I’m looking for a way to encrypt and decrypt a string, preferably resulting in another string that isn’t too long. It needs to work cross platform, so including iOS, Mac, Win and Android, which rules out plugins.
I know hashing won’t work, as the encrypted string needs to be decrypted as well.
I’m now using a simple XOR to obfuscate the original string, but would like to use something a little more secure. The source string is short; about 12 characters.
By the way, ChatGPT and Copilot aren’t very helpful when it comes to asking Xojo questions; the result is usually code that uses non existing functions.
The encryption itself is the easy part. The hard part is what to do with the key. Both symmetric and asymmetric encryption need some kind of a key, so you then need to store that somehow.
I’m fine with using a key that could be a constant on every platform, the reason to encrypt it is to avoid people using variations of the original string.
For example, the string could have “REF00004” and then somebody could try use “REF00005”,
which I would like to avoid.
He wants to obfuscate some IO data trying to avoid people to reuse it by hand? Maybe he intends some URL encoded data? I think he needs more protections, like avoiding GETs and using POSTs with contents INSIDE the message and not on the URL. Also ticket schemes for a use once only, and validation of the message against tampering. Some kind of basic OAuth scheme.
Then why not just use hashes for the check and then store an encrypted string? Every encrypted string would then just have a buddy hash. If I understand the problem statement right.
Ok I think I see the use case. You want to be able to generate and read a QR code that somebody cannot tamper with.
You don’t need encryption for this. You can sign the data instead. For example, if the value is ABC123, you would produce a hash of the value plus some secret. Such as ABC123:MySecret. You include both in the QR code, and when you read it, you take the value, hash it again, and compare against the included hash.
Boudewijn - what is the sophistication of those you are trying to keep the string from? XOR is a simple start. If you take that result and subtract an integer value from the character value, then rearrange the characters in a pattern known to your decryption algorithm, that should obfuscate to a practical level. Maybe you XOR as a last step. It’s not RSA strong - but a “result” won’t be obvious if someone tries a simple XOR or ROT13 decryption method.