password encryption

Scripting Forums AppleScript Studio & Xcode
,
#1

Hi

I want to save a passwort in the user defaults. Is there any possibility to encrypt this, otherwise it’s not safe enough to save it there, or is there any other way to save a password?

Thanks

#2

What level of encryption are you looking for? Just some simple garbling of the text to keep prying eyes away… or real, heavy-duty encryption for maximum security?

j

#3

I want to save the admin password to do some ditto commands with admin privileges…

Thanks

#4

Use the keychain, not the preferences file, or, better yet, just ask the user to authenticate each time–it’s really the best way. Here’s code for using the keychain:

Jon

[This script was automatically tagged for color coded syntax by Convert Script to Markup Code]

#5

Hi

Sounds good Jon, thanks. I will try it!

Thanks

#6

Greetings.

I was working on a LOW-SECURITY method of jumbling text some time back, and this thread got me interested in working on it again. This technique uses ascii character offset encoding, and should provide at least the foundation for creating a basic ‘encrypting’ method. It is NOT a source of perfect security, but does a pretty good job messing up the legibility of text and has a few extra touches that make it a bit harder to crack than straight ascii character shifting. I do (and you should) realize that this is NOT true encryption, and that I use the term ‘encryption’ below very loosely, and without the implication of true security.

When any text is submitted for encryption, it does the following…
First, it creates a list of 5 random key numbers between 101 and 255. These serve as offsets which the script uses to translate a given character into another character. Every character of the input text is evaluated, and given a new ascii code based on it’s base-5 index relative to the list of random keys. Then, the 5 random keys are encrypted using a known offset (127) and are inserted into the middle of the main encrypted text. This way, the message itself contains the keys to decrypt itself.

When you send previously encrypted text to the script, it extracts the keys from the center of the string, and then uses them to undo the encryption. Note that the text needs to be longer than 1 character to decrypt.

As I said, this is more a mechanism for jumbling text, not necessarily for providing high-security encryption such as using the keychain or using openssl or blowfish. There is no complex algorithm at work, and it does not rely on complex public/private keys. If you are going to be developing public distribution apps… especially ones that ask users for their passwords to the system… it would be best to use another, more secure method. If you simply wish to encrypt passwords or other data you collect for your own use, it’s up to you how you encrypt it and what level of security you are comfortable with. Remember that your users put their faith in you, in that you have given some thought to keeping their info safe. What you may be comfortable with may not be considered the standard.

If this type of approach will work for your project, you may want to work with this code a bit to find out how it works, and then find some ways to customize it a bit to make it a bit more unpredictable… considering that it’s posted here in public for everyone to reverse engineer. :wink: I could offer some suggestions if you would like to contact me privately.


(* * * * * * * * * * * * * Application * * * * * *)
set theInput to (display dialog "Enter text:" default answer "" buttons {"Cancel", "Decrypt", "Encrypt"} default button "Encrypt")

tell theInput to set {theAction, theText} to {button returned, text returned}

if (theAction is "Encrypt") and (theText is not "") then
	set theOutput to (encrypt(theText))
else if (theAction is "Decrypt") and (theText is not "") then
	set theOutput to (decrypt(theText))
else
	display dialog "Unable to Continue!" buttons {"OK"} with icon 2
end if

(* * * * * * * * * * * * * Subroutines * * * * * *)
to encrypt(tmpText)
	set encryptedText to ""
	set tmpKey to 1
	set embedPoint to (round ((count characters in tmpText) / 2) rounding up) as integer
	
	set randomKeys to {}
	repeat with i from 1 to 5
		copy ((random number from 101 to 255) as integer) to the end of randomKeys
	end repeat
	
	set packedKeys to packRandomKeys(randomKeys)
	
	repeat with i from 1 to (count characters in tmpText)
		set tmpChar to character i of tmpText
		
		set tmpAscii to ((ASCII number tmpChar) + (item tmpKey of randomKeys))
		if tmpAscii > 255 then set tmpAscii to tmpAscii - 255
		
		set encryptedText to (encryptedText & (ASCII character tmpAscii)) as string
		
		if i = embedPoint then
			set encryptedText to (encryptedText & packedKeys) as string
		end if
		
		set tmpKey to (tmpKey + 1)
		if tmpKey > 5 then set tmpKey to 1
	end repeat
	
	return encryptedText
end encrypt

to packRandomKeys(randomKeys)
	set packedKeys to ""
	set tmpPackedKeys to (randomKeys as string)
	
	repeat with i from 1 to (count characters in tmpPackedKeys)
		set tmpChar to character i of tmpPackedKeys
		
		set tmpAscii to ((ASCII number tmpChar) + 127)
		if tmpAscii > 255 then set tmpAscii to tmpAscii - 255
		
		set packedKeys to (packedKeys & (ASCII character tmpAscii)) as string
	end repeat
	
	return packedKeys
end packRandomKeys

to decrypt(tmpText)
	set decryptedText to ""
	set tmpKey to 1
	set extractPoint to (round (((count characters in tmpText) - 15) / 2) rounding up) as integer
	
	set packedKeys to (characters (extractPoint + 1) through (extractPoint + 15) of tmpText) as string
	set unpackedKeys to unpackRandomKeys(packedKeys)
	
	set encryptedText to ((characters 1 through extractPoint of tmpText) & (characters (extractPoint + 16) through -1 of tmpText)) as string
	
	repeat with i from 1 to (count characters in encryptedText)
		set tmpChar to character i of encryptedText
		
		set tmpAscii to ((ASCII number tmpChar) - (item tmpKey of unpackedKeys))
		if tmpAscii < 0 then set tmpAscii to tmpAscii + 255
		
		set decryptedText to (decryptedText & (ASCII character tmpAscii)) as string
		
		set tmpKey to (tmpKey + 1)
		if tmpKey > 5 then set tmpKey to 1
	end repeat
	
	return decryptedText
end decrypt

to unpackRandomKeys(packedKeys)
	set tmpUnpackedKeys to ""
	set unpackedKeys to {}
	
	repeat with i from 1 to (count characters in packedKeys)
		set tmpChar to character i of packedKeys
		
		set tmpAscii to ((ASCII number tmpChar) - 127)
		if tmpAscii < 0 then set tmpAscii to tmpAscii + 255
		
		set tmpUnpackedKeys to (tmpUnpackedKeys & (ASCII character tmpAscii)) as string
	end repeat
	
	repeat with c from 1 to 5
		set tmpKey to ((characters ((c * 3) - 2) through (c * 3) of tmpUnpackedKeys) as string) as integer
		copy tmpKey to the end of unpackedKeys
	end repeat
	
	return unpackedKeys
end unpackRandomKeys

Hope this can be of use to someone…
j

#7

Hi,
I have tried jonn8’s script, and it won’t work. When removing the try statements, I get “Applescript Error, Keychain Scripting got an error: Can’t get keychain “elijahg”. (-1728)”.

Can anyone help please? :slight_smile:

#8

tell application “Keychain Scripting”
try
set myKey to first generic key of current keychain whose service is “com.yourService”
on error
set myKey to “”
end try

if myKey = "" then
	try
		make new generic key with properties {name:"yourName", account:"yourAccount", service:"com.yourService", password:"1234"}
		set myKey to first generic key of current keychain whose service is "com.yourService"
	on error
		set myKey to ""
	end try
end if

try
	set thePassword to password of myKey

end
end tell

Browser: Safari 412
Operating System: Mac OS X (10.4)