I've been using this open-source function to encrypt and decrypt strings via base64 methods, and I was wondering if there was a way to have a specific 'key' shared amongst me and some friends to make it work in a way where only the people who have this 'key' will properly encrypt or decrypt the messages.
-- Lua 5.1+ base64 v3.0 (c) 2009 by Alex Kloss <[email protected]>
-- licensed under the terms of the LGPL2
-- character table string
local b='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
-- encoding
function enc(data)
return ((data:gsub('.', function(x)
local r,b='',x:byte()
for i=8,1,-1 do r=r..(b%2^i-b%2^(i-1)>0 and '1' or '0') end
return r;
end)..'0000'):gsub('%d%d%d?%d?%d?%d?', function(x)
if (#x < 6) then return '' end
local c=0
for i=1,6 do c=c+(x:sub(i,i)=='1' and 2^(6-i) or 0) end
return b:sub(c+1,c+1)
end)..({ '', '==', '=' })[#data%3+1])
end
-- decoding
function dec(data)
data = string.gsub(data, '[^'..b..'=]', '')
return (data:gsub('.', function(x)
if (x == '=') then return '' end
local r,f='',(b:find(x)-1)
for i=6,1,-1 do r=r..(f%2^i-f%2^(i-1)>0 and '1' or '0') end
return r;
end):gsub('%d%d%d?%d?%d?%d?%d?%d?', function(x)
if (#x ~= 8) then return '' end
local c=0
for i=1,8 do c=c+(x:sub(i,i)=='1' and 2^(8-i) or 0) end
return string.char(c)
end))
end
So, say a similar function like this was given to me and three friends, and we all had a private string key called 'flibble'... How could we share messages undecipherable by others?
No, not with base 64. Base 64 is not encryption, it's encoding. Base 64 does not take a key as parameter, is just takes binary and converts it to printable ASCII.
There are of course tricks to make base 64 look a bit more like ciphertext: just put in a hustled alphabet (in your case in variable b). That's however common substitution; as such it should be considered obfuscation instead of encryption. I could explain to a random high-school student how to crack it.
Generally you need to first encrypt using a block cipher + mode of operation, and then perform the encoding. You'll need something like AES for the confidentiality and HMAC for the integrity and authenticity of messages.
I would recommend something like luacrypto. You really don't want to perform crypto using a high level language such as Lua for performance reasons alone. Many Lua libraries do offer just AES or HMAC but not both, and many seem one man projects instead of well supported/maintained libraries - so choose carefully.