Use VB.net to compile a regular mail sending program (2)

The last time I designed a basic interface, I also decided to use the INI file as the parameter storage method and call the Windows API function to perform the INI file read and write operations, but there was an important problem, this applet involves two passwords: one is the database connection password, and the other is the mail server sending password. If we directly Save the password to the INI file in plaintext, if the INI file is accidentally leaked, other people can easily obtain these parameters, which may attack the database or email server or forge emails, causing unnecessary trouble. Therefore, my next step is to encrypt sensitive information.

There are many common encryption algorithms, but the first thing to be sure is that the encryption algorithm we choose must be reversible. That is to say, encryption can be performed using the same password, you can also decrypt the plaintext. Otherwise, the Saved Password cannot be restored. In this case, the most common MD5 encryption method is unavailable. I chose the DES encryption method, although this encryption method may be a bit old, it seems enough in this situation. The most important thing is that it is included in a class of, it is easy to call.

Imports system. security. cryptographyimports system. textpublic function encrypt (byval ptoencrypt as string, byval skey as string) as string dim des as new descryptoserviceprovider () dim inputbytearray () as byte inputbytearray = encoding. default. getbytes (ptoencrypt) ''creates the key and offset of the encryption object''. The original text uses asciiencoding. the getbytes method ''of the ASCII method requires that the English text des be entered. key = asciiencoding. ASCII. getbytes (skey) DES. IV = asciiencoding. ASCII. getbytes (skey) ''write binary array to encrypted stream'' (write all content in the memory stream) dim MS as new system. io. memorystream () dim CS as new cryptostream (MS, Des. createencryptor, cryptostreammode. write) ''write binary array to encrypted stream'' (write all content in the memory stream) Cs. write (inputbytearray, 0, inputbytearray. length) Cs. flushfinalblock () ''creates the output string dim RET as new stringbuilder () dim B as byte for each B in ms. toarray () ret. appendformat ("{0: X2}", B) next return ret. tostring () end function public function decrypt (byval ptodecrypt as string, byval skey as string) as string Try Dim des as new descryptoserviceprovider () ''put the string into the byte array dim Len as integer Len = ptodecrypt. length/2-1 dim inputbytearray (LEN) as byte dim X, I as integer for x = 0 to Len I = convert. toint32 (ptodecrypt. substring (x * 2, 2), 16) inputbytearray (x) = ctype (I, byte) Next ''establishes the key and offset of the encryption object. This value is important, des. key = asciiencoding. ASCII. getbytes (skey) DES. IV = asciiencoding. ASCII. getbytes (skey) dim MS as new system. io. memorystream () dim CS as new cryptostream (MS, Des. createdecryptor, cryptostreammode. write) Cs. write (inputbytearray, 0, inputbytearray. length) Cs. flushfinalblock () return encoding. default. getstring (Ms. toarray) catch ex as exception return "" end try end Function

Note that the key of the DES algorithm must be an eight-character English letter or number, and there must be no more or fewer keys. Otherwise, an error will be reported.

Now, I will slightly change the statements for reading and writing INI, add a password when writing, and automatically decrypt when reading. If the key uses a fixed eight-bit string, the sample code is as follows:

 

INIFILE = application. startuppath + "\ Sendmail. ini "'encrypt the password and write it into the INI file. The key is fixed to" vvian999 "writeini (" SMTP "," password ", encrypt (txt_mailpwd.text," vvian999 "), INIFILE) 'decrypt the Read Password and put it in the text box txt_mailpwd.text = decrypt (getini ("SMTP", "password", "", INIFILE), "vvian999 ")

In this way, the password parameter stored in the INI file is already an encrypted string. Without knowing the key, it is difficult for ordinary people to crack it and obtain sensitive information. But security always comes first. I thought that if the person who got the INI file runs this program on another machine, the text box will display the asterisk password in plain text, as long as a password viewer or other software is used, the password will be leaked, and if the key is written to an executable file, the encryption rules will be the same, and it is not good, the best way is that the key of each machine is a fixed value, but the keys of each machine are different. In this case, even if you copy a program and an INI file to another server, the program cannot be executed normally and the security is guaranteed.

The best way to get a fixed key for each machine is to obtain a certain hardware value of the machine, such as the hard disk number, CPU number, Nic MAC address, and other data that will not change, use the data to obtain an eight-bit string, and use this as the key to encrypt a string that is only known to you. The decryption is performed once at each startup. If the decryption result is the same, proceed, if the decryption result is different, an error is reported. You need to re-enter the password of the database and email server to maximize data security. This is actually a common registration code for shared software.

I used system to obtain hardware information. management, which can be obtained by Using WMI. For example, the following example is to obtain the MAC address of the network card, and then use the first eight bits as the key for encryption, because the MAC address is 12 bits, you don't have to worry about the insufficient length. You can take the last eight bits and the middle eight bits for processing. After an encrypted string is added to the INI file at the same time, a check will be performed each time the program is started.

'The hardware code is obtained first. The first eight dim hwcode as stringdim macaddr as stringdim wmimac as new system is used here. management. managementobjectsearcher ("select * From win32_networkadapterconfiguration") for each wmiobj as managementobject in wmimac. get If cbool (wmiobj ("ipenabled") Then macaddr = wmiobj ("macaddress") end ifnexthwcode = Microsoft. visualBasic. left (replace (macaddr, ":", ""), 8) 'writes the verification string to the INI file writeini ("Sendmail", "CRC", encrypt ("clicvvian2010 ", hwcode), INIFILE)

Another point is that if there are more than one web site on the server and I use the address of the last network card, you can also specify a network card in other ways, you can search for other hardware information by Using WMI.

Private sub sendmail_load (byval sender as system. object, byval e as system. eventargs) handles mybase. some code earlier than load' has been deleted, leaving only the if decrypt (getini ("Sendmail", "CRC", "", INIFILE), hwcode of the judgment process) <> "clicvvian2010" then MessageBox. show ("NOTE: the server has changed. Please enter the database and email server password again and save it. An error occurred while decoding the password! "," NOTE ", messageboxbuttons. OK, messageboxicon. Information) end if 'end sub

After a problem is solved, you can also consider the second problem, that is, after you put the decrypted password back into the text box, if you are interested in accessing the server, in the same way, you can obtain the password by using the password check software. Therefore, my solution is to put the ciphertext of the read password directly in the text box and put the decrypted password in a public variable, to use the password, perform a judgment first. encrypt the password in the variable and compare it with that in the text box. If the password is the same, use the password in the Variable. If the password is different, if the user has changed the password, the password value in the text box is given to the variable and then used. When the user clicks "Save parameter", the encrypted password is re-placed in the password box. Of course, this is also a problem, that is, when the user changes the password and does not click to save the parameter, the password is still stored in the text box in plaintext, I tried txt_mailpwd_lostfocus and txt_mailpwd_validated in either of the two ways. I don't know if you have any good solutions.

Compared with the previous one, the interface was changed a little. A test email input box and a button for sending the test email were added, and the "database priority" option was removed, by default, the information in the database is given priority (that is, if the sender name is specified for a record in the database, the content entered here is no longer used ), it looks better than the last arrangement.

I was going to design the database this time. It seems that I have to push it to the next time. I am trying to increase the progress and complete this mini-program during the National Day holiday.