You Are Here:

Community: Wiki

This page was last modified 00:25, 18 February 2009.

Password based encryption

From Forum Nokia Wiki

Contents

Overview

When storing sensitive data it is very important that existing encryption support is used rather than "hand rolled" solutions written by inexperienced security developers. Getting cryptographic solutions right is very hard and best left to experts. To this end Symbian have provided a subset of the cryptographic libraries for use by third parties and these should be used to store sensitive data since they are cryptographically secure. This code snippet shows how to securely store data so that the only way it may be retrieved is to supply a password.


The first code snippet contains the code to encrypt a blob of text with a password and write that out to a stream. The second code snipped reverses the first, in that given a password and a stream, the encrypted blob will be decrypted and the plain text returned.

API Notes

The password based encryption API's provide an object to hide the encryption functionality. This is the CPBEncryptElement and selects the default encryption algorithm and sets up the various vectors to ensure that the data and password are encrypted to accepted standards.

The element then provides two sub elements, one of which performs the encryption and one of which provides the decryption. In addition to providing the cryptography, the element also provides methods to allow the data to be serialized to and from a stream securely.

Preconditions

The cryptography API's are required to be installed. These can be found here.

Source file

Example code to encrypt a blob of data with a password and write it to a stream.

void EncryptDataL(const TDesC& aPassword, const TDesC8& aPlainTextBlob, RWriteStream& aStream)
	{
	const TPtrC8 passwordPtr(REINTERPRET_CAST(const TUint8*, aPassword.Ptr()), aPassword.Length() * sizeof(TText));
	
	// create a new element
	const TPBPassword encryptionKey(passwordPtr); 
	CPBEncryptElement* element = CPBEncryptElement::NewLC(encryptionKey);
	
	// create a new encryptor object based on the encryption data in the element
	CPBEncryptor* encrypter = element->NewEncryptLC();
	
	// allocate enough space to hold the encrypted text
	// and then encrypt the text
	 HBufC8* ciphertext = HBufC8::NewLC(encrypter->MaxFinalOutputLength(aPlainTextBlob.Length()));
	 TPtr8 ciphertextPtr = ciphertext->Des();        
	 encrypter->ProcessFinalL(aPlainTextBlob, ciphertextPtr);
	
	 // finally write out the encryption data
	 const CPBEncryptionData& header = element->EncryptionData();
	 header.ExternalizeL(aStream);
	 
	 // and the encrypted text
	 const TInt length = ciphertextPtr.Length();
	 aStream.WriteInt32L(length);
	 aStream.WriteL(ciphertextPtr, length);
	 
	 CleanupStack::PopAndDestroy(3, element); // ciphertext, encrypter, element
	}

Example code to decrypt a blob of data (encrypted by the above) given the password and a stream.

HBufC8* CExampleStubAppUi::DecryptDataL(const TDesC& aPassword, RReadStream& aStream)
	{
	const TPtrC8 passwordPtr(REINTERPRET_CAST(const TUint8*, aPassword.Ptr()), aPassword.Length() * sizeof(TText));
	
	const TPBPassword encryptionKey(passwordPtr);
	// Recover the encryption data from the stream
	CPBEncryptionData* encryptionData = CPBEncryptionData::NewLC(aStream);
 
	// and then read the encrypted text
	const TInt length = aStream.ReadInt32L();
	HBufC8* encryptedBlob = HBufC8::NewLC(length);
	TPtr8 encryptedBlobPtr = encryptedBlob->Des();
	aStream.ReadL(encryptedBlobPtr, length);
 
	// now create an element with the encryption data
	// and get the decryptor object based on the encryption data
	CPBEncryptElement* element = CPBEncryptElement::NewLC(*encryptionData, encryptionKey);	
	CPBDecryptor* decrypter = element->NewDecryptLC();
	
	// Find out how big the result will be and allocate space for it
    	HBufC8* plaintext = HBufC8::NewLC(decrypter->MaxFinalOutputLength(encryptedBlobPtr.Length()));
    	TPtr8 plaintextPtr = plaintext->Des();
 
    	// Now decrypt the data
    	decrypter->ProcessFinalL(encryptedBlobPtr, plaintextPtr);
	
    	CleanupStack::Pop(plaintext);
    	CleanupStack::PopAndDestroy(4, encryptionData); // decrypter, encryptedblob, element, encryptionData
    
    	return plaintext;
	}

Postconditions

The text is encrypted, written to a file stream, reloaded and then decrypted. If the password is incorrect the function will leave.

Supplementary material

  • You can test link handling code in a simple, executable application into which this code snippet has been patched. The application is available for download at: Image:ExampleStub PBEExample2.zip
  • You can examine all the changes that are required to add message box links in an application. The changes are provided in the unified diff format:Image:ExampleStub PBEExample2.diff.zip
  • For general information on applying the patch, see Using Diffs.
  • For unpatched stub applications, see Example stub.

See also

The documentation on the cryptography libraries supplied with the cryptography download.

Rate This

 
Bookmark this page: DeliciousDiggFacebookGoogleYahooStumbleUponRedditFurlTechnocratiMagnoliaTwitter  Share this page Share this page Print this Page Print this page Invite a friend Invite a friend
Email Newsletters Press Terms & Conditions Privacy Policy Sitemap Contact Us © 2009 Nokia 
RDF Facets: qdcZdescriptionQSxEa0E20WikiE20javaE20symbianE5fosE20s60E20maemoE20cE2bE2bE20WikiE20HomeE20WikiE20HelpE20OverviewE20GlossaryE20CreateE20PageE20ProposeE20anE20ArticleE20SpotlightE20TopicE20E2dE20WE52TE20WidgetsE20ProgrammingE20E4canguageE20E2dE20SymbianE20CE2bE2bE20E2dE20OpenE20CE2fCE2bE2bE20E2dE20JavaE20E2dE20FlashE20E4citeE20E2dE20PythonE20WebE20TechnologiesE20E2dE20WE52TE20WidgetsE20E2dE20WidSetsE20ToolsE20andE20SE44KE20CodeE20E45E78amplesE20KnowledgeE20BaseE20TechnologyE20AreasE20SoftwareE20PlatformsE20E44evelopmentE20ProcessE20E3fE3fWikiE20ChineseE20E3fE3fE3fWikiE20JapaneseE20PortugueseE2fBrazilianE20E52ussianE20WhatE20linksE20hereE20UploadE20fileE20SpecialE20pagesE20PrintableE20versionE44ownloadE20asE20PE44FE20GoE20ToE20E2eE2eE2eX qdcZidentifierQSxhttpE3aE2fE2fwikiE2eforumE2enokiaE2ecomE2findeE78E2ephpE2fMMPE5ffileX qdcZpublisherQUxhttpE3aE2fE2fswE2enokiaE2ecomE2fidE2fc764fd1cE2d8b06E2d499aE2d9a6aE2d17c3903d5a65E2fforumE5fnokiaE5fcrawlerE5fagentX qdcZtitleQSxMMPE20fileE20E2dE20ForumE20NokiaE20WikiX qdcZtypeQUqfnZE45E78cludedFromGeneralE4cistingsQ qdcZtypeQUqfnTypeZCommunityContentQ qdcZtypeQUqfnTypeZE52esourceQ qdcZtypeQUqfnTypeZWebpageQ qdcZtypeQUqfnTypeZWikiContentQ qdcZtypeQUqmarsZManagedE52esourceQ qdcZtypeQUqwebZInformationE52esourceQ qdcZtypeQUqwebZPageQ qdcZtypeQUqwebZE52esourceQ qdcZtypeQUqrdfsZE52esourceQ qrssZdescriptionQSxEa0E20WikiE20javaE20symbianE5fosE20s60E20maemoE20cE2bE2bE20WikiE20HomeE20WikiE20HelpE20OverviewE20GlossaryE20CreateE20PageE20ProposeE20anE20ArticleE20SpotlightE20TopicE20E2dE20WE52TE20WidgetsE20ProgrammingE20E4canguageE20E2dE20SymbianE20CE2bE2bE20E2dE20OpenE20CE2fCE2bE2bE20E2dE20JavaE20E2dE20FlashE20E4citeE20E2dE20PythonE20WebE20TechnologiesE20E2dE20WE52TE20WidgetsE20E2dE20WidSetsE20ToolsE20andE20SE44KE20CodeE20E45E78amplesE20KnowledgeE20BaseE20TechnologyE20AreasE20SoftwareE20PlatformsE20E44evelopmentE20ProcessE20E3fE3fWikiE20ChineseE20E3fE3fE3fWikiE20JapaneseE20PortugueseE2fBrazilianE20E52ussianE20WhatE20linksE20hereE20UploadE20fileE20SpecialE20pagesE20PrintableE20versionE44ownloadE20asE20PE44FE20GoE20ToE20E2eE2eE2eX qfnZdistributionQUxhttpE3aE2fE2fwikiE2eforumE2enokiaE2ecomE2fX qfnZtypeQUqfnTypeZCommunityContentQ qfnZtypeQUqfnTypeZE52esourceQ qfnZtypeQUqfnTypeZWebpageQ qfnZtypeQUqfnTypeZWikiContentQ qfnZupdatedQDx2008E2d10E2d02X qfnZuserE5ftagQSxfileX qfnZuserE5ftagQSxlibpathX qfnZuserE5ftagQSxmmpX qfnZuserE5ftagQSxresourceX qmarsZdescriptionQSxEa0E20WikiE20javaE20symbianE5fosE20s60E20maemoE20cE2bE2bE20WikiE20HomeE20WikiE20HelpE20OverviewE20GlossaryE20CreateE20PageE20ProposeE20anE20ArticleE20SpotlightE20TopicE20E2dE20WE52TE20WidgetsE20ProgrammingE20E4canguageE20E2dE20SymbianE20CE2bE2bE20E2dE20OpenE20CE2fCE2bE2bE20E2dE20JavaE20E2dE20FlashE20E4citeE20E2dE20PythonE20WebE20TechnologiesE20E2dE20WE52TE20WidgetsE20E2dE20WidSetsE20ToolsE20andE20SE44KE20CodeE20E45E78amplesE20KnowledgeE20BaseE20TechnologyE20AreasE20SoftwareE20PlatformsE20E44evelopmentE20ProcessE20E3fE3fWikiE20ChineseE20E3fE3fE3fWikiE20JapaneseE20PortugueseE2fBrazilianE20E52ussianE20WhatE20linksE20hereE20UploadE20fileE20SpecialE20pagesE20PrintableE20versionE44ownloadE20asE20PE44FE20GoE20ToE20E2eE2eE2eX qmarsZlanguageQUxhttpE3aE2fE2fswE2enokiaE2ecomE2flanguageE2d1E2fenX qrdfZtypeQUqfnZE45E78cludedFromGeneralE4cistingsQ qrdfZtypeQUqfnTypeZCommunityContentQ qrdfZtypeQUqfnTypeZE52esourceQ qrdfZtypeQUqfnTypeZWebpageQ qrdfZtypeQUqfnTypeZWikiContentQ qrdfZtypeQUqmarsZManagedE52esourceQ qrdfZtypeQUqwebZInformationE52esourceQ qrdfZtypeQUqwebZPageQ qrdfZtypeQUqwebZE52esourceQ qrdfZtypeQUqrdfsZE52esourceQ