I have a small product in tcl, and I want to somehow "obfuscate" the data files it uses (txt files). For the tcl code I am going to use ActiveState's TDK.
Is there an extension that will allow me to obfuscate/encrypt a text file?
Στις 6/10/2012 10:53 πμ, ο/η George Petasis έγραψε:
> Hi all,
> I have a small product in tcl, and I want to somehow "obfuscate" the
> data files it uses (txt files). For the tcl code I am going to use
> ActiveState's TDK.
> Is there an extension that will allow me to obfuscate/encrypt a text file?
> I have a small product in tcl, and I want to somehow "obfuscate" the
> data files it uses (txt files). For the tcl code I am going to use
> ActiveState's TDK.
> Is there an extension that will allow me to obfuscate/encrypt a text file?
why do you want to obfuscate the data files? Is it only to keep a casual user from inspecting it, or do you want to achieve some security?
If the first case, I recommend the approach used by OO, Word and many other commercial packages: Create a zip file, e.g. using
and just store it with a file name other than .zip. This has the big advantage, that on request from the users, you can simply unzip this file and inspect it without any hassle.
ZIP also supports simple encryption, but this is not handled by the code on the wiki. The additional benefit of ZIP is that you can store more complex documents as logical folders.
Christian
PS: Last time I checked, mkzip on the wiki had some bug that prevented file names with spaces. I should check the patched version in our commercial software to update the wiki
The user of the product is a computer engineer. Just opening it in a text editor, the fact that it is a zip file will show. And then it will be easy to get the contents.
The text files contain an electronic dictionary, and I want to protect this.
George
Στις 6/10/2012 12:38 μμ, ο/η Christian Gollwitzer έγραψε:
> Am 06.10.12 09:53, schrieb George Petasis:
>> I have a small product in tcl, and I want to somehow "obfuscate" the
>> data files it uses (txt files). For the tcl code I am going to use
>> ActiveState's TDK.
>> Is there an extension that will allow me to obfuscate/encrypt a text
>> file?
> why do you want to obfuscate the data files? Is it only to keep a casual
> user from inspecting it, or do you want to achieve some security?
> If the first case, I recommend the approach used by OO, Word and many
> other commercial packages: Create a zip file, e.g. using
> and just store it with a file name other than .zip. This has the big
> advantage, that on request from the users, you can simply unzip this
> file and inspect it without any hassle.
> ZIP also supports simple encryption, but this is not handled by the code
> on the wiki. The additional benefit of ZIP is that you can store more
> complex documents as logical folders.
> Christian
> PS: Last time I checked, mkzip on the wiki had some bug that prevented
> file names with spaces. I should check the patched version in our
> commercial software to update the wiki
> The user of the product is a computer engineer. Just opening it in a
> text editor, the fact that it is a zip file will show. And then it will
> be easy to get the contents.
> The text files contain an electronic dictionary, and I want to protect
> this.
So the files are constant data, and not the storage format of the data created by the user?
I assume that you know that DRM can never be made secure enough to protect an experienced hacker. One of the simplest attacks would be to automate the programs GUI.
Having said that, you should at least use a well-tested strong cryptoalgorithm, like AES (which is in tcllib), with a random key such that simple inspection of the "compiled" program using strings and such does not reveal the key.
You can/should also store constant data inside the VFS of the starpack, to obfuscate which part of the program contains the interesting data.
> The user of the product is a computer engineer. Just opening it in a
> text editor, the fact that it is a zip file will show. And then it will
> be easy to get the contents.
> The text files contain an electronic dictionary, and I want to protect
> this.
It's difficult to protect in this case. The simplest method is to not
actually give them the data, but instead give them a service that they
have to authenticate to in order to use. You can host the service on
your own hardware (or in the cloud or wherever) and keep the overall
dataset safe, and the main worry then becomes one of billing. ;-) The
downside is that it means that the dictionary isn't usable offline, but
putting up a service is much less obnoxious than DRM, and far easier to do.
> On 06/10/2012 11:34, George Petasis wrote:
>> The user of the product is a computer engineer. Just opening it in a
>> text editor, the fact that it is a zip file will show. And then it will
>> be easy to get the contents.
>> The text files contain an electronic dictionary, and I want to protect
>> this.
> It's difficult to protect in this case. The simplest method is to not
> actually give them the data, but instead give them a service that they
> have to authenticate to in order to use. You can host the service on
> your own hardware (or in the cloud or wherever) and keep the overall
> dataset safe, and the main worry then becomes one of billing. ;-) The
> downside is that it means that the dictionary isn't usable offline, but
> putting up a service is much less obnoxious than DRM, and far easier to do.
> Donal.
The customer already uses a web service. The problem is that I have to ship my machine to his premises :D
> The customer already uses a web service. The problem is that I have to
> ship my machine to his premises :D
Machines I am not so sure of but there are several packages in tcllib that do encryption. This page may be a good start: http://wiki.tcl.tk/2198 . As others have stated, the best is a simple obfuscation to protect from casual users. For that, a simple base64 encode/decode may be more than sufficient.
