[top] [up] [next]

Saving, compressing, encrypting a module

A module can also be saved, if a module is saved the compiled code is translated back to readable text and saved to a text file. This means that comments placed inside a module are not saved. Compile directives like public and dynamic are saved. There are three versions of the predicate save_module.

• save_module/1 writes the module to the same file.
• With save_module/2 it is possible to specify another file to write to. The filename must be enclosed by single or double quotes.
• With save_module/3 is is possible to specify another file to write to and if the file must be encrypted and/or compressed.

Examples:

Compression

The predicate save_module/3 has the save-option compress/0. When this option is used the module is saved in the compressed gzip format, files stored in this format have the .gz extension. It is possible to open the compressed files with other (de)compression utilities like WinZip or GZip.

The text editor of Trinc-Prolog can automatically decompress a .gz file, it is also possible to compress a file by selecting it to save it as a .gz file.

Encryption

The blowfish encryption algorithm is used to encrypt the files, size of the key is 128 bits. The blowfish encryption algorithm is free to use, there are no patents restraining its use and no export restrictions. It was introduced by Bruce Schneier of Counterpane in 1994. For more information about the blowfish encryption algorithm visit the website of Counterpane; www.counterpane.com. The 128 bit key is generated by using the supplied password as input to initialize the encryption key. Because a good password is required Trinc-Prolog checks the entered passwords. The rules for password checking are:

• The minimum length of the password is 8 characters.
• There must at least be one digit character in the password, for example:  0, 1, 2, 3, 4, 5, 6, 7, 8 or 9.
• At least one character must be a special or a symbolic character, example: (, +, -, _, ], [, etc...

To protect the contents of encrypted modules it is not possible to use the clause/2 predicate for these modules.

Password management

The first parameter of the encrypt/2 save-option determines how the encryption password is managed by the person that will decrypt the file. The three available options are:  

• store_key: The password will be stored inside the encrypted file, the password is also encrypted. The person that decrypts the file will never have to enter the password. This option is appropriate if the user may not see the Prolog source. It is also the option with the lowest security level as the password is stored inside the file. The password is stored using a variant of the blowfish algorithm with a random key.
  However, if the file is opened with the Trinc-Prolog text editor then it always ask for a key.
• ask_key: The password is not stored inside the encrypted file. The user that wants to decrypt the file must enter the password. The user has the choice to save the password in a file for later use. Trinc-Prolog will search for the password when the same encrypted file is opened again. The password is stored using a variant of the blowfish algorithm with a random key.
• always_ask_key: The password is not stored in the encrypted file and the user that wants to decrypt the file must always enter the password, the password is never stored. This option is the most secure and is appropriate for transferring and using sensitive data.

Trinc-Prolog can detect if the entered password was correct, it does that by calculating an MD5 digest for the original data being encrypted and comparing it with the MD5 digest calculated while decrypting. Incorrect passwords are never stored. The MD5 digest algorithm is described in rfc1321.

[top] [up] [next]

info@trinc-prolog.com