Blog

All Blog Posts  |  Next Post  |  Previous Post

TEncryptedIniFile: easy to use class for handling app settings with encryption

Bookmarks: 

Thursday, November 10, 2016

What's wrong with the KIS principle to store application settings in an INI file? The risk that someone is tampering with the INI file is an often heard reason for not using them. Not being able to store private or secret information another one.
Both issues are solved with the introduced TEncryptedIniFile class. It descends from TMemIniFile and is as such a drop-in replacement and will deal only in app memory with decrypted data. In the file itself, the data is at all times encrypted. To build TEncryptedIniFile, we internally use AES 256bit encryption offered by the TAESEncryption class in TMS Cryptography Pack.

The code to use TEncryptedIniFile becomes something like:
const
  aeskey = 'anijd54dee1c3e87e1de1d6e4d4e1de3';
var
  mi: TEncryptedIniFile;
begin
  try
    mi := TEncryptedIniFile.Create('.settings.cfg', aeskey);
    try
      FTPUserNameEdit.Text := mi.ReadString('FTP','USER','');
      FTPPasswordNameEdit.Text := mi.ReadString('FTP','PWD','');
      FTPPortSpin.Value := mi.ReadInteger('FTP','PORT',21);
      mi.WriteDateTime('SETTINGS','LASTUSE',Now);
      mi.UpdateFile;
   finally
      mi.Free;
   end;
  except
    ShowMessage('Error in encrypted file. Someone tampered with the file?');
  end;
end;
Of course, the weakness now is that the AES key is in the EXE file and as such, it won't stop seasoned hackers to extract it from the EXE and use it directly to decrypt/encrypt the settings file and tamper with it this way. Extra steps could be taken to use an AES key that is a combination of a unique machine ID and a part that is encrypted with a Ed25519 generated public key and decrypt the encrypted part of the AES key on the fly in the app with the Ed25519 private key and then use it in combination with the machine ID to encrypt/decrypt the INI file. That should make the effort to hack the settings file already a lot more difficult.

To start using this TEncryptedIniFile you can get the latest TMS Cryptography Pack that has this class now included.


Bruno Fierens


Bookmarks: 

This blog post has received 6 comments.


1. Sunday, December 16, 2018 at 12:50:52 PM

Hi TMS,

I have succesfully use your example in my project

But the problem appear starting with XE10.3 Rio, it get an error:
"[dcc32 Error] TMSEncryptedIniFile.pas(35): E2170 Cannot override a non-virtual method"

type
TEncryptedIniFile = class(TMemInifile)
private
FFileName: string;
FKey: string;
procedure LoadValues;
public
constructor Create(const FileName: string; const Key: string); overload;
constructor Create(const FileName: string; const Encoding: TEncoding; CaseSensitive: Boolean); overload; override; // <--This is the line with problem
procedure UpdateFile; override;
end;

I cannot manage to fix that.

Maybe you can help me, please ?

Thank you,
Gabriel Cristea

Gabriel Cristea


2. Sunday, December 16, 2018 at 12:52:55 PM

Please use TEncryptedIniFile as included in the latest TMS Cryptography Pack with Delphi 10.3 Rio support. In this latest version, there is no issue with Delphi 10.3 Rio.

Bruno Fierens


3. Sunday, December 16, 2018 at 2:04:08 PM

Thank you for answer,
But i receive same error on same line:

type
TEncryptedIniFile = class(TMemInifile)
private
FFileName: string;
FEncoding: TEncoding;
FKey: string;
FOnDecryptError: TNotifyEvent;
procedure LoadValues;
public
constructor Create(const FileName: string; const Key: string); overload;
constructor Create(const FileName: string; const Encoding: TEncoding; CaseSensitive: Boolean); overload; override;<-- [dcc32 Error] inifiles_gen.pas(37): E2170 Cannot override a non-virtual method -->
procedure UpdateFile; override;
published
property OnDecryptError: TNotifyEvent read FOnDecryptError write FOnDecryptError;
end;

Gabriel Cristea


4. Monday, December 17, 2018 at 12:21:21 PM

Just fixed,
I dont have the last pack installed
After fix that all work correct

Thank you

Cristea Gabriel


5. Friday, August 16, 2019 at 10:13:33 AM

Get error
Can''t find unit Inifiles

Willie Holtzhauzen


6. Friday, August 16, 2019 at 10:18:42 AM

Verify the unit scope names in your project. These should normally be:
Winapi;System.Win;Data.Win;Datasnap.Win;Web.Win;Soap.Win;Xml.Win;Bde;System;Xml;Data;Datasnap;Web;Soap;Vcl;Vcl.Imaging;Vcl.Touch;Vcl.Samples;Vcl.Shell


Bruno Fierens




Add a new comment

You will receive a confirmation mail with a link to validate your comment, please use a valid email address.
All fields are required.



All Blog Posts  |  Next Post  |  Previous Post