PowerBuilder Authors: Chris Pollach, Yeshim Deniz, Jayaram Krishnaswamy, Kevin Benedict, Avi Rosenthal

Related Topics: PowerBuilder

PowerBuilder: Article

Encryption in PowerBuilder

Choosing the best solution

Keeping information away from curious eyes is a challenging task. For example, you might need to encrypt data before sending it over the Internet. Or you might be storing some information in a database that not even an administrator is allowed to see. This article provides a brief overview of encryption techniques and shows how to do encryption in PowerBuilder.

Short History

Encryption goes as far back as ancient Egypt. In 1900 B.C. the Egyptians used a derivation of standard hieroglyphics to make a message more difficult to read. The art of hiding messages improved over the centuries. The early Greeks used a combination of wooden sticks and leather ribbon whereas the early Romans used simple substitution (replacing one character by another). In the 16th century, the polyalphabetic substitution was invented. That was followed by the Enigma encryption machine, which the Germans used during World War II (see Figure 1). In 1978 the RSA algorithm (used for public key encryption) was published and in the 1990s the first experimental results on quantum cryptography were achieved.

Encryption Basics

Hash Algorithms
When sending a message, it's important not only that the context is secured but also that the receiver gets the same message that you sent. To ensure that the message has not been altered, a hash is used. A hash is a one-way algorithm that generates a small number from a message. Changing a single character in the message generates a completely different hash. It's not possible to make any conclusions about the message from the hash. Popular hash algorithms are SHA-1 and MD5.

Symmetric Encryption

Symmetric encryption uses a shared secret key. That means the same key is used for encryption and decryption. The advantage of the symmetric encryption is that it's usually quite fast. The big disadvantage is that the sender and the receiver have to exchange the secret key. A secret key should change often to make the message less vulnerable to codebreaking. The sender and the receiver have to establish ways for exchanging the keys. Simply encrypting the new key with the old key won't be a good idea just in case somebody already broke the old key.

There are many symmetric encryption algorithms around. One of the best known is the DES (Data Encryption Standard) algorithm defined in the early '70s by the National Institute of Standards and Technology (NIST) together with IBM. It comes with a key size of 56 bit, which makes it breakable in a couple of hours. To overcome this limitation the 3-DES algorithm was invented. This algorithm uses three times the key size of the normal DES and encrypts the message three times the normal EDE. EDE means the first part of the key is used to encrypt the message, the second part to decrypt the result (which doesn't give you the plaintext), and the third part of the key is used to encrypt this result again.

In 1997, the NIST opened a competition to choose the successor for the DES algorithm that they would call AES (Advanced Encryption Standard). In the year 2000, the Belgian Rijndael algorithm was selected as the winner of this competition.

Asymmetric Encryption

The asymmetric encryption uses a public key for encryption and a private key to decrypt a message. Public means that the key to encrypt the message can be known to everybody. This public key, however, can't be used to decrypt the message. Decryption is done with the private key, which has to be kept secret. This means there is no need to worry about exchanging keys secretly as the public key can be distributed by e-mail or published. The disadvantage of the asymmetric encryption is the performance. It's about 1,000 times slower than the symmetric encryption.

There are only a few asymmetric algorithms around. The best known is the RSA algorithm (named after the people who described it first: Rivest, Shamir, and Adlemann). The algorithm was actually discovered a couple of years earlier by Clifford Cocks at the Government Communications Headquarters (a British intelligence service) in Great Britain but kept secret. The algorithm relies on the difficulty of factoring large integers and is secure from a key length of 1,024 bits and more.

Hybrid Encryption

Modern encryption uses a combination of symmetric and asymmetric encryption, a so-called hybrid cryptosystem. An application generates a random symmetric key to encrypt a message. The symmetric key is encrypted with the public key and transmitted with the encrypted message. At the receiver, the symmetric key is extracted with the private key and used to decrypt the message. See Figure 2 and Figure 3 for an example including a hash for message verification. This type of encryption is used, for example, for SSL communication with a browser or PGP.

From Theory to PowerBuilder

There are various options for using encryption in PowerBuilder. One option would be to make use of the Microsoft Crypto API, which is included in most versions of Windows. Starting with PowerBuilder 10, Sybase deploys a Java-based PowerBuilder Crypto Library. Another possibility is writing your own C or C++ DLL based on some public domain encryption algorithms.

Microsoft Crypto API
The Microsoft Crypto API is available on all Window versions except Windows 95 and Windows 98 with a browser prior to IE 5.0. The Microsoft Crypto API covers the following functional areas: base cryptographic functions, certificate handling, low-level message functions, and simplified message functions for encryption and hashing.

The simplified message functions as a wrapper around the low-level message functions. Whereas with low-level functions a couple of function calls are needed, e.g., to create a hash, with the simplified message functions creating a hash can be done with one function call. However, the arguments for the simplified message functions are more complex and often consist of structures and arrays.

All the cryptographic functions of the Microsoft Crypto API are in context with a key container. You have to connect to this key container before you can use the cryptographic functions. Listing 1 shows a sample in PowerBuilder. With CryptAcquireContext you make a connection to a key container. CryptCreateHash generates a hash object. The data to be hashed is put into the hash object with CryptHashData and the hash is retrieved with CryptGetHashParam. Finally, clean up with CryptDestroyHash and CryptReleaseContext. Download the PBL and look at the n_cst_cryptoapi. This NVO contains external function declarations, constants, and sample code to access the Crypto API. Methods to create a hash and do symmetric encryption and decryption are implemented. You can enhance it for your own needs with the documentation located on Microsoft Developers Network at http://msdn.microsoft.com.

PowerBuilder Crypto Library

PowerBuilder 10 comes with the PowerBuilder Crypto Library. The library wraps 13 different cryptographic methods for hashing, symmetric encryption, asymmetric encryption, and key generation. These methods are discussed in detail in the white paper that Sybase provided with PowerBuilder 10 in the same directory as the library. The solution is based on the Java Cryptography Extensions (JCE) that PowerBuilder can access through the PowerBuilder Native Interface (PBNI). The PowerBuilder sample and a white paper are installed in the Cryptograph directory located in the PowerBuilder 10 directory. To run the sample, a few conditions must be met.

The library list of the PowerBuilder sample must contain, in addition to the pbcrypto_demo.pbl, the following libraries:

  • pbcryptoclient100.pbd: Contains the PBCrypto proxy and the n_cst_cryptograph nonvisual object to create an instance of the PBCrypto object.
  • pbejbclient100.pbd: Needed to access the Java functionality.

When deployed, those PBDs as well as the pbejbclient100.pbx and pbejbclient100.jar must be deployed.

On the Java part, the solution requires three Java archives (JAR) that must be included in the classpath and accessible to PowerBuilder:

  • pbcrypto-1_0.jar: The Java/PowerBuilder Library.
  • jce.jar: The Java Cryptography Extension Library from the JDK starting from version 1.4.
  • bcprov-jdk14-xxx.jar: A JCE provider. This library implements the cryptographic functions. For example, you can download the Bouncy Castle crypto provider from www.bouncycastle.org.

More Stories By Arthur Hefti

Arthur Hefti is CEO of CATsoft Development GmbH in Zurich. He has been working with PowerBuilder since version 3 and taught dozens of PowerBuilder training classes. He and his team create custom-made client/server and Web applications using XML, Web Services, and encryption.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.