A.E.S. Plug-in for FileMaker™ Pro 8 Documentation

A.E.S. FileMaker Plug-in for Windows™ and Macintosh™
© 2004-2006, Sky Dancer Studios, Inc. - All Rights Reserved

Before using A.E.S., please read through the License Agreement included with this archive. [License.txt]

CONTENTS:

Description
Features
AES Frequently Asked Questions (FAQ]
Installation
Demo Version
Purchasing a License for the A.E.S. & AES Plug-ins
How to Contact Sky Dancer Studios
AES History
Known Issues

FUNCTIONS
AESp_Version()
AESp_Register()
AESp_Encrypt()
AESp_Decrypt()
AESp_SHA1()
AESp_SHA1FromFile()
AESp_MD5()
AESp_MD5FromFile()

From Wikipedia, the free encyclopedia.

In cryptography, the Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analysed extensively, as was the case with its predecessor, the Data Encryption Standard (DES). AES was adopted by National Institute of Standards and Technology (NIST) as US FIPS PUB 197 in November 2001 after a 5-year standardization process.

The cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted to the AES selection process under the name "Rijndael", a portmanteau comprising the names of the inventors. Rijndael can be pronounced "Rhine dahl", a long " i" and a silent "e" (IPA: [?aindal]). In the sound file linked below, it is pronounced [r^(h)aindau].

Sky Dancer Studios has wrapped the AES encryption algorithm into a FileMaker Pro 7 & 8 NATIVE plug-in.

A.E.S.'s Main Points:

• Block cipher: 128-bit block
• Uses 256 bit key size as specified in the AES Standard
• Unpatented and royalty-free
• Adopted by the NIST as the "standard" encryption algorithm
• "Open source" meaning there are no hidden "back doors" or weak spots

Sky Dancer's A.E.S. Plug-in adds:

• Adds the hashing algorithms SHA1 and MD5 to calculate digital signatures of files or fields
• Uses CBC mode of encryption with random IV (use of the same "key" and encrypting the same text produces a DIFFERENT encrypted string each time!)
• Fully Cross-Platform Compliant! Files encrypted on a PC can be decrypted on a Macintosh and vise-versa!
• Uses SHA1 generated 256 bit key
• Compatible with Unicode characters, language independent
• Unlimited encoding input/output...it can encode anything that can exist in a FileMaker field
• Self-tests at each startup to ensure integrity (licensed mode)

Visit Wikipedia's WEB page on A.E.S. at: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

1. Is AES REALLY secure??

From Wikipedia, the free encyclopedia:

As of 2006, the only successful attacks against AES have been side channel attacks. The National Security Agency (NSA) reviewed all the AES finalists, including Rijndael, and stated that all of them were secure enough for US Government non-classified data. In June 2003, the US Government announced that AES may be used for classified information:

"The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use."

2. How do we know this plug-in really (and correctly) uses A.E.S.?

It has been tested with the testing vectors (known input-output tables) published along with the algorithms. The test files are provided in the download package for your own testing and verification.

3. Does the plug-in require any other libraries or software to be installed?

No. The plug-in just requires FileMaker Pro 7, FileMaker Developer 7 or FileMaker Server 7

4. Exactly what is in the download?

Windows Version

An ENCRYPTED, "ZIPPED" file containing the AES folder, which contains the plug-in, sample databases showing how to use it and all documentation.

5. How short/long can the key be?

The key can be from 16 to any amount of characters in length. Keys at least 16 characters in length or longer are recommended for security reasons! (The longer, the better!)

6. How many characters (or how long a string) can the plug-in encrypt?

There is no limit on the plug-in. The only limit is the size of FileMaker database fields (in version 7, that is approximately 2 GB!)

7. Can I send the encrypted text in an email or over IM?

YES! The encrypted text simply consists of the "hexadecimal" Unicode text characters: "0123456789ABCDEF" which are compatible with any email, instant messaging or other application that can handle simple Unicode text (the normal text characters used in a Mac or Windows PC.)

To send the encrypted text, simply copy the encrypted field text to the clipboard and paste it into any email message. To decode any encrypted text you receive in an email or message, simply copy the encrypted text to a Filemaker field and decrypt it with the A.E.S. Plug-In as you would do normally.

HINT: Sometimes in transiting thru emails, the encrypted text gets added characters and line-feeds added to it. To properly decrypt the text, these extra characters must be removed before calling the A.E.S. "Decrypt" function. To remove any added characters, use the FileMaker built-in text function "Filter", using hexadecimal characters as the filter like this:

Setfield( <target field>, Filter( <encrypted text>, "0123456789ABCDEF"))

Where <target field> is the field you will pass to A.E.S. to decrypt, and <encrypted text> is the encrypted text you received in the email or IM.

Then simply call A.E.S.'s "Decrypt" function on the <target field>, recovering the original text!

8. How do I install the plug-in?

Plug-in files must be installed in the appropriate folder and enabled in FileMaker Pro, FileMaker Developer or FileMaker Server before they can be used. Simply copy the plug-in into the FileMaker Extensions folder inside the FileMaker application folder and enable it in the preferences dialog box.
Windows: Choose Edit menu > Preferences.

Then select the "Plug-Ins" tab and make sure it appears with a checkbox next to the plug-in.

9. How do I get rid of the dialog box that shows up when I first use the plug-in each time?

Simply register the plug-in from Sky Dancer for a very small fee! Special rates are available for developers and companies needing multiple copies.

10. What do the modes "ECB", "CBC" and "CFB" mean?

ECB: Electronic Code Book (ECB) is a mode of operation for a block cipher, with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value and vice versa. In other words, the same plaintext value will always result in the same ciphertext value. Electronic Code Book is used when a volume of plaintext is separated into several blocks of data, each of which is then encrypted independently of other blocks. In fact, Electronic Code Book has the ability to support a separate encryption key for each block type.

CBC: Cipher block chaining (CBC) is a mode of operation for a block cipher (one in which a sequence of bits are encrypted as a single unit or block with a cipher key applied to the entire block). Cipher block chaining uses what is known as an initialization vector IV) of a certain length. One of its key characteristics is that it uses a chaining mechanism that causes the decryption of a block of ciphertext to depend on all the preceding ciphertext blocks. As a result, the entire validity of all preceding blocks is contained in the immediately previous ciphertext block. A single bit error in a ciphertext block affects the decryption of all subsequent blocks. Rearrangement of the order of the ciphertext blocks causes decryption to become corrupted. Basically, in cipher block chaining, each plaintext block is XORed (see XOR) with the immediately previous ciphertext block, and then encrypted.

CFB: Ciphertext feedback (CFB) is a mode of operation for a block cipher. In contrast to the cipher block chaining (CBC) mode, which encrypts a set number of bits of plaintext at a time, it is at times desirable to encrypt and transfer some plaintext values instantly one at a time, for which ciphertext feedback is a method. Like cipher block chaining, ciphertext feedback also makes use of an initialization vector (IV). CFB uses a block cipher as a component of a random number generator. In CFB mode, the previous ciphertext block is encrypted and the output is XORed (see XOR) with the current plaintext block to create the current ciphertext block. The XOR operation conceals plaintext patterns. Plaintext cannot be directly worked on unless there is retrieval of blocks from either the beginning or end of the ciphertext.

11. Can FileMaker database fields encrypted on a PC be decrypted on a Macintosh and vise-versa?

YES!!! The plug-in is fully cross-platform compatible!

12. Do I need a separate license for both the PC version and the Mac version?

A. Yes. The two versions of the plug-in use different key schemes.

13. How can I find out more about A.E.S.?

Visit Wikipedia's WEB page on A.E.S. at: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Windows:

To install the plug-in under Windows OS, first quit
FileMaker Pro if it is open. Next unzip or unstuff the contents
of the AES.zip or file into a directory. After you have
unzipped or unstuffed the archive file into a directory, you
should find a file in that directory named "AES.fmx". This
is the plug-in file. Copy this file to the directory named
" Extensions" inside your FileMaker Pro application directory. This
directory is usually on your hard drive in a directory similar to
this:

For Filemaker Pro 8:

C:\Program Files\FileMaker\FileMaker Pro 8\Extensions

or

C:\Program Files\FileMaker\FileMaker Pro 8 Advanced\Extensions

For FileMaker Pro 7 & 8:

C:\Program Files\FileMaker\FileMaker Pro 7 & 8\Extensions\

or

C:\Program Files\FileMaker\FileMaker Developer 7\Extensions\

If you had a AES plug-in installed previously, you may find a file in
your System directory named "AES.fmx". You will need to delete
this before starting FileMaker Pro so that you do not have two
versions of the plug-in installed.

After installation, you can restart FileMaker and the plug-in should appear
under the "Preferences" dialog, "Plug-ins" tab.

Quick Start:

Open FileMaker and then open the "AES Example.fp7" database. Try out the functions and take a look at the scripts.

The download version is the fully functional plug-in! The only difference is a "reminder dialog" which appears at the first and every tenth call to the encrypt or decrypt functions. Otherwise, the licensed and unlicensed plug-ins are the same.

You can purchase a license for the A.E.S. plug-in at http://www.skydancerstudios.com/ using your credit card. Just locate the license you wish to purchase and click on the "BUY NOW" button! (Credit Card Processing provided by PayPal)

NOTE: Buy a license for A.E.S and you get a license for the BlowFish Plug-in for FREE! BOTH for the SAME price!!

Purchase License(s)

Single User - This license allow the plug-in to be used by a single user at a single site. The plug-in may not be distributed or sold.

Company License - This license allows an unlimited number of users, at an unlimited number of sites within one organization, to use the plug-in. The license is restricted to a single database solution. The plug-in may not be distributed or sold.

Developer License - The developer has the right to bundle and distribute the software to an unlimited number of customers, an unlimited number of sites, an unlimited number of users and an unlimited number of database solutions. The developers' customers are not required to register the plug-in as it has already been licensed by the developer. This license only covers solutions that are resold by the developer.

After purchasing a license for A.E.S., you will be sent an email receipt containing your Registration name and Registration Code. To register A.E.S., please use the "BLfsh_Register" function.

Please send any bug reports, suggestions or questions to mike@skydancerstudios.com.

Updates can be downloaded from http://www.skydancerstudios.com

WINDOWS VERSION:

-- 01-26-2006 A.E.S. 1.0.0 Released. First Release of A.E.S. Plug-in

-- 03-14-2006 A.E.S. 1.1.0 Released.Fixed a bug that the dialog kept showing even after
licensing when using SHA1 or MD5

MACINTOSH VERSION:

-- Pending...based on market demand.

As of 01-26-2006 --None Known

FUNCTIONS:

FUNCTION AESp_Version

AESp_Version( "" )

EXAMPLE
----------------------------------------------

AESp_Version( "" )

DESCRIPTION
----------------------------------------------

This function should be called first in your STARTUP script to make sure the plug-in is available and working correctly.

RESULT
----------------------------------------------

It returns a string similar to:"AES x.x"

Always check for the word "A.E.S." in the returned result. If you DON'T get the expected result string, check to make sure the plug-in is located in the proper FileMaker directory (or the proper folder in your bound solution) and that it is enabled in the "Preferences" dialog under the FileMaker menu.

SEE ALSO:
----------------------------------------------

FUNCTION AESp_Register

AESp_Register( RegisteredName ; License Code ; RegistrationCode )

EXAMPLE
----------------------------------------------

AESp_Register( "Mike" ; "U07" ; "4EF997456198DD78")

DESCRIPTION
----------------------------------------------

This function allows you to register your copy of A.E.S. It is mostly meant for developers so that they can register plug-ins for bound solutions. (This prevents the "Unregistered Dialog" from appearing during running of the database or solution.)

The parameters passed are the Registered Name, the License Code and the Registration Code as obtained from www.skydancerstudios.com. Call this function in your STARTUP script, immediately after calling BLfsh_Version.

RESULT
----------------------------------------------

If successful, the function will return the string: "Registered", otherwise it will return a question mark ("?").

SEE ALSO:
----------------------------------------------

AESp_Version( "" )

FUNCTION AESp_Encrypt

AESp_Encrypt( key ; string )

EXAMPLE
----------------------------------------------

AESp_Encrypt( "ABCDEFGhijklnmo$123; "This is a test." )

DESCRIPTION
----------------------------------------------

This function call encrypts the <STRING> parameter using the <KEY>.

RESULT
----------------------------------------------

If successful, the function returns the encrypted string in Unicode HEXADECIMAL If the key hasn't been set, or some other failure occurs, the function will return a question mark ("?")

SEE ALSO:
----------------------------------------------

AESp_Decrypt( key ; string )

 

FUNCTION AESp_Decrypt

EXAMPLE
----------------------------------------------

AESp_Decrypt( "ABCDEFGhijklnmo$123; "F96B697D7CB7938D525A2F31A0" )

DESCRIPTION
----------------------------------------------

This function call decrypts the <STRING> parameter using the current <KEY>. The parameter < STRING> must be a Unicode HEXADECIMAL string from a previous call to AESp_Encode.

RESULT
----------------------------------------------

If successful, the function returns the plain text unencrypted string in Unicode If the key
hasn't been set, or some other failure occurs, the function will return a question mark ("?")

NOTE:
----------------------------------------------

If the encrypted string was received from an EMail or other source that may have broken the string into multiple lines, you need to filter out the line-breaks and other added characters before you decrypt the encrypted text with the FileMaker "Filter" function as follows:

SetField( <encrypted text field>; Filter (<encrypted text field> ; "0123456789ABCDEF"))

This will make sure your encrypted text only consists of the numbers 0-9 and letters A-F.

SEE ALSO:
----------------------------------------------

AESp_Encrypt( key ; string )

EXAMPLE
----------------------------------------------

AESp_SHA1( "This is a test." )

DESCRIPTION
----------------------------------------------

This function call calculates the SHA1 "hashed" value of the string.

From Wikipedia, the free encyclopedia:

The SHA (Secure Hash Algorithm) family is a set of related cryptographic hash functions. The most commonly used function in the family, SHA-1, is employed in a large variety of popular security applications and protocols, including TLS, SSL, PGP, SSH, S/MIME, and IPSec. SHA-1 is considered to be the successor to MD5, an earlier, widely-used hash function.

The SHA algorithms were designed by the National Security Agency (NSA) and published as a US government standard.

RESULT
----------------------------------------------

If the function is successful, it will return a 40 character HEXADECIMAL string (the SHA1 " hashed" value or "signature" of the string.) If it fails, it will return a question mark ("?").)

SEE ALSO:
----------------------------------------------

AESp_SHA1FromFile ( path/filename )
AESp_MD5( string )
AESp_MD5FromFile ( path/filename )

 

EXAMPLE
----------------------------------------------

AESp_SHA1FromFile ( "C:\temp\TestFile.txt")

DESCRIPTION
----------------------------------------------

This function call calculates the SHA1 "hashed" value of the contents of the given file located using the given path.

From Wikipedia, the free encyclopedia:

The SHA (Secure Hash Algorithm) family is a set of related cryptographic hash functions. The most commonly used function in the family, SHA-1, is employed in a large variety of popular security applications and protocols, including TLS, SSL, PGP, SSH, S/MIME, and IPSec. SHA-1 is considered to be the successor to MD5, an earlier, widely-used hash function.

The SHA algorithms were designed by the National Security Agency (NSA) and published as a US government standard.

RESULT
----------------------------------------------

If the function is successful, it will return a 40 character HEXADECIMAL string (the SHA1 " hashed" value or "signature" of the file's contents.) If it fails, such as the file doesn't exist or the path to it can't be found, it will return a question mark ("?").

SEE ALSO:
----------------------------------------------

AESp_SHA( string )
AESp_MD5( string )
AESp_MD5FromFile ( path/filename )

 

EXAMPLE
----------------------------------------------

AESp_MD5( "This is a test." )

DESCRIPTION
----------------------------------------------

This function call calculates the SHA1 "hashed" value of the string.

From Wikipedia, the free encyclopedia:

In cryptography, MD5 (Message-Digest algorithm 5) is a widely-used cryptographic hash function with a 128-bit hash value. As an Internet standard (RFC 1321), MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files.

MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5; while it was not a clearly fatal weakness, cryptographers began to recommend using other algorithms, such as SHA-1 (recent claims suggest that SHA-1 has been broken, however). In 2004, more serious flaws were discovered making further use of the algorithm for security purposes questionable.

RESULT
----------------------------------------------

If the function is successful, it will return a 32 character HEXADECIMAL string (the MD5 " hashed" value or "signature" of the string.) If it fails, it will return a question mark ("?").

SEE ALSO:
----------------------------------------------

AESp_MD5FromFile ( path/filename )
AESp_MSHA1( string )
AESp_SHA1FromFile ( path/filename )

 

EXAMPLE
----------------------------------------------

AESp_MD5FromFile( "This is a test." )

DESCRIPTION
----------------------------------------------

This function call calculates the MD5"hashed" value of the string.

From Wikipedia, the free encyclopedia:

In cryptography, MD5 (Message-Digest algorithm 5) is a widely-used cryptographic hash function with a 128-bit hash value. As an Internet standard (RFC 1321), MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files.

MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5; while it was not a clearly fatal weakness, cryptographers began to recommend using other algorithms, such as SHA-1 (recent claims suggest that SHA-1 has been broken, however). In 2004, more serious flaws were discovered making further use of the algorithm for security purposes questionable.

RESULT
----------------------------------------------

If the function is successful, it will return a 32 character HEXADECIMAL string (the MD5 " hashed" value or "signature" of the file's contents.) If it fails, such as the file doesn't exist or the path to it can't be found, it will return a question mark ("?").

SEE ALSO:
----------------------------------------------

AESp_MD5( string )
AESp_SHA1 ( string )
AESp_SHA1FromFile ( path/filename )