XML module with encryption support?

BlitzMax Forums/BlitzMax Programming/XML module with encryption support?

Nennig(Posted 2016) [#1]
Hi there,

I have an app where I save and load data in XML.

I would like these files to have some sort of encryption so that there are not directly readable by the users.

I looked around and some module named MaXML seemed to be available at some point but the download link is dead. Does anyone has a copy of this module?

At the moment, I am using the Libxml module. Is it possible to do encryption with this Libxml module?

Thank you
Best regards


Yasha(Posted 2016) [#2]
XML is a text format. Generate the XML normally and then use a generic text encryption function to encrypt it the same way as any other piece of text. There's no real reason for an XML library to have this feature as it has nothing to do with XML.

(But what's the point of using XML at all if the data isn't user-modifiable? XML is a human-readable transfer format; if it's neither to be read by humans nor transferred, a binary storage format will be much more efficient.)


Nennig(Posted 2016) [#3]
Hi Yasha,

Thank you for your answer.
I started my app using XML and only later down the road realized that I should not let the user modify this data.
I ended up in this situation because I changed my mind about what the user can or can't do.

I will investigate the write to binary file option, thank you!

Best regards


Derron(Posted 2016) [#4]
as your data is readable somehow (when processed by your app - in RAM) you might just use:

XML + password-secured zip.

So instead of just zipping the XML with LibXML, you pass the XML to koriolis.zip-module (at least I think this was the module offering passworded-zip-files).


@Yasha
It is useful if the datastructure might change here and there. So you might change a datatype from int to float (assumption: just more precision, nothing in logic changes) ... with a binary you need to add a type definition like you might do with XML - or use "data-version"-indicators and different version-handlers in your code. I use Brucey's Persistence.mod (his PersistenceJSON.mod would do too!). So slight changes to the data structure in my app still keep the thing compatible. I understand that things might break easier than with a binary-version and different loaders/loader-functions.


bye
Ron


xlsior(Posted 2016) [#5]
there's a number of string-level encryption/decryption routines in the code archives -- just read/write the XML as you currently do, and pre/post process the strings individually before using them for anything else.


Nennig(Posted 2016) [#6]
Hi xlsior,

Thank you for your suggestion. I tried it but LibXML would not let me load files with special characters in it. These weird characters are plenty when using the RC4 encryption function I found on this site.

The top of my XML files reads like this: <?xml version="1.0" encoding="ISO-8859-1"?>

Would you have any suggestions?

Thank you


Derron(Posted 2016) [#7]
You need to make sure that you encode your strings before storing them with LibXML

xmlDdoc.encodeEntities(yourString)


bye
Ron


Nennig(Posted 2016) [#8]
Thank you Ron.

This trick allowed me to load the Xml file but it also messes up the RC4 encryption.
Meaning that after encryption, encoding and saving, I dont get back the correctly de-coded data when loading...

I did not expect this to be that hard! ;-)

Best regards


Derron(Posted 2016) [#9]
Do you have a small "working" example?


Thought getContent() decodes already...


Bye
Ron


Nennig(Posted 2016) [#10]
Thank you Ron,

I switch the encryption algorithm from RC4 to Vernam.
I found the code on this site for Vernam and it works great!

Many,many thanks!

bye


Derron(Posted 2016) [#11]
Really, there should be no problem with RC4 and libXML.

Why? Brucey uses it in his persistence.mod where he is serializing and deserializing arbitrary values (strings, custom formats ...).


I just assume you missed some needed steps when writing or reading the xml.


bye
Ron


xlsior(Posted 2016) [#12]
If RC4 uses special binary characters, you can add another step by doing a BASE64 or MIME conversion which stores 8 bit binary text in 7 bit printable characters only.


Nennig(Posted 2016) [#13]
Yep Ron, it is very much possible that I messed it up.

Using Vernam I got the result I was looking for so I will stop there.
Time is precisous, I only have got a few more days before my holidays are over ;-)

Thank you