I've had this thought for a while now, and decided to finally give it a go. Simple object that uses PBKDF2+SHA512 and AES256 to save passwords behind a PIN. Technically, there are no limitations on the PIN, so it may be of any length, using any characters. You could also get more creative and use an alternate method of a PIN, such as system info. All encrypted strings are saved to a file at the specified location, or the default location.
External libraries used:
- Crypt by Deo
- AHK_CNG by jNizm (Hopefully, this will replace Crypt once he has completed the library. I would be using his AES + CBC, but.. I'm not sure how exactly it works, or how I would implement it correctly here.)
Best practices when using this library:
Using this library doesn't automatically make your passwords/strings safe. There are a few things you need to take into account:
Do not use static strings for the PIN. Get the PIN (via prompting the user or otherwise), set the PIN, then erase the variable that held the plain-text pin. This ensures that a memory leak/hook/etc. won't give out the PIN.
After you've retrieved the string, use it for what you need, then wipe that variable as well.
The hash of the PIN is what the strings are encrypted with as the key. The hashed PIN is stored in a generated, temporary key. This temporary key is regenerated every time it's used or if a new PIN is set. Using SetTimer, one could call _decryptTempKey() (not saving the return) to constantly change the temporary key.
*Note: if anyone has a better suggestion for PIN keeping, please let me know!
Constructs a new instance of the object. Allows multiple concurrent instances, but MUST use a different file, or manually remove "-rwd" from all fileOpen()'s.
Parameters:
dir - Specifies the path to custom file-type file. If the location does not exist, it will be created. There is no strict extension; any extension may be used. If not specified, the default path is a_appdata . "\..\Local\PIN\strs.pin"/%appdata%\..\Local\PIN\strs.pin.
Return value: this (object handle)
setPin(pin)
Description:
Sets a PIN to be used by the object.
Parameters:
pin - The plain-text PIN to be set.
Return value: null
setStr(key,str)
Description:
Encrypts and saves a string to the specified custom file-type file.
Parameters:
key - The key to be used for the string.
str - The plain-text string to be saved. This will be encrypted before it is saved.
Return value: N/A
getStr(key)
Description:
Retrieves and decrypts a saved string from the specified custom file-type file.
Parameters:
key - The key to be used for the string.
Return value: Requested string.
removeStr(key)
Description:
Removes a saved string from the specified custom file-type file.
Parameters:
key - The key to be used for the string.
Return value: N/A
INI methods
Methods:
__new(dir:="",iniName:="")
Description:
Constructs a new instance of the object. Allows multiple concurrent instances.
Parameters:
dir - Specifies the directory of the INI file. If the location does not exist, it will be created. If not specified, the default location is a_appdata . "\..\Local\PIN"/%appdata%\..\Local\PIN.
iniName - Specifies the name of the INI file. If the INI file does not exist, it will be created. If not specified, the default name is strs.ini.
Return value: this (object handle)
setPin(pin)
Description:
Sets a PIN to be used by the object.
Parameters:
pin - The plain-text PIN to be set.
Return value: null
setStr(str,key,header:="Default")
Description:
Encrypts and saves a string to the specified INI file.
Parameters:
str - The plain-text string to be saved. This will be encrypted before it is saved.
key - The INI key to be used for the string.
header - The INI section to be used for the string. Defaults to "Default."
Took a while, but I made a very simplistic file layout, based on key-value pairs, which encodes to Base64. I don't have the keys encoded though, should I change that?
Method edits are in the OP. Mostly the same, except it now only accepts a file path for __New() and key and str parameters have been switched.