New SimpleCrypt page
-
some additional topics:
in "Decrypted payload":http://developer.qt.nokia.com/wiki/SimpleCrypt_algorithm_details#2d478ba9ee3cf03e338b506b1a0292dc
SH1 and CRC have the same description:
bq. In case the Protection Checksum flag has been set, the layout of the decrypted payload looks like this:
I think this is just a copy paste error.
As I'm through now, no more things :-)
Very good article, interesting to read. Thanks. -
Hi Andre.
First of all, thanks for sharing your code. :-)I was playing with this algorithm, but I noticed a strange situation: sometimes these work well, sometimes not.
This is the string which I have tested :
10197016915918185882701231384169178913312058269-10750535699546572956586080750006397
The key is: 13775729I tested both with string and binary data (there are several integer values).
So if I encrypt this string, and then decrypt it, sometimes original string is equal with decrypted string, sometimes differ.
-
A small test is something like :
@
QString cryptSerialNumber;void testCrypt()
{
SimpleCrypt processSimpleCrypt(13775729);
QString uniqueString("10197016915918185882701231384169178913312058269-10750535699546572956586080750006397");
cryptSerialNumber = processSimpleCrypt.encryptToString(uniqueString);
}void testDecrypt()
{
SimpleCrypt processSimpleCrypt(13775729);
QString uniqueString = processSimpleCrypt.decryptToString(cryptSerialNumber);
}
@Sometimes decrypted "uniqueString" is the same as the original, but sometimes is :
1019701691591818588270123138416917891691033658269-10750535699546572956586080750006397, almost the same with original, but not the same :-) -
Well, at least, that narrows down the issue to the decrypting routine... Issue is: there is nothing in there that I can think of might be influenced by something else than the input string itself. I will have to investigate, but I can not do that right now. I'll need a few days before I get around to doing that. Sorry. I would like to encourage you to try to debug it on your own as well. At the very least, insert some debug statements at strategic places in the code to see what goes on.
Hmmmm... now that I think about it: it is actually very strange that your encrypted string stays the same. It should be different each time you do the encryption, even on the same input string. That is because a random byte is inserted at the front of the byte array to encrypt (line 115 and 116 from simplecrypt.cpp).
-
[quote author="Andre" date="1315913144"]Hmmmm... now that I think about it: it is actually very strange that your encrypted string stays the same. It should be different each time you do the encryption, even on the same input string.[/quote]
You are right. But I do the encryption only once. This encryption string I'll write into file only once.
Then I try to decrypt it several times. And ... sometimes decrypt string = original string, sometimes is very little different.[quote author="Andre" date="1315913144"]I will have to investigate, but I can not do that right now. I'll need a few days before I get around to doing that. Sorry.[/quote]
Thanks for your time, it is not rush. Now I'm very busy with another project, but if I have more time, I'll debug longer ... -
Hi
I have tried to reproduce the problem using this code:
@#include <QtCore/QCoreApplication>
#include "simplecrypt.h"
#include <QtDebug>bool testDecrypt()
{
const QString cryptString("AwNgsVZWVlYFfdbw6is6+srGtTZtFxBm1rc5z8/z1lQNfU74jOk+0bsNs2vMFNlbB5RqAZI/dgJEH79ElSotizgvmf0/xg==");
const QString expectedResult("10197016915918185882701231384169178913312058269-10750535699546572956586080750006397");SimpleCrypt crypt(13775729); QString result = crypt.decryptToString(cryptString); if (result == expectedResult) return true; qDebug() << "Fail: " << result; return false;
}
int main(int argc, char *argv[])
{
QCoreApplication a(argc, argv);int pass(0), fail(0); for (int i(0); i<1000000; ++i) { if (testDecrypt()) { ++pass; } else { ++fail; } } qDebug() << "Decryption passed" << pass << "times and failed" << fail << "times."; return 0; //return a.exec();
}
@My output was:
@
Decryption passed 1000000 times and failed 0 times.
@That is: I am not able to see any instability in the algorithm, at least not via this test. That makes it hard for me to figure out why you might be seeing a problem.
-
Hi,
I read your article and it is very interesting !
I am the developer of QxOrm library (Object Relational Mapping for C++/Qt) and I would like to use your class to encrypt/decrypt some datas. Indeed, QxOrm library provides QxService module to create C++/Qt application server. Here is a tutorial if you want to see QxService module : http://www.qxorm.com/qxorm_en/tutorial_2.html
So it would be great with an option to encrypt data before transfering it over network.
Can I use your class in QxOrm library ?
Can I add namespace for your class ?
Can I rename your class to add Qx prefix ?
I will not change anything else.Thanks !
PS: I´m french so sorry if my english is not perfect.
-
@Andre ... many, many apologies.
Indeed your algorithm works well, what induced me in error was CPUID opcode, which I compared with decrypted string. I was convinced that CPUID opcode with all features was always the same. But sometimes some bits are different (maybe cache information, I'll study in a few days)
Thanks anyway. -
[quote author="cincirin" date="1316417041"]@Andre ... many, many apologies.
Indeed your algorithm works well, what induced me in error was CPUID opcode, which I compared with decrypted string. I was convinced that CPUID opcode with all features was always the same. But sometimes some bits are different (maybe cache information, I'll study in a few days)
Thanks anyway.[/quote]OK, glad to know that the issue is not in my code :-) Lots of luck in figuring out what is going wrong then!
One more note: you might want to think about getting a better key. 1316417041 is only a 32 bits number (0x4E76EE11). You might want to considder generating a real 64 bit key instead. -
[quote author="qxorm" date="1316359090"]Hi,
I read your article and it is very interesting !
[/quote]
Thanks for the compliment :-)[quote]
I am the developer of QxOrm library (Object Relational Mapping for C++/Qt) and I would like to use your class to encrypt/decrypt some datas. Indeed, QxOrm library provides QxService module to create C++/Qt application server. Here is a tutorial if you want to see QxService module : http://www.qxorm.com/qxorm_en/tutorial_2.html
[/quote]
I am very interested in ORM myself (and database drivers and the likes), and I have looked at QxORM before. Very nice effort!
[quote]
So it would be great with an option to encrypt data before transfering it over network.Can I use your class in QxOrm library ?
Can I add namespace for your class ?
Can I rename your class to add Qx prefix ?
I will not change anything else.
[/quote]
Would the above be doable based on the current licence of the code, or would you need the code under a different licence? I do not have objections to you including this code in QxOrm in principle, so I guess we can figure something out. -
I think it's ok for the licence : QxOrm library is under LGPL licence, so it seems compatible.
I just want (if possible) include your class into the namespace qx and rename it from SimpleCrypt to QxSimpleCrypt (like other classes into QxOrm library).
If I include your class into QxOrm library, I would like to set your name into the changes.txt file for the next version. Is it ok for you ?
Something like this :
New class qx::QxSimpleCrypt to provide encryption/decryption (thanks very much to Andre Somers) with QxService module : encrypt data before transfering it over network.