如何加密ini文件中的值

时间:2022-04-20 15:57:33

What is the best way to encrypt a value in INI file?

加密INI文件中的值的最佳方法是什么?

Using Encryption/Decryption key??

使用加密/解密密钥??

6 个解决方案

#1


For what purpose? Security?

出于什么目的?安全?

If you are trying to (e.g.) encrypt a plaintext password you should probably use some implementation of PKI. Remember though, that then key management becomes your problem. Just encrypting the value is not a panacea because the ini file is most likely on the local host's file system, presumably the same place you'll have to store your key pair. You've simply abstracted the problem down a layer. They won't be able to read your encrypted password directly, but if they can find the place you store your key pair they can decrypt it themselves.

如果您尝试(例如)加密明文密码,您应该使用PKI的一些实现。但请记住,密钥管理会成为您的问题。只是加密这个值并不是灵丹妙药,因为ini文件最有可能出现在本地主机的文件系统上,大概就是你需要存储密钥对的地方。你只是简单地将问题抽象出一层。他们将无法直接读取您的加密密码,但如果他们能找到您存储密钥对的地方,他们可以自行解密。

#2


For personal scripts where I have an email password, I use TinyEncryption.

对于我有电子邮件密码的个人脚本,我使用TinyEncryption。

I will put the passkey in the code itself. This prevents a casual snooper from just browsing through and picking up an email password.

我将把密钥放在代码本身中。这可以防止偶然的窥探者只是浏览并获取电子邮件密码。

The code is pretty simple too. Here it is in Python.

代码也很简单。这是在Python中。

import random
import base64
def tinycode(key, text, reverse=False):
    "(de)crypt stuff"
    rand = random.Random(key).randrange
    if reverse:
        text = base64.b64decode(text)
    text = ''.join([chr(ord(elem)^rand(256)) for elem in text])
    if not reverse:
        text = base64.b64encode(text)
    return text

For more enhanced security, I use PGP, but you then have to prompt for a passkey. There's no setup that's perfect, it depends on what your needs are.

为了更加增强安全性,我使用PGP,但您必须提示输入密码。没有完美的设置,这取决于您的需求。

#3


You could use any standard encryption algorithm with a key, and perhaps prefix the value with some random padding before encrypting.

您可以将任何标准加密算法与密钥一起使用,并且可以在加密之前使用一些随机填充为该值加前缀。

However where do you plan to store that key then? Or are you going to get the user to enter a password and derive a key from that? If not then it would be fairly pointless to encrypt the value.

但是,您计划在哪里存储该密钥呢?或者,您是否要让用户输入密码并从中获取密钥?如果没有,则加密该值将毫无意义。

#4


To what effect? What are you trying to protect or obfuscate?

到了什么效果?你想保护什么或混淆什么?

You could use one of the many two-way key encryption algorithms available for all platforms... But ask yourself why you're doing it in the first place. If you're trying to make something hack-proof, encrypting ini strings probably isn't going to get you that far because as soon as you decrypt the ini, the string is in memory. And the key to decrypt will be in your program. Childsplay to hack out.

您可以使用适用于所有平台的众多双向密钥加密算法之一...但问问自己为什么要这样做。如果你试图做一些防黑客攻击,加密ini字符串可能不会让你那么远,因为只要你解密ini,字符串就会在内存中。解密的关键将在你的程序中。儿童游戏要破解。

If you just want to stop people editing a setting easily, don't put it in an ini. Choose a binary format that the user will have a hard time editing.

如果您只想阻止人们轻松编辑设置,请不要将其放入ini中。选择用户难以编辑的二进制格式。

#5


Do you need to decrypt it too? If not you can just salt and hash it.

你还需要解密吗?如果不是,你可以加盐和散列它。

If you do want to decrypt it, then Id say you should specify the language as well perhaps.

如果你确实想要解密它,那么Id说你也应该指定语言。

#6


MD5 hash

Then you compare hash("password") with the ini_file.password hash

然后将hash(“password”)与ini_file.password哈希进行比较

#1


For what purpose? Security?

出于什么目的?安全?

If you are trying to (e.g.) encrypt a plaintext password you should probably use some implementation of PKI. Remember though, that then key management becomes your problem. Just encrypting the value is not a panacea because the ini file is most likely on the local host's file system, presumably the same place you'll have to store your key pair. You've simply abstracted the problem down a layer. They won't be able to read your encrypted password directly, but if they can find the place you store your key pair they can decrypt it themselves.

如果您尝试(例如)加密明文密码,您应该使用PKI的一些实现。但请记住,密钥管理会成为您的问题。只是加密这个值并不是灵丹妙药,因为ini文件最有可能出现在本地主机的文件系统上,大概就是你需要存储密钥对的地方。你只是简单地将问题抽象出一层。他们将无法直接读取您的加密密码,但如果他们能找到您存储密钥对的地方,他们可以自行解密。

#2


For personal scripts where I have an email password, I use TinyEncryption.

对于我有电子邮件密码的个人脚本,我使用TinyEncryption。

I will put the passkey in the code itself. This prevents a casual snooper from just browsing through and picking up an email password.

我将把密钥放在代码本身中。这可以防止偶然的窥探者只是浏览并获取电子邮件密码。

The code is pretty simple too. Here it is in Python.

代码也很简单。这是在Python中。

import random
import base64
def tinycode(key, text, reverse=False):
    "(de)crypt stuff"
    rand = random.Random(key).randrange
    if reverse:
        text = base64.b64decode(text)
    text = ''.join([chr(ord(elem)^rand(256)) for elem in text])
    if not reverse:
        text = base64.b64encode(text)
    return text

For more enhanced security, I use PGP, but you then have to prompt for a passkey. There's no setup that's perfect, it depends on what your needs are.

为了更加增强安全性,我使用PGP,但您必须提示输入密码。没有完美的设置,这取决于您的需求。

#3


You could use any standard encryption algorithm with a key, and perhaps prefix the value with some random padding before encrypting.

您可以将任何标准加密算法与密钥一起使用,并且可以在加密之前使用一些随机填充为该值加前缀。

However where do you plan to store that key then? Or are you going to get the user to enter a password and derive a key from that? If not then it would be fairly pointless to encrypt the value.

但是,您计划在哪里存储该密钥呢?或者,您是否要让用户输入密码并从中获取密钥?如果没有,则加密该值将毫无意义。

#4


To what effect? What are you trying to protect or obfuscate?

到了什么效果?你想保护什么或混淆什么?

You could use one of the many two-way key encryption algorithms available for all platforms... But ask yourself why you're doing it in the first place. If you're trying to make something hack-proof, encrypting ini strings probably isn't going to get you that far because as soon as you decrypt the ini, the string is in memory. And the key to decrypt will be in your program. Childsplay to hack out.

您可以使用适用于所有平台的众多双向密钥加密算法之一...但问问自己为什么要这样做。如果你试图做一些防黑客攻击,加密ini字符串可能不会让你那么远,因为只要你解密ini,字符串就会在内存中。解密的关键将在你的程序中。儿童游戏要破解。

If you just want to stop people editing a setting easily, don't put it in an ini. Choose a binary format that the user will have a hard time editing.

如果您只想阻止人们轻松编辑设置,请不要将其放入ini中。选择用户难以编辑的二进制格式。

#5


Do you need to decrypt it too? If not you can just salt and hash it.

你还需要解密吗?如果不是,你可以加盐和散列它。

If you do want to decrypt it, then Id say you should specify the language as well perhaps.

如果你确实想要解密它,那么Id说你也应该指定语言。

#6


MD5 hash

Then you compare hash("password") with the ini_file.password hash

然后将hash(“password”)与ini_file.password哈希进行比较