#1 2017-04-11 07:04:41

mingda
Member
Registered: 2013-01-04
Posts: 121

Application Locking

I'm learn  Application Locking through doc.

Through these step:
1. first make a SelfSigned public and private key
2. make a test program, put a button

procedure TForm1.Button1Click(Sender: TObject);
const
  AppLockPublic64 =	'AQD9AP0AagIODCLNMfBnPirgW4w/EasRLQ1h6CyAAAAAAAAAAAAAAA4MIs0.....';
var
  S: PShortString;
  r: TECCAuthorize;
begin
  r := ECCAuthorize(FAppSecret, 0, '', 'abc', '', AppLockPublic64);
  S := ToText(r);
  ShowMessage(UTF8ToString(ShortStringToUTF8(s^)));
end;

AppLockPublic64 is copy from public key's "Base64" value, run  and click button, will get
another two user@host public and private file,

copy user@host.public to app.public directory, and make a user@host.json file, content is :

{
	"Root": "TestRoot"
}

run the bat file

@echo off
echo Usage: unlock user@host
echo.
ecc sign -file %1.json
ecc crypt -file %1.json
del %1.json.sign

use user@host.public to crypt, after crypt, rename the user@host.json.synecc file to user@host.unlock,
then copy it to test program's exe directory, click button1, but still show eaInvalidUnlockFile, after debug, the call

      decrypt := priv.Decrypt(unlock, json, @signature, nil, nil, aDecryptSalt, 10000);

decrypt return value is ecdDecryptError, what's wrong with my test, thanks!

Mingda

Last edited by mingda (2017-04-11 07:10:18)

Offline

#2 2017-04-11 16:26:44

Junior/RO
Member
Registered: 2011-05-13
Posts: 210

Re: Application Locking

Excelent question.

Offline

#3 2017-04-11 16:34:05

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,661
Website

Re: Application Locking

One of the decryption parameters doesn't match the encryption parameter, I guess.

Offline

#4 2017-04-12 07:09:47

mingda
Member
Registered: 2013-01-04
Posts: 121

Re: Application Locking

ab wrote:

One of the decryption parameters doesn't match the encryption parameter, I guess.

I start a fresh new test, make applock keys, except issuer, passPhrase of .private, all parameter else is the ecc tool default value,
user@host key, is auto generated by the call ECCAuthorize,

var
  S: PShortString;
  r: TECCAuthorize;
begin
  r := ECCAuthorize(FAppSecret, 0, '', 'abc', '', AppLockPublic64);
  S := ToText(r);
  ShowMessage(UTF8ToString(ShortStringToUTF8(s^)));
end;

so the parameter is

aSecretDays := 0;
aSecretPass := '';
aDPAPI := 'abc';
aDecryptSalt := '';
aAppLockPublic64 is copy from applock.public's base64 value;

1. call unlock.bat to use applock private key to sign user@host.json,
2. use user@host.public key to crypt user@host.json,
3. copy the new .json.synecc file to the test program,
4. rename it to .unlock file, then run, the same route, not success,
where is wrong, thanks!

Last edited by mingda (2017-04-12 07:12:21)

Offline

#5 2017-04-12 08:10:34

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,661
Website

Re: Application Locking

Are you sure your crypt salt rounds was 10000 ?

A typical batch may be:

ecc sign -file %1.json -auth ..\authlock -pass authlockpass -rounds 60000

ecc crypt -file %1.json -out %1.unlock -auth %1 -saltpass saltpassword -saltrounds 10000

del %1.json.sign

Offline

#6 2017-04-12 08:46:38

mingda
Member
Registered: 2013-01-04
Posts: 121

Re: Application Locking

ab wrote:

Are you sure your crypt salt rounds was 10000 ?

In unlock.bat i remove the salt, let input through console, ecc's default salt is 60000,
so this is the problem, after salt rounds change to 10000, test is pass,
Encryption is very interesting, thank you very much!

Offline

#7 2017-04-12 10:09:22

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,661
Website

Re: Application Locking

Yes, following the batch file as provided in the documentation helps...
wink

Offline

Board footer

Powered by FluxBB