encrypt_status = ENCRYPT(\des3\, 1, password, 1, key, 1, 1, \\, \\, > result, 1) > CRT user_password > *Apparently a status of 0 is a success. Which is just plain weird. > IF encrypt_status = \0\ THEN > WRITEV result ON f_bas_users,email_address,3 > END > > ---------------------- > Now lets say I want to check the password to see if it is correct and > decrypt the data to do that... > > *A test for reading encrypted passwords. > OPEN \BAS.USERS\ TO f_bas_users ELSE > CRT \Cannot open BAS.USERS file.\ > STOP > END > * > CRT \Enter your email address: \: > input email_address > CRT \Enter your password: \: > input password > * > READV stored_password FROM f_bas_users,email_address,3 ELSE > stored_password = \\ > END > key = \thisismykey\ > result = \\ > decrypt_status = \\ > decrypt_status = ENCRYPT(\des3\, 3, stored_password, 1, key, 1, 1, > \\, \\, result, 1) ; *This is actually decrypting, the 3 indicates that. > *Apparently a status of 0 is a success. Which is just plain weird. > IF decrypt_status = \0\ THEN > CRT \This is the stored password decrypted from the file.\:result > CRT \This is the password entered by the user.\:password > END > ---------------- > > So... isn't it kind of pointless to store the key in plain text in the > program? > Storing the key in plain text in the file also seems pointless? > > Thoughts? > > -- > John Thompson > -- John Thompson _______________________________________________ U2-Users mailing list [email protected] http://listserver.u2ug.org/mailman/listinfo/u2-users
