File Encryption

vek has asked for the wisdom of the Perl Monks concerning the following question:

Esteemed Monks,

I went googling for this answer and came across a post to the perl-beginners list that is almost exactly the same dilemma I'm facing. Unfortunately, I didn't find an answer that helps me out. Bascically the question is 'how do you test to see if a file is encrypted?'

We receive files from many vendors on a daily basis. Each vendor has their own MySQL configuration table that our Application Support folks maintain - that way each time we bring a new vendor on board no programming is *usually* required. One of the columns in the table is called 'decrypt' - you either set this flag to 'Y' or 'N'. If the vendor supplies encrypted files, set this flag to 'Y' - the decryption routines will only be called if this 'flag' is set to 'Y'.

Obviously it's not safe to just rely on Application Support getting this right so I need my program to be smart enough to see if a file is encrypted even if the config table has 'N' in the 'decrypt' column.

Here's the code:

if ($cv->{decrypt} =~ /y/i
   || ! -T $workFile
   || $workFile =~ /.pgp$/i
   || $workFile =~ /.gpg$/i) {
       my $decError = handleDecryption ($workFile);
}
[download]

Can anyone suggest any other tests for encryption? Maybe the answer is not to test the file at all and just throw the file at GnuPG even if it's not encrypted - that's rather messy though and I'd rather not call the decryption routines if I don't have to.

TIA
vek.

Comment on File Encryption Download Code

Replies are listed 'Best First'.
Re: File Encryption by Beatnik (Parson) on Dec 16, 2001 at 22:20 UTC
Check Re (tilly) 1: What data is code? by tilly... Greetz Beatnik ... Quidquid perl dictum sit, altum viditur.	[reply]
Re: File Encryption by Zaxo (Archbishop) on Dec 17, 2001 at 00:55 UTC
An encrypted or compressed file will contain uniformly distributed characters in the range 0..255. You don't mention what character set or binary format make up the data, but whatever it is it will likely have enough structure to obey very different statistics. A linear scan through the file for character frequency should provide enough information for a decision. After Compline, Zaxo	[reply]
Re: File Encryption by traveler (Parson) on Dec 17, 2001 at 03:09 UTC
PGP encrypted files begn with 0xa600 OpenPGP does not appear to use that convention, though. --traveler	[reply]
Re: File Encryption by hsmyers (Canon) on Dec 17, 2001 at 09:47 UTC
The non-code answer is to 'do nothing'. You have in place a method to determine yes/no on encryption. By and large, this leaves two adverse cases. First, human error. Second malicious intent. Attempts to fight the second scale off the charts very quickly and in any event should be extremely rare. The first, far more likely should only require graceful recovery. At some point even coding comes down to a matter of trust…remember that trust does not preclude thoughtful paranoia! If you start your cost analysis from this POV, examine the effort in it's usual terms (time, manpower, etc.) and implement solutions accordingly. Not that my experience is yours, but unless there is a compelling reason to go much further than you have, things complicate quickly from here on out. –hsm "Never try to teach a pig to sing…it wastes your time and it annoys the pig."	[reply]
Re: File Encryption by bmccoy (Beadle) on Dec 17, 2001 at 09:04 UTC
Perhaps you should require the encrypted files to be signed, and then verify the signature if one is supplied (which is a good thing to do). -- Brett Go not to the Elves for counsel, for they will say both no and yes	[reply]


Pathologically Eclectic Rubbish Lister
	PerlMonks