Thoughts on an encrypted authorization system... encryption authorization ..

Thoughts on an encrypted authorization system... encryption authorization ..

There is a demand in the recent project. Generally speaking, the company has launched a website, but it needs to set a time limit on the use of this website, that is, to authorize it.

Due to time constraints, my Implementation ideas are as follows:

1. Write the registration machine code and use the registration machine to form an authorization file. The authorization file is an xml string, including the start time and end time nodes. Then, encrypt the xml string with encryption.

2. Put the authorization file under the website publishing directory, modify the code in the original website, parse the encrypted strings in the authorization file, and further judge

The implementation code is as follows:

Part of the registration machine code:

Base_64 bs = new Base_64 (); DateTime dtkssj = dtpKssj. value; string ksrq = dtkssj. toString ("yyyy-MM-dd"); DateTime dtjssj = dtpJssj. value; string jsrq = dtjssj. toString ("yyyy-MM-dd"); string xmlString = ""; xmlString + = "<KSRQ>" + ksrq + "</KSRQ> "; xmlString + = "<JSRQ>" + jsrq + "</JSRQ>"; string jmzf = bs. encrypt (xmlString); string dirPath = Application. startupPath; string filePath = dirPath + "\\ "+" Authorization file,. ini "; if (! File. exists (filePath) {File. create (filePath);} FileStream fs = new FileStream (filePath, FileMode. open, FileAccess. readWrite); StreamWriter sw = new StreamWriter (fs); fs. setLength (0); sw. write (jmzf); sw. close (); MessageBox. show ("registered successfully ");

As mentioned above, the idea of implementing the subject of the Registrar is to control the subject using xml strings in a specific format and then encrypt it in a specific way.

Part of the encryption code:

public string encrypt(string str)    {        int len = str.Length;        if (str == null)            return "";//throw new Exception("NULL pointer.");        if (len == 0)            return str;        string pTmp = "";        pTmp = str;        string dest = "";        for (int i = 0; i < len; i++)        {            char ch = pTmp[i];            int idx1 = ch >> 2 & 0x3f;            int idx2 = ch << 4 & 0x30;            dest += s_keys[idx1];            if (++i == len)            {                dest += s_keys[idx2];                break;            }            //ch = pTmp.charAt(i);            ch = pTmp[i];            idx1 = idx2 | ch >> 4 & 0xf;            idx2 = ch << 2 & 0x3f;            dest += s_keys[idx1];            if (++i == len)            {                dest += s_keys[idx2];                break;            }            ch = pTmp[i];            idx1 = idx2 | ch >> 6 & 0x3;            idx2 = ch & 0x3f;            dest += s_keys[idx1];            dest += s_keys[idx2];        }        return dest;//dest.toString();    }

Part of the decryption class code:

public string decrypt(string str)    {        if (str == null)            return "";//throw new Exception("NULL pointer.");        int len = str.Length;        if (len == 0)            return str;        string dest = "";        //StringBuffer dest = new StringBuffer();        for (int j = 0; j < len; j++)        {            char ch = str[j];            int i;            for (i = 0; i < 64; i++)                if (s_keys[i] == ch)                    break;            char tempDest = (char)(i << 2);            if (++j == len)            {                dest += tempDest;                //dest.append(tempDest);                break;            }            ch = str[j];            for (i = 0; i < 64; i++)                if (s_keys[i] == ch)                    break;            tempDest |= Convert.ToChar(i >> 4);            dest += tempDest;            //dest.append(tempDest |= i >> 4);            int temp = (i & 0xf) << 4;            if (++j == len)                break;            ch = str[j];            for (i = 0; i < 64; i++)                if (s_keys[i] == ch)                    break;            dest += (char)(temp | i >> 2);            //dest.append((char)(temp | i >> 2));            temp = (i & 0x3) << 6;            if (++j == len)                break;            ch = str[j];            for (i = 0; i < 64; i++)                if (s_keys[i] == ch)                    break;            dest += (char)(temp | i);            //dest.append((char)(temp | i));        }        return dest;//dest.toString();    }

Part of the code used to decrypt the authorization file of a Website:

String dirPath = Server. MapPath (""); string filePath = dirPath + "\" + "Authorization file. ini"; if (! System. IO. file. exists (filePath) {// unauthenticated file display unauthorized} else {System. IO. streamReader sr = new System. IO. streamReader (filePath, Encoding. UTF8); string content = sr. readToEnd (). toString (); sr. close (); Base_64 bs1 = new Base_64 (); string jmzf = bs1.decrypt (content); System. xml. xmlDocument xmldoc = new System. xml. xmlDocument (); // instantiate an XmlDocument object like xmldoc. loadXml (jmzf); System. xml. xmlNode xnKsrq = xmldoc. selectSingleNode ("KSRQ"); string ksrq = xnKsrq. innerText; System. xml. xmlNode xnJsrq = xmldoc. selectSingleNode ("JSRQ"); string jsrq = xnJsrq. innerText; DateTime dtKsrq = Convert. toDateTime (ksrq); DateTime dtJsrq = Convert. toDateTime (jsrq); DateTime dtNow = DateTime. now. addDays (1); int ks = DateTime. compare (dtKsrq, dtNow); int js = DateTime. compare (dtJsrq, dtNow); if (ks> 0 | js <0) {// display authorization expiration }}

Obtain the authorization file in the website code, decrypt it in symmetric mode, and compare the authorization start date with the end date with the server date.

Conclusion: The code is very simple, or even a little simple. I hope to introduce myself here. Is there a better implementation idea? Is the encryption using file authorization easy to crack ?...

I hope you can kindly advise .....