encrypt_file(+quoted_atom_file, +atom_key, +key_policy_option)

This built-in predicate attempts to encrypt a file, the file to decrypt is the first argument. The second argument is the key to use for encrypting the file. The last argument determines how the encryption key is stored and if the user that decrypts the file may store the key or must always enter the key.

Encryption

The blowfish encryption algorithm is used to encrypt the files, a key size of 128 bits is used to encrypt the data. This key is generated by using the supplied password as input to initialize the encryption key. Because a good password is required Trinc-Prolog checks the entered passwords. The password rules are:

• The minimum length is 8 characters.
• There must at least be one digit character in the password:  0, 1, 2, 3, 4, 5, 6, 7, 8 or 9.
• At least one character must be a special or a symbolic character, example: (, +, -, _, ], [, etc...

The blowfish encryption algorithm is free to use, there are no patents restraining its use and also no export restrictions, it was introduced by Bruce Schneier in 1994. For more information about the blowfish encryption algorithm visit the website of Counterpane; www.counterpane.com.

To protect the contents of encrypted modules it is not possible to use the clause/2 predicate for these modules.

The text editor can also encrypt and decrypt files, for more information see: text editor.

Password management

The first parameter of the encrypt/2 save-option determines how the encryption password is managed by the person that will decrypt the file. The three available options are:

• store_key: The password will be stored inside the encrypted file, the password is also encrypted. The person that decrypts the file will never have to enter the password. This option is appropriate if the user may not see the Prolog source. It is also the option with the lowest security level as the password is stored inside the file. The password is stored using a variant of the blowfish algorithm with a random key.
• ask_key: The password is not stored inside the encrypted file. The user that wants to decrypt the file must enter the password. The user has the choice to save the password in a file for later use. Trinc-Prolog will search for the password when the same encrypted file is opened again. The password is stored using a variant of the blowfish algorithm with a random key.
• always_ask_key: The password is not stored in the encrypted file and the user that wants to decrypt the file must always enter the password, the password is never stored. This option is the most secure and is appropriate for transferring and using sensitive data.

Trinc-Prolog can detect if the entered password was correct, it does that by calculating an MD5 digest for the original data being encrypted and comparing it with the MD5 digest calculated while decrypting. Incorrect passwords are never stored. The MD5 digest algorithm is described in rfc1321.

see also: app_dir/1 base64_decode_file/2 base64_encode_file/2 compress_file/2 copy_file/2 current_dir/1 decompress_file/1 decompress_file/2 decrypt_file/3 delete_file/1 exists_dir/1 exists_file/1 info_file/2 make_dir/1 md5_file/2 next_file/2 next_file/3 next_dir/2 remove_dir/1 rename_file/2 set_current_dir/1 split_fn/2 unlink_file/1 wipe_file/1

info@trinc-prolog.com