Tips   >   Externals   >   Blowfish Object

Blowfish Object

The blowfish external can be use to encrypt/decrypt passwords.

It is best to store all passwords in an encrypted form so that nobody, not even the system administrator, can see actual passwords. If a user forgets their password it is better practice to reset the password, than to view their existing password.

To use the blowfish external you need to instantiate it with an object type variable.

  1. Create an object type variable.
  2. Set the variable subtype to point to External Objects > Blowfish.

Encrypt a String

  1. Send the blowfish external an initial key using the $initkey method. You must remember this key in order to decrypt the message.
  2. Ask the blowfish external to encrypt a string by sending it a $encrypt(pStringValue) message.
  3. The blowfish external returns a binary value which is the encrypted string value.
  4. You can then store the encrypted string in your database as a blob or in a file.

Calculate cInitialKey as 'mykey'
Do oBlowfish.$initkey(cInitialKey)

Prompt for input Enter a password to encrypt Returns MyPassword
Do oBlowfish.$encrypt(MyPassword) Returns cBinaryVariable
OK message (Icon) {Your password has been encrypted to a binary value using the key '[cInitialKey]'////The 'Decrypt a String' demo will decrypt the string.}

Decrypt a String

  1. Send the blowfish external an initial key using the $initkey method. It must be the key that was used to encrypt the message.
  2. Ask the blowfish external to decrypt the binary value by sending it a $encrypt(pBinaryValue) message.
  3. The blowfish external returns the decrypted string value.

Do oBlowfish.$initkey(cInitialKey)
Do oBlowfish.$decrypt(cBinaryVariable) Returns DecryptedString
OK message (Icon) {The decrypted password is: '[DecryptedString]'}

Implementing Blowfish

I am a newbie to encryption so the following comments are just some of my initial thoughts on implementing blowfish.

Where do we store the key?

  1. You could hard code the $initkey somewhere in the application. The risk is that any developer who views the code can see the initial key and then use the blowfish external to decrypt any encrypted text. That may or may not be a problem depending on the application.
  2. For storing passwords you could use the user's password for the $initkey. I tested this and the only way to decrypt the binary variable was to use the correct password.

    Would using the password as the initial key for their password be a problem? I'm not sure. You wouldn't want to use the user password as the initial key to anything other than their own password!

Calculate cInitialKey as 'mykey'
Prompt for input Enter a password to encrypt Returns MyPassword
Do oBlowfish.$initkey(MyPassword)

Do oBlowfish.$encrypt(MyPassword) Returns cBinaryVariable
OK message (Icon) {Your password has been encrypted to a binary value.}

Prompt for input Enter your password Returns RenterPassword
Do oBlowfish.$initkey(RenterPassword)
Do oBlowfish.$decrypt(cBinaryVariable) Returns DecryptedString
OK message (Icon) {The decrypted password is: '[DecryptedString]'}

Include Header

The Omnis Studio F1 Help discusses an optional header parameter as follows:

The bIncludeHeader parameter is a boolean to indicate whether or not a header should be appended to the data. The encrypted data is always the same length as the decrypted data except for an additional 8 byte header (if required).

I tested encrypting a message with bIncludeHeader set to true, and then decrypting with bIncludeHeader set to false. (Just to see what would happen.) This exercise succeeded in crashing Omnis Studio v4.0. Needless to say I didn't bother testing any further.

StudioTips Documentation - Copyright 2006 Vencor Software