PERL And Blowfish

vjj has asked for the wisdom of the Perl Monks concerning the following question:

Hello,

Recently I got a PERL program written that will encrypt file using Blowfish. I need some changes but am unable to trace that person and I am not a PERL programmer.

Hence I would like to put following questions in this forum:

a. The file cryptdata.pl has the following line: use Crypt::Blowfish; Since I am running this under windows and the source is pure text, can I change the line to use Crypt::Blowfish_PP; using NotePad?

b. Also can I change the line:

my $proc = new Crypt::Blowfish $key_valid;
[download]

my $proc = new Crypt::BlowfishPP $key_valid;
[download]

c. The source file has:

my $key = "My key"
[download]

Now this key is in pure text format. How can I encrypt this key itself? Otherwise programmers who will use this source file can see the key which is not good. In other words, I need to put the encrypted key and then decrypt it at run-time. If this is not possible, then can I compile this cryptdata.pl file into an executable? If yes, how? or is there any third party tool that can convert my .pl file into an exe?

d. What is difference between Blowfish and Blowfish_PP? Will the output differ if I change Blowfish to Blowfish_PP?

Regards,
VJ

Comment on PERL And Blowfish Select or Download Code

Replies are listed 'Best First'.
Re: PERL And Blowfish by sgifford (Prior) on Apr 12, 2006 at 17:38 UTC
Hi vjj, You've got the right idea; you can edit the script in notepad or any other text editor, and if Crypt::Blowfish_PP is designed to be a drop-in replacement for Crypt::Blowfish, you should be able to make the changes you describe. Whether it will work perfectly or not will require you to try it and test it. There's no real way to make the key invisible in the program, since the program needs the key. You can take various measures to obfuscate it, but they can all be figured out by anybody with a little perl knowledge. You can protect it with OS-level protection, like file permissions controlling who can see and run the script. -- sgifford's Web page	[reply]
Re: PERL And Blowfish by ikegami (Patriarch) on Apr 12, 2006 at 17:41 UTC
Hello, Recently I got a PERL program written that will encrypt file using Blowfish. The prefered spelling is "Perl", not "PERL". What is difference between Blowfish and Blowfish_PP? Will the output differ if I change Blowfish to Blowfish_PP? The file cryptdata.pl has the following line: `use Crypt::Blowfish;`. [...] can I change the line to `use Crypt::Blowfish_PP;` using NotePad? Hopefully, speed is the only difference. Try it. can I change the line: `my $proc = new Crypt::Blowfish $key_valid;` to `my $proc = new Crypt::BlowfishPP $key_valid;` That should be `my $proc = new Crypt::Blowfish_PP $key_valid;` The source file has: my $key = "My key" Now this key is in pure text format. How can I encrypt this key itself? That won't accomplish what you desire, since you'd then need another plaintext key to decrypt the key. You have two options: You could prompt for the key. You could control access to the .pl using your OS's permission system. Actually, Better yet, move the key to a seperate file and control access to both the .pl and the key file. That way, it's easier to use revisioning systems on the .pl, to make copies of the .pl, etc. If this is not possible, then can I compile this cryptdata.pl file into an executable? FAQ. Making an executable doesn't hide anything. It'll still be just as visible to the trained eye.	[reply] [d/l] [select]
Re: PERL And Blowfish by eric256 (Parson) on Apr 12, 2006 at 19:36 UTC
If you use PGP or GPG then the key used to encrypt it can't be used to decipher it. In that way it would be more secure. Just a though. ___________ Eric Hodges	[reply]
Re: PERL And Blowfish by inman (Curate) on Apr 13, 2006 at 08:08 UTC
The line `use Crypt::Blowfish;` will look for and load an optional module. This module needs to have been downloaded and installed on your machine. Many modules are only Perl but Crypt::Blowfish is probably an example of a module that has a binary component. Since Perl comes from a UNIX background, it is assumed that UNIX tools including a compiler are available to you. Windows users can also install these tools or make use of pre-packaged distributions. My recommendation if you are starting out with Perl is to install the ActiveState distribution since this is well known and has good support for downloaded packages. You will need to learn how to use the PPM (Perl package manager) tool that is used to find and install modules. I have added the University of Winnepeg repository to my PPM configuration since this has better support for the Crypt:: modules.	[reply] [d/l]