Solved

a security function that can be called by Java and C

Posted on 2003-10-23
17
404 Views
Last Modified: 2010-04-15
There are 2 programs, a C program and a Java program . I would like to add a security function ( a program or function that can called by the C program and the Java program) in these 2 programs so that the programs cannot run after an expired date.

My planning is that firstly I write a program that write the expired date (in encrypt form) into the registry in the user's windows. (Q1: What programming should I use? I plan to use VB. Is there any advantages and disadvantages? Q2: Which encrypt method is good for that VB or the programming language u suggest?)

Secondly, everytime the user run the C program and the Java program, the program will call a module (maybe a class written in C), that module will try to go to the registry and get the expired date ( in encrypt form) and return the expired date to the C or Java program. (Q3: Would you please tell me what programming tool should I use so that both the C program and the Java program can call it? Would you please give me a sample program or reference for using that programming language to get the data in the registry? Q4: Would you also tell me the sample code for calling from C and Java using that programming language ? Q5: Would you also tell me how to decrypt the data that is encrypted in Q2 using the programming language u suggest to me in Q3? )

Would you also give suggestions on my planning ? What can I improved ?
0
Comment
Question by:mikekwok
  • 6
  • 5
  • 3
17 Comments
 
LVL 23

Accepted Solution

by:
brettmjohnson earned 63 total points
Comment Utility
You probably should write the check function in C so that is easily callable by the C routine.

The Java code can call C code using the Java Native Interface (JNI).  
JNI tutorial here:  http://java.sun.com/docs/books/tutorial/native1.1/

0
 

Author Comment

by:mikekwok
Comment Utility
Thanks for answering q3 , do u have some sample codes for doing q3 ?
Do u have any idea on the other questions in my problem ? Thanks.
0
 
LVL 23

Expert Comment

by:brettmjohnson
Comment Utility
Q1)  I have never used Visual Basic.  I don't know how Java Native Interface works with VB. I would use C.

Q2) MD5 encryption is probably sufficient for your needs.  There are implementations in many languages.

Q3) Java Native Interface (JNI).

Q4) See tutorial mentioned in previous post for JNI sample code.

Q5) Most encryption packages (including MD5) include encryption and decryption interfaces. (Except one-way cyphers, of course.)


0
 

Author Comment

by:mikekwok
Comment Utility
Would you give me the sourcecode or tutorial on using MD5 in C ?
0
 

Author Comment

by:mikekwok
Comment Utility
Would somebody please teach me (Q1) how to use MD5 with C / Visual Basic, (Q2) How to use C/C++ to open / edit windows registry  ?
0
 
LVL 23

Expert Comment

by:brettmjohnson
Comment Utility
0
 

Author Comment

by:mikekwok
Comment Utility
I would like to ask after I have encrypted a string using the MD5 and write it to windows registry , how can i decrypt the string into the orginal string ?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 22

Assisted Solution

by:cookre
cookre earned 62 total points
Comment Utility
This isn't all that difficult - either conceptually or in implementation.

There are several simple algorithms in which the same key can be used to both encrypt and decrypt.  Here's some code I use frequently.  You should be able to follow the comments.  Note that this is used on an entire file, but the idea would work just as well with a single clump of data to be plopped in the registry:
===================
#include "stdafx.h"
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include <fcntl.h>
#include <sys\types.h>
#include <sys\stat.h>
#include <io.h>
#include <dos.h>
#include <errno.h>
#include <string.h>
#include <conio.h>

int FileIn;
int FileOut;
unsigned int   FileSize;      // How large our file is
unsigned char *Buf;           // Place to keep file in RAM
unsigned char  Password[128]; // Enc/Dec key
unsigned int   uidx;
unsigned int   BufIdx;
unsigned int   ClumpSize;
unsigned char  Clump[128];


///////////////////////////////////////////////////////////////////////
void XOR()
// Clump=Clump XOR Password
{
unsigned int uidx;
for (uidx=0; uidx<ClumpSize; uidx++)
    {
    Clump[uidx]=Clump[uidx] ^ Password[uidx];
    }
return;
}

///////////////////////////////////////////////////////////////////////
void LSC()
// Clump=Clump LeftCircularShift 1
{
unsigned char LeftMostBit;
unsigned char CarryBit;
unsigned int uidx;

LeftMostBit=Clump[0]>>7;
for (uidx=0; uidx<(ClumpSize-1); uidx++)
    {
    CarryBit=Clump[uidx+1]>>7;
    Clump[uidx]=CarryBit | (Clump[uidx]<<1);
    }
Clump[ClumpSize-1]=LeftMostBit | (Clump[ClumpSize-1]<<1);
return;
}

///////////////////////////////////////////////////////////////////////
void RSC()
// Clump=Clump RightCircularShift 1
{
unsigned char RightMostBit;
unsigned char CarryBit;
unsigned int uidx;

RightMostBit=Clump[ClumpSize-1]&1;
for (uidx=ClumpSize-1; uidx>0; uidx--)
    {
    CarryBit=Clump[uidx-1]&1;
    Clump[uidx]=(CarryBit<<7) | (Clump[uidx]>>1);
    }
Clump[0]=(RightMostBit<<7) | (Clump[0]>>1);
return;
}


void main(int argc, char* argv[])
{
if (argc!=3)
   {
   printf("Usage: SecDec  <FileIn>  <FileOut>\n");
   exit(1);
   }

//
// magic word
                                     Password is whatever string you'ld like to use.
                                     Rather than put a plain text sting in the code that could be seen
                                     in a file dump, I build the string at run-time.
                                     For each character, I use a randomly generated addition of two
                                     of two integers whose sum is the ascii value of the character.
                                     For example, if the 12th character of the key were 'u' (117),
                                     I might have Password[11]=93+24;
Password[0]=...;
Password[n]=...;
Password[n+1]=0;


                                     You can ignore all the file I/O stuff


// Open input file
FileIn=_open(argv[1],_O_BINARY|_O_RDONLY);
if (FileIn<0)
   {
   printf("Unable to open input file <%s>(%d)\n",argv[1],errno);
   exit(2);
   }

// Open or create output file
FileOut=_open(argv[2],_O_BINARY|_O_CREAT|_O_RDWR|_O_TRUNC,_S_IWRITE);
if (FileOut<0)
   {
   printf("Unable to open output file <%s>(%d)\n",argv[2],errno);
   exit(3);
   }

//
// Get space to hold file in RAM
FileSize=(unsigned int)_filelength(FileIn);
Buf=(unsigned char*)malloc((size_t) FileSize);
if (Buf==NULL)
   {
   _close(FileIn);
   _close(FileOut);
   printf("Insufficient RAM\n");
   exit(4);
   }

//
// Load input file into RAM
_read(FileIn,Buf,FileSize);

//
// Decrypt file in clumps of Passwords length;
ClumpSize=strlen((char *)Password);
BufIdx=0;
while (BufIdx<FileSize)
      {
      // Adjust for last clump being smaller than Password
      if ((FileSize-BufIdx)<ClumpSize) ClumpSize=FileSize-BufIdx;

      // Load clump to be decrypted
      for (uidx=0; uidx<ClumpSize; uidx++) Clump[uidx]=*(Buf+BufIdx+uidx);

      // Encrypt this clump
      RSC();
      XOR();
      RSC();
      XOR();
      RSC();
      XOR();

                                       To decrypt using the same key, use

                                       XOR();
                                       LSC();
                                       XOR();
                                       LSC();
                                       XOR();
                                       LSC();




      // Put the clump back where it came from
      for (uidx=0; uidx<ClumpSize; uidx++) *(Buf+BufIdx+uidx)=Clump[uidx];
      BufIdx+=ClumpSize;
      }

//
// Write out buggered file
_write(FileOut,Buf,FileSize);

//
// Cleanup
free(Buf);
_close(FileOut);
_close(FileOut);
exit(0);

}
===================





0
 

Author Comment

by:mikekwok
Comment Utility
What's the algorithm u use ? md5 or other algorithm ?
0
 
LVL 22

Expert Comment

by:cookre
Comment Utility
If you do a search on ENCRYPT XOR SHIFT you'll find similarities in both DES and AES block cyphers.  To most folks I know who know about it, it's just "That XOR shift thingie".

For what it's worth, it's passed muster with every security officer I've had to deal with.
0
 

Author Comment

by:mikekwok
Comment Utility
Do you have some sample on creating an using public key and private key for encryption and decryption in C ?

If i don't want to use the same key for encryption and decryption in ur same code, what should i do ?
0
 
LVL 22

Expert Comment

by:cookre
Comment Utility
<Do you have some sample on creating an using public key and private key for encryption and decryption in C ?>

Nope. The times I've had to write to public/private key encryption have used commercial encryption packages, the APIs for which are all different.


<If i don't want to use the same key for encryption and decryption in ur same code, what should i do ?>

Don't use it, then.  One of the points of that method is that the same key will both encrypt and decrypt.
0
 
LVL 22

Expert Comment

by:cookre
Comment Utility
How's it going?
0
 
LVL 22

Expert Comment

by:cookre
Comment Utility
Sunny - whatever you deem appropriate...
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Have you thought about creating an iPhone application (app), but didn't even know where to get started? Here's how: ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Important pre-programming comments: I’ve never tri…
Windows programmers of the C/C++ variety, how many of you realise that since Window 9x Microsoft has been lying to you about what constitutes Unicode (http://en.wikipedia.org/wiki/Unicode)? They will have you believe that Unicode requires you to use…
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use while-loops in the C programming language.
The goal of this video is to provide viewers with basic examples to understand and use switch statements in the C programming language.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now