Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Encrypt a text file?
98 views
Skip to first unread message
George Petasis
Oct 6, 2012, 3:53:52 AM10/6/12
to
Hi all,
I have a small product in tcl, and I want to somehow "obfuscate" the
data files it uses (txt files). For the tcl code I am going to use
ActiveState's TDK.
Is there an extension that will allow me to obfuscate/encrypt a text file?
George
I have a small product in tcl, and I want to somehow "obfuscate" the
data files it uses (txt files). For the tcl code I am going to use
ActiveState's TDK.
Is there an extension that will allow me to obfuscate/encrypt a text file?
George
George Petasis
Oct 6, 2012, 4:38:30 AM10/6/12
to
http://docs.activestate.com/activetcl/8.6/tcllib/virtchannel_transform/otp.html
Is this something that can be used in practice, or an exercise like
tcl::transform::rot?
George
Christian Gollwitzer
Oct 6, 2012, 5:38:22 AM10/6/12
to
Hi George,
Am 06.10.12 09:53, schrieb George Petasis:
why do you want to obfuscate the data files? Is it only to keep a casual
user from inspecting it, or do you want to achieve some security?
If the first case, I recommend the approach used by OO, Word and many
other commercial packages: Create a zip file, e.g. using
http://wiki.tcl.tk/15158
and just store it with a file name other than .zip. This has the big
advantage, that on request from the users, you can simply unzip this
file and inspect it without any hassle.
ZIP also supports simple encryption, but this is not handled by the code
on the wiki. The additional benefit of ZIP is that you can store more
complex documents as logical folders.
Christian
PS: Last time I checked, mkzip on the wiki had some bug that prevented
file names with spaces. I should check the patched version in our
commercial software to update the wiki
Am 06.10.12 09:53, schrieb George Petasis:
user from inspecting it, or do you want to achieve some security?
If the first case, I recommend the approach used by OO, Word and many
other commercial packages: Create a zip file, e.g. using
http://wiki.tcl.tk/15158
and just store it with a file name other than .zip. This has the big
advantage, that on request from the users, you can simply unzip this
file and inspect it without any hassle.
ZIP also supports simple encryption, but this is not handled by the code
on the wiki. The additional benefit of ZIP is that you can store more
complex documents as logical folders.
Christian
PS: Last time I checked, mkzip on the wiki had some bug that prevented
file names with spaces. I should check the patched version in our
commercial software to update the wiki
George Petasis
Oct 6, 2012, 6:34:56 AM10/6/12
to
Dear Christian,
The user of the product is a computer engineer. Just opening it in a
text editor, the fact that it is a zip file will show. And then it will
be easy to get the contents.
The text files contain an electronic dictionary, and I want to protect this.
George
The user of the product is a computer engineer. Just opening it in a
text editor, the fact that it is a zip file will show. And then it will
be easy to get the contents.
The text files contain an electronic dictionary, and I want to protect this.
George
Christian Gollwitzer
Oct 6, 2012, 6:48:45 AM10/6/12
to
Hi George,
Am 06.10.12 12:34, schrieb George Petasis:
created by the user?
I assume that you know that DRM can never be made secure enough to
protect an experienced hacker. One of the simplest attacks would be to
automate the programs GUI.
Having said that, you should at least use a well-tested strong
cryptoalgorithm, like AES (which is in tcllib), with a random key such
that simple inspection of the "compiled" program using strings and such
does not reveal the key.
You can/should also store constant data inside the VFS of the starpack,
to obfuscate which part of the program contains the interesting data.
Christian
Am 06.10.12 12:34, schrieb George Petasis:
> The user of the product is a computer engineer. Just opening it in a
> text editor, the fact that it is a zip file will show. And then it will
> be easy to get the contents.
>
> The text files contain an electronic dictionary, and I want to protect
> this.
So the files are constant data, and not the storage format of the data
> text editor, the fact that it is a zip file will show. And then it will
> be easy to get the contents.
>
> The text files contain an electronic dictionary, and I want to protect
> this.
created by the user?
I assume that you know that DRM can never be made secure enough to
protect an experienced hacker. One of the simplest attacks would be to
automate the programs GUI.
Having said that, you should at least use a well-tested strong
cryptoalgorithm, like AES (which is in tcllib), with a random key such
that simple inspection of the "compiled" program using strings and such
does not reveal the key.
You can/should also store constant data inside the VFS of the starpack,
to obfuscate which part of the program contains the interesting data.
Christian
Donal K. Fellows
Oct 7, 2012, 11:17:00 AM10/7/12
to
On 06/10/2012 11:34, George Petasis wrote:
> The user of the product is a computer engineer. Just opening it in a
> text editor, the fact that it is a zip file will show. And then it will
> be easy to get the contents.
>
> The text files contain an electronic dictionary, and I want to protect
> this.
It's difficult to protect in this case. The simplest method is to not
> The user of the product is a computer engineer. Just opening it in a
> text editor, the fact that it is a zip file will show. And then it will
> be easy to get the contents.
>
> The text files contain an electronic dictionary, and I want to protect
> this.
actually give them the data, but instead give them a service that they
have to authenticate to in order to use. You can host the service on
your own hardware (or in the cloud or wherever) and keep the overall
dataset safe, and the main worry then becomes one of billing. ;-) The
downside is that it means that the dictionary isn't usable offline, but
putting up a service is much less obnoxious than DRM, and far easier to do.
Donal.
George Petasis
Oct 7, 2012, 2:49:32 PM10/7/12
to
ship my machine to his premises :D
George
DrS
Oct 7, 2012, 11:02:09 PM10/7/12
to
On 10/7/2012 2:49 PM, George Petasis wrote:
>
> The customer already uses a web service. The problem is that I have to
> ship my machine to his premises :D
>
Machines I am not so sure of but there are several packages in tcllib
>
> The customer already uses a web service. The problem is that I have to
> ship my machine to his premises :D
>
that do encryption. This page may be a good start:
http://wiki.tcl.tk/2198 . As others have stated, the best is a simple
obfuscation to protect from casual users. For that, a simple base64
encode/decode may be more than sufficient.
DrS
0 new messages