The latest version of the ScriptENGINE 2010: 3D Engine is now available.
Download it now! No obligations or time limitations. Purchase a license at any time to activate the full version.

Cryptography

ScriptENGINE: Lua 3D Engine Article SeriesIn this article, we will look at ScriptENGINE cryptography. Cryptography provides a way to encrypt and decrypt sensitive data. This could be stuff you're sending across a network, or data you're reading/writing to disk.

The cryptographic interface also exposes some utility functions like compression, checksums, hashing and message authentication.

 

View the Demo Code

The demos are included in the ScriptENGINE SDK. Now's a great time to get the ScriptENGINE SDK from our website (including the SciTE code editor, Programmer's Reference and ScriptENGINE Demos).

Navigate to the ScriptENGINE SDK/[Cryptography] Make your data unreadable to prying eyes folder for the example.

Open the world.e76script in the SciTE code editor. We will be referring to the world.e76script for the rest of this article.

 

The ScriptENGINE Demo Framework

The ScriptENGINE Demos are run using the runDemo.e76script framework code in the ScriptENGINE SDK/Demos folder.

 

Introduction

Cryptography is the art and science of information security. It includes information confidentiality, data integrity, entity authentication, and data origin authentication.

 

GUI Event handling

This demo's OnGui() callback function is called by the ScriptENGINE whenever a GUI event occurs (eg. button clicks). It's used to process the buttonEncrypt button click event.

 

Checksums

The ICrypto:checksumCRC() and ICrypto:checksumADLER() functions calculate checksums on input data. Checksums are typically used to verify the accompanying data has not been altered.

 

Hash Codes

The ICrypto:hashMD2(), ICrypto:hashRIPEMD160() and ICrypto:hashSHA160() functions calculate hashes for the input data. Checksums and hash codes are generally used to validate/verify data authenticity.

 

Message Authentication Codes

The ICrypto:hmacMD5() and ICrypto:hmacMD5verify() functions calculate/verify message authentication codes for the input data. The ICrypto interface also has functions to calculate the SHA160, SHA256, and SHA512 message authentication codes.

There are two primary distinctions between a message authentication code and a hash code. A message authentication code needs to be supplied a key and the same input generally does not produce the same authentication code on repeated attempts. Hence, verifying a MAC is not equivalent to manually comparing hash-codes and checksums. The MAC must be verified using the ICrypto:hmacXXXverify() functions.

 

Public/Private Key Data Encryption

The ICrypto:createPrivateKeyRSA() and ICrypto:createPublicKeyRSA() functions create private/public key pairs for use with RSA encryption.

The ICrypto:encryptRSA() and ICrypto:decryptRSA() functions encrypt/decrypt data using the public/private key pairs. RSA encryption is limited to input data with lengths smaller than the public key length. The public-key algorithms are comparatively slow (on the order of 1,000 times slower than symmetric algorithms), and are typically used to encrypt session keys or digitally sign messages.

When encrypting data, you must use the recipient's public key (which they would have previously sent to you). The recipient can then use their private key to decrypt the received data.

When signing data (to verify that it indeed did come from you), you use your private key. The recipient then uses your public key to verify the data was sent from you and not tampered with.

The public/private cryptographic system does not use a shared password like the symmetric cipher algorithms.

The private key is always kept secret, while the public key can be freely distributed.

RSA encryption is limitated to input data with lengths smaller than the public key length.

RSA encryption would typically be used to encrypt a symmetric session key, that's used during that session to encrypt/decrypt data.

 

Symmetric Cipher Data Encryption

The ICrypto:encryptDESMAC() and ICrypto:decryptDESMAC() functions encrypt/decrypt data using symmetric keys. That is, the keys used to encypt/decrypt the data are the same.

Symmetric cipher algorithms suffer from the problem of transmitting the secret key to recipients without compromising it. But they are much faster than the public/private cipher algorithms.

Some networking systems use a public/private key to establish a connection, create a symmetric 'session' key and transmit it, and then use the symmetric key to encrypt/decrypt data.

< Prev