Computer Science Canada

[Tutorial] REBOL cloaking

Author:  btiffin [ Sat Apr 12, 2008 3:46 am ]
Post subject:  [Tutorial] REBOL cloaking

REBOL cloak

By Brian Tiffin
April 2008
By the way ... the designer pronounces REBOL as rebel.

cloaking

REBOL, the Relative Expression Based Object Language comes bundled with encloak and decloak. This is not full strength encryption (available in commercial versions) such as AES or Blowfish hence the name encloak versus encrypt. The key is Secure Hash Algorithm 1, breached by crypography experts, but hard to crack nonetheless so don't forget your keys.

Like many things in REBOL, cloaking is rather easy to use.
code:
>> help encloak
USAGE:
    ENCLOAK data key /with

DESCRIPTION:
     Scrambles a string or binary based on a key.
     ENCLOAK is a native value.

ARGUMENTS:
     data -- String to scramble (modified) (Type: any-string)
     key -- Key to use (Type: any-string)

REFINEMENTS:
     /with -- Use key as-is (for speed, no hashing)
>>
and the associated decloak
code:
>> help decloak
USAGE:
    DECLOAK data key /with

DESCRIPTION:
     Descrambles the string scrambled by encloak.
     DECLOAK is a native value.

ARGUMENTS:
     data -- String to descramble (modified) (Type: any-string)
     key -- Key to use (Type: any-string)

REFINEMENTS:
     /with -- Use key as-is (for speed, no hashing)
>>

And here is a quick example.
code:
>> cloaked: encloak "These are my deepest inner thoughts and desires" "junk"
== {?]?2pVS?^K?????^Qvum^YdE?
?? ^M?Fgm^_;??????^@?c6UB}
>>

Ok, that probably breaks a lot of web systems. Encloaked strings are not 7bit clean. Not good for email. Let's make that a little more forum friendly.
code:
>> cloaked: to binary! encloak "These are my deepest inner thoughts and desires" "junk"
== #{
B25DF732705653F80BF1C8DCE6D21176756D196445AB0AD290E4A00DF346676D
1F3BEECCDECDAE87E200BC63365542
}
>>

Not bad, but lets shrink it down some more. Base-64 makes for shorter binary encodings.
code:
>> system/options/binary-base: 64
== 64
>> cloaked: to binary! encloak "These are my deepest inner thoughts and desires" "junk"
== 64#{sl33MnBWU/gL8cjc5tIRdnVtGWRFqwrSkOSgDfNGZ20fO+7M3s2uh+IAvGM2VUI=}
>>

Now to try and see if all is well in scramble land.
code:
>> decloak to string! cloaked "crap"
== {^~??^-?^Q ?v??^@??P???n??^T?Ca?9??H??^U???*??^S?T2}
>> decloak to string! cloaked "junk"
== "These are my deepest inner thoughts and desires"
>>

Note the to string! step. You don't want to try and decloak the encoded binary! but the original scrambled string! data.

Keep a file safe from prying eyes
Here is a little script I use to keep rarely used passwords, and the Caramilk Secret.
code:
REBOL [Title: "scrambled"
    Author: "Brian Tiffin"
    Date: 03-Mar-2007
]
file: any [
    all [system/script/args to file! first parse system/script/args none]
    request-file/only
]
if any [not exists? file  confirm rejoin ["Overwrite " file "?"]] [
    key: ask "key: "
    print copy/part decloak to string! read/binary file key 64
    if confirm "ok? " [
        write file decloak to string! read/binary file key
        editor file
        if confirm "Ok to recloak?" [write/binary file encloak read file key]
    ]
    unset 'key
]

This little script: looks for a command line argument, assumed to be a filename, or pops up a requestor. After making sure I want to overwrite any existing file I'm asked to type in my cloaking key. If I like the looks of the first 64 characters I typed my key properly and have the right file it will write a plain text version, call up the editor and then, after giving me one last chance, overwrite the plain text data with new scrambled information. Finally it destroys evidence of the key, not perfectly, from someone getting at my console. This being a personal tool, it is up to me to re-scramble the information if I didn't like the edit or something goes sideways. Don't give this code to your boss and then tell them that it is 100% reliable, rock solid code. It isn't. I keep the first line of my scrambled file with 64 characters of stuff I don't mind people walking by seeing. Before the edit it is up to me to make sure they have walked away before I answer Yes to the ok? prompt.

This also requires a one time init of
code:
>> write %scrambled.txt encloak read %scrambled.txt "mykey"
or after I bungle an edit and don't give the Ok to recloak.

I don't care if this is not 7bit clean, it's local and I don't mail it anywhere. It is solely for those times when I can't remember something that I should remember. I use it about every half hour. If I can't recall the cloaking key, I'm hosed. I'm not an encryption expert and have no idea how to break SHA1. I'd probably ask someone on compsci.ca for help. Or, gasp, RTFM.

As always, for more information, please visit rebol.com.

In case you don't know how they get the soft gooey caramel in a Caramilk bar. They take hard caramel, spit on it, and pour over the chocolate. By the time you get your candy bar the enzymes have softened the caramel. So, now you don't need to try and crack my scrambled file. Ok?

Cheers


: