SPS Blog - Visual FoxPro and AES Encryption

Sunday, August 28, 2005

IMPORTANT: The functions within this FLL have changed. Please refer to the latest documention for the VFP Encryption FLL that can be found at the following link:

Major VFP Encryption Update

Advanced Encryption Standard (AES) For Visual FoxPro
If you read my last blog entry, then you know I'm working on putting together a comprehensive set of encryption/decryption functions for Visual FoxPro via an FLL. Building on that, I decided the next cipher I would implement was AES (a.k.a. Rijndael). The Visual C++ code is based on earlier work by Szymon Stefanek, Vincent Rijmen, and K.U.Leuven that is in the public domain. The AES encryption standard is good enough that it is approved by the US government (among others) for encrypting Classified and Top Secret information. This is arguably one of the best ciphers currently being used, and I wouldn't be surprised if some of you readying this have had AES be a security requirement on some of your projects. For additional information regarding AES you can see the following link:

http://en.wikipedia.org/wiki/AES

Description of the new Visual FoxPro AES Encryption Functions

Function Signatures
AesEncrypt(cString, cKey, [nMode, [nKeySize]])
AesDecrypt(cString, cKey, [nMode, [nKeySize]])

Parameters
cString: String to encrypt/decrypt
cKey: Encryption Key to use (16, 24, or 32 characters depending on nKeySize)*
nMode: AES Mode (1 = ECB 2 = CBC)
nKeySize: Size of Key in bits (128, 192, 256)

* The cKey parameter will accept keys that aren't the right size and either pad or truncate them in order to provide the internal FLL function with the correct key length, however this weakens the overall security of the AES encryption and is strongly discouraged.

Download the FLL and Start Using AES in Visual FoxPro
Here is the download link and some cut-paste-and-execute sample code so you can try it out. NOTE: I will be overwriting prior versions of the fll so the links always point to the latest version. Also, should you want to see a specific cipher or hash implemented in this FLL, or if you have some other suggestions/ideas, please feel free to leave me a comment about it and I will see what I can do.

Download the VFP Encryption FLL (22 KB approx.)

Example of Use

CLEAR
SET LIBRARY TO LOCFILE("vfpencryption.fll")
#DEFINE ASECRET256BITKEY "LVE*(zz}}'rr)`P%wDq@lc8WWbGw0[77" && Example only, make your own 32 character key
? "__________________________"
? "EXAMPLE #1 (simplest): USES DEFAULT AES - CBC MODE 256-BIT KEY"
cEncryptedString = AesEncrypt("Visual FoxPro Rocks!", ASECRET256BITKEY)
cDecryptedString = AesDecrypt(cEncryptedString, ASECRET256BITKEY)
? "Encrypted: " + cEncryptedString
? "Decrypted: " + cDecryptedString
? "__________________________"
? "EXAMPLE #2: USES AES - ECB MODE 256-BIT KEY"
cEncryptedString = AesEncrypt("Visual FoxPro Rocks!", ASECRET256BITKEY, 1, 256)
cDecryptedString = AesDecrypt(cEncryptedString, ASECRET256BITKEY, 1, 256)
? "Encrypted: " + cEncryptedString
? "Decrypted: " + cDecryptedString
? "__________________________"
? "EXAMPLE #3: USES AES - CBC MODE 256-BIT KEY"
cEncryptedString = AesEncrypt("Visual FoxPro Rocks!", ASECRET256BITKEY, 2, 256)
cDecryptedString = AesDecrypt(cEncryptedString, ASECRET256BITKEY, 2, 256)
? "Encrypted: " + cEncryptedString
? "Decrypted: " + cDecryptedString
? "__________________________"
#DEFINE ASECRET192BITKEY "!rPrrj<t!fr7$7L?1#\\;lAV" && Example only, make your own 24 character key
? "EXAMPLE #4: USES AES - ECB MODE 192-BIT KEY"
cEncryptedString = AesEncrypt("Visual FoxPro Rocks!", ASECRET192BITKEY, 1, 192)
cDecryptedString = AesDecrypt(cEncryptedString, ASECRET192BITKEY, 1, 192)
? "Encrypted: " + cEncryptedString
? "Decrypted: " + cDecryptedString
? "__________________________"
? "EXAMPLE #5: USES AES - CBC MODE 192-BIT KEY"
cEncryptedString = AesEncrypt("Visual FoxPro Rocks!", ASECRET192BITKEY, 2, 192)
cDecryptedString = AesDecrypt(cEncryptedString, ASECRET192BITKEY, 2, 192)
? "Encrypted: " + cEncryptedString
? "Decrypted: " + cDecryptedString
? "__________________________"
#DEFINE ASECRET128BITKEY "!rPrrj<t!fr7$7L?1#\\;lAV" && Example only, make your own 16 character key
? "EXAMPLE #6: USES AES - ECB MODE 128-BIT KEY"
cEncryptedString = AesEncrypt("Visual FoxPro Rocks!", ASECRET128BITKEY, 1, 128)
cDecryptedString = AesDecrypt(cEncryptedString, ASECRET128BITKEY, 1, 128)
? "Encrypted: " + cEncryptedString
? "Decrypted: " + cDecryptedString
? "__________________________"
? "EXAMPLE #7: USES AES - CBC MODE 128-BIT KEY"
cEncryptedString = AesEncrypt("Visual FoxPro Rocks!", ASECRET128BITKEY, 2, 128)
cDecryptedString = AesDecrypt(cEncryptedString, ASECRET128BITKEY, 2, 128)
? "Encrypted: " + cEncryptedString
? "Decrypted: " + cDecryptedString

Visual Foxpro

Sunday, August 28, 2005 10:46:53 PM (GMT Daylight Time, UTC+01:00)

Comments [3]

Monday, August 29, 2005 2:19:25 PM (GMT Daylight Time, UTC+01:00)

Thank you for the very interesting blogs, which I monitor almost every day.
I have a comment on this post. My opinion is that the problem is more to transparently hook every update insert and select (every manipulation command) to the encryption routine, so that the programmer wouldnt have to call these routines explicitily. Do you think this is possible?

Dimitrios Papadopoulos

Monday, August 29, 2005 6:22:36 PM (GMT Daylight Time, UTC+01:00)

Hi Dimitrios,

>>My opinion is that the problem is more to transparently hook every update insert and select (every manipulation command) to the encryption routine, so that the programmer wouldnt have to call these routines explicitily. Do you think this is possible?

Yes, it seems feasible. The best thing would be for the MS Fox Team to jump in here and give us another layer that would allow for encryption/decryption routines or other functions to run between.

However, there may be ways for us to implement something like this ourselves. It wouldn't be complete transparent, but could be close.

My first thought is adding a number of SPROCS to a database, but this has some drawbacks, not the least of which would be that the data would be decrypted prior to it being sent across the line in a lan/wan scenario.

My next thought is special views that would provide the interface to the database backend, but there are a number of scenarios that I haven't worked out in my head yet regarding this.

Other thoughts are to use cursor adapters or build the logic into a comprehensive set of datacentric tier objects that would provide the needed manipulation to and from the database backend.

None of these are perfect in my mind, but certainly one or more of them is workable. As I said, the best thing would be for the MS Fox Team to implement another layer (hook as you say) somewhere between so that this functionality (along with a ton of other stuff such a layer would be handy for) could be turned on for a particular database at the expense of a small performance hit.

Dimitrios - you seem to see where I am headed with this and the potential of my work here. The first step is to create lightning fast, extremely secure cipher algorithms that can be used by Visual FoxPro - which is what I am currently doing. Thanks for the feedback and for reading my blog. (FWIW, according to my web statistics there are currently around 700 daily readers/subscribers of this blog and it is increasing weekly. This doesn't count the mirror of this blog that is out on TechRepublic. I don't have statistics for that)

Craig Boyd

Saturday, January 21, 2006 2:38:39 AM (GMT Standard Time, UTC+00:00)

Craig:

The work you are performing has applications in several projects on which I am currently working and would be eager to portions copyright and/or credit where due. This may seem trivial but what Version of VFP was this library compiled in? I am getting an Library File is invalid erro when issuing the Set Library command.

Regards,

STC

Scott T. Cottle

All comments require the approval of the site owner before being displayed.

Name
E-mail	(will show your gravatar icon)
Home page

	Remember Me
Comment (Some html is allowed: `a@href@title, b, blockquote@cite, em, i, strike, strong, sub, sup, u`) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.
Enter the code shown (prevents robots):
Live Comment Preview

Archive

On this page....

Categories