RC4decrypt and RC4encrypt (String functions): Difference between revisions

From m204wiki
Jump to navigation Jump to search
mNo edit summary
(No difference)

Revision as of 14:44, 18 December 2010

This intrinsic function returns a binary string that is the method object string encrypted or decrypted with the specified RC4 encryption key. The length of the returned string is the same as that of the object string.

RC4 is a two-way, or symmetric, cipher (algorithm), so encrypting a string with a key and then encrypting the result of that encryption with the same key produces the original string. That is, the following assertion should always hold:

   assert %string:rc4encrypt(%key):rc4decrypt(%key) eq %string                                        
                                                                                                      

RC4decrypt is a synonym for RC4encrypt. You can use the RC4decrypt synonym to "document" that you are decrypting rather than encrypting in a call.

The RC4encrypt function is available as of version 7.3 of the Sirius Mods.

RC4encrypt syntax

  %outStr = string:RC4encrypt(%key)                                                                   

Syntax Terms

%outStr
A string variable to receive the encrypted or decrypted method object string. Its length is the same as %key.
string
The string to which the method is applied.
%key
A string variable whose value is used to encrypt or decrypt the method object string. The key is transformed and then combined with the object string. This key value must not be null nor longer than 255 bytes. (RC4 keys are rarely longer than 64 bytes.)

Usage Notes

  • You are not prevented from creating confusion by encrypting with RC4decrypt and decrypting with RC4encrypt.
  • The %key value you provide is (internally) concatenated with itself until it reaches 256 bytes and becomes the "true" key that participates in the encryption algorithm. A consequence of this is that a key that consists of text that repeats will produce the same encryption result as the text alone (without its repetitions). For example, the eight-byte key 'AAAAAAAA' is no stronger than the one-byte key 'A', so it is not very secure. Similarly, the ten-byte key 'ababababab' is no stronger than the two-byte key 'ab'.
  • RC4 is the default stream cipher used in Janus Network Security, and it may be used by customers who license Janus Network Security or Janus SOAP. A complete explanation of RC4 encryption can easily be found on the Internet.
  • MD5digest and SHAdigest are cryptographic hash functions that operate on the method object string.

Examples

In the following example, the output string from the RC4encrypt method is assigned to a variable, converted to hex using the StringToHex intrinsic method to reveal its non-displayable characters, then decrypted to return the original input string:

   %string = 'this is a test':rc4encrypt('key')                                                      
   printText {~} is {%string:stringTohex}                                    
   printText {~} is: {%string:rc4decrypt('key')}                                                     
                                                                                                     

The result is:

   %string:stringTohex is E15655DAC416D10ACB3730FA22D2
   %string:rc4decrypt('key') is: this is a test

See also

List of Intrinsic String Methods