1. Does MagicCrypt work on w2k Server?
MagicCrypt can work on w2k Server. But there some points:
- If you use MagicCrypt from IIS 5 and application protection is "low" everything will work.
(if set Application Protection set to "Low").
- If you are planning to use "Medium"or "High" protection level you have to use our
new component called .
MagicService was written for MagicCrypt and works only with it.
It allows you to run MagicCrypt code under any user.
you can read more about .
2. How to save encoded file into DB and then read it?
There is a simple way how to write base64 file into the DB.
Here is used SingleKey but you can use DoubleKey for encripting files too.
Example1: The following example stores the encoded file into DB:
- <%
-
Set sKey = CreateObject("MagicCrypt.SingleKey" )
sKey.setKey "test" 'you can use any algorithm here!
sKey.EncodeFile "file.bin", "any.exe" 'you can use any algorithm here!
sKey.EncodeMIMEFile "file.base64", "file.bin" ' encoding to base64
Set FSO = CreateObject("Scripting.FileSystemObject")
Set txtFile = FSO.OpenTextFile("file.base64",1 ,false)
Line = txtFile.ReadAll
txtFile.Close
'here you have sLine. It can be saved into DB as string!
- %>
Example2: The following example restores the file from DB.
- <%
-
Set FSO = CreateObject("Scripting.FileSystemObject")
Set txtFile2 = FSO.CreateTextFile("file2.base64")
' get sLine from DB here
txtFile2.Write sLine
txtFile2.Close
Set sKey = CreateObject("MagicCrypt.SingleKey")
sKey.DecodeMIMEFile "file.bin", "file.base64" ' decoding to base64
sKey.setKey "test" 'you can use any algorithm here!
sKey.DecodeFile "any.exe", "file.bin" 'you can use any algorithm here!
' here you have the primary file
- %>
3. Why do a lot of different components including MagicCrypt
allow only file encoding/decoding for private/public encryption?
As we know private/public encryption is very slow. If we use private/public keys
for encoding/decoding it will be too slow.
And so almost all realization of private/public encryption use following algorithm:
Encoding:
- generane random session key
- encode input information stream using session key(fast process). Result is a encoded stream;
- encode session key using X public key(very slow process
but session key is too small and it doesn't take much time);
- save the encoded stream and encoded session key into the result stream;
Only person who oun X private key will be able to encode the session key
and then encode all the information!
Decoding:
- read a encoded session key;
- decoding session key using X private key(slow process);
- decode the encoded stream using the session key(fast process)!;
As you can notice encoded stream incude encoded session key!
It increase output stream and it can be large.
So it is better to use files.
3. We are trying to encrypt a credit card number, insert it into
the database and then decrypt that number from the database.
What I the best way to do this? Can you recommend something?
We recommend to do the following:
1. Generate random session key A before all decryption/decryption.
Encrypt it using double key B and store encrypted key A anywhere.
May be into your DB.
2. Before encoding and decoding credit card numbers decrypt key A.
Use key A to encode or decode credit card numbers.
So using this process credit card numbers will be available only for user
who
owns the key B. We would recommend using MagicCrypt with MagicService
component to run your encryption/decryption code under definite user
(We would create new user "Secure_User" for encryption/decryption card
numbers).
MagicService component is free for MagicCrypt users. Read more about
MagicService here.
If you use MagicService:
- Create new user "Secure_User".
- Give him definite rights.
- Logon "Secure_User" before using it! It is needed for OS to
initialize user. OS initialize user at first logon.
Register MagicService, configure it to run under "Secure_User" using Service
manager.
So your creation code will look like:
- <%
-
Set MsObject = CreateObject("MagicService.ObjectFactory")
Set mcObj = MsObject.CreateObject("MagicCrypt.DoubleKey")
- %>
MsObject will run code under MagicService user ("Secure_User" in your case).
ATTENTION: We would recommend you to backup private key of "Secure_User".
Move it on a diskette or save it on your hard drive and encode
it using password session key. This will help you to restore credit card
numbers if "Secure_User" account is damaged.
|
