I want to store the password encrypted in sha256.sha256 is designed for hashing, not encryption.
Well I was meaning hashing then. :)But then it is not clear what you want to store in the registry. If only a hash, then this is not enough for registration (login/password).
This is my code how I encrypt string:And decrypt:
uses DCPrijndael, DCPsha256; var S1, S2: String; c: TDCP_rijndael; begin c := TDCP_rijndael.Create(nil); try c.InitStr('MyCustomKey', TDCP_sha256); S1 := c.EncryptString('First string'); c.Reset; S2 := c.EncryptString('Second string'); finally c.Free; end; end; One thing I noticed. If you want to encrypt / decrypt next string using the same object, you must first reset this object by "Reset" call. Otherwise, next string will be incorrectly encrypted / decrypted
uses DCPrijndael, DCPsha256; var S1, S2: String; c: TDCP_rijndael; begin c := TDCP_rijndael.Create(nil); try c.InitStr('MyCustomKey', TDCP_sha256); S1 := c.DecryptString(SomeEncryptedVariable); c.Reset; S2 := c.DecryptString(SomeEncryptedVariable); finally c.Free; end; end;
That's just what I'm looking for. So how do I should start to learn it?
For a very simple two way encrypt/decrypt start with XOR.
Otherwise, when using a hash, store the hash, not the password, and re-hash it based on user input. If the two hashes are equal, the password is OK. That also means that - when implemented correctly - the password itself is never stored or visible.
Must be in some previous answer but just in case:
A SECURE HASH CAN NOT BE DECRYPTED
Period.
That is how interpreted it. But looking at the original question that was not very clear:encrypt/decrypt....
Guys I can't apply that way, because I'd like to make an auto login. That way was good if everytime I had wrote my password, is it can be compared with the stored one after the encryption. With the auto login I should set a private key used for the encryption so I'm learning this way now: https://forum.lazarus.freepascal.org/index.php?topic=10970.msg55542#msg55542
Guys I can't apply that way, because I'd like to make an auto login.That can be achieved by issuing certificates from your own authority to your users.
I have in mind this.Hopefully not.
First time that the form is opened there's a button to click that will ask for username ans password and will store it.
Next time I'll open the Form and click the button it automatically login (the exe is intended for a user only so there's no need to ask user and psw again).Never do that. Do not store anything except the hash.
The exe should contain the key to decrypt the string stored.
I have in mind this.Your method is not safe. It can be easily cracked by an advanced user. However if the goal is to store the credentials in a relatively safe form(not plain text), so a regular user cannot see it then is doable.
First time that the form is opened there's a button to click that will ask for username ans password and will store it.
Next time I'll open the Form and click the button it automatically login (the exe is intended for a user only so there's no need to ask user and psw again).
The exe should contain the key to decrypt the string stored.
I have in mind this.
First time that the form is opened there's a button to click that will ask for username ans password and will store it.
Next time I'll open the Form and click the button it automatically login (the exe is intended for a user only so there's no need to ask user and psw again).
The exe should contain the key to decrypt the string stored.
Guys the software will be used by me only. It will be not shared or sold...
That's why the windows lock is enough when I'm not in front of the pc.
But I need so an easy encryption / decryption way of a simple string.Here you go...this is a simple way to Encrypt/Decrypt a string with a key. No extra packages are needed.
Edit: just read base64 is unsafe.Blowfish, the main part of the encryption is Blowfish. Base64 is just for cosmetic purposes, so the end result don't look like a vomit.
OAuth and similar systems are better ....Actually, that is an implementation of part of what I described :D
But, what Conte wants is not that different to what we do with our browsers every day, we go to some web site, perhaps gitlab, enter our password and the browser wants to save it for us. Come back tomorrow and its all there cached. I am guessing Firefox encrypts your (not mine) password and decrypts it when its needed the next day ?
Just wanted to add this great article about PW hashing.
https://medium.com/@marcusfernstrm/hash-it-like-you-mean-it-proper-password-hashing-in-freepascal-55c85bad4a96
Just wanted to add this great article about PW hashing.It's still difficult to apply encryption/decryption for auto login for me. :(
https://medium.com/@marcusfernstrm/hash-it-like-you-mean-it-proper-password-hashing-in-freepascal-55c85bad4a96
Just studying this to understand if what's I'm looking for: https://stackoverflow.com/a/13146105/3147886
So problem changed: I need a safe way to store the password, without success.
So problem changed: I need a safe way to store the password without success.
I'm blocked with the auto-login. I was able to encrypt a string but didn't realized it cannot be decrypted.
unit Unit1;
{$mode objfpc}{$H+}
interface
uses
Classes, SysUtils, Forms, Controls, Graphics, Dialogs, StdCtrls, jwawindows;
type
{ TForm1 }
TForm1 = class(TForm)
Button1: TButton;
Button2: TButton;
Button3: TButton;
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
procedure Button3Click(Sender: TObject);
private
public
end;
var
Form1: TForm1;
implementation
{$R *.lfm}
Incorrect parameter!'This message makes no sense to me. Anyways I' m out of office until Monday so I cannot help. Maybe somebody else can test the code, if not I will take a look Monday.
Yes, problem was lazarus bit version. With the 32bit works now.Good! Finally some progress...now we have to figure out why does not work with the 64 bit version. Again I'm not home now, but you can try the following: