topic Re: Use JSL to encrypt scripts for add-in development in Discussions

Use JSL to encrypt scripts for add-in development

pauldeen — Fri, 09 Jun 2023 19:45:53 GMT

I maintain a couple of add-ins and for some of those I would like update a couple of variables in the contained scripts at built time. So I would like to write a script that opens a script file, does some concatenations or substitutions and then encrypts the whole file and saves it to a certain location (for a list of script files). Then I can use the brilliant add-in builder by @Justin_Chilton to build the add-ins. I cannot find a JSL function to encrypt a script, does it exist or can it be done with another utility?

Re: Use JSL to encrypt scripts for add-in development

txnelson — Fri, 30 Apr 2021 21:16:22 GMT

The Encrypt Script command can be passed through JSL using the Main Menu() function.

Main Menu( "encrypt script","Script 10" );

where "Script 10" is the name of the script window to be encrypted.

However, what happens next, is the dialog window asking for the passwords pops up, and I don't think that is what you want

Re: Use JSL to encrypt scripts for add-in development

Craige_Hales — Sat, 01 May 2021 00:07:55 GMT

Maybe use a jsl/jmp/plaintext file with just the values, and include() or open() or loadtextfile() from the encrypted script.

A small data table could be a good choice for a set of named parameters. Or a snippet of JSL that is included to set some variables. A file named X.jsl with just the text 42 can be loaded as parm = include("x.jsl"); and you could do more complicated sets with a list if X contains {42,"Fred"}, something like {parm,name} = include("x.jsl");

Re: Use JSL to encrypt scripts for add-in development

pauldeen — Mon, 03 May 2021 15:47:53 GMT

Thanks for the suggestions!

The idea is to create self destructing add-in that works for a while and after some date stops working (protect IP). So everytime I build the add-in I want a new expiry date hardcoded in the script so that this cannot be defeated by editing a date field somewhere. If I put the expiry date in a external script file I have to manualy encrypt that every time. For the same reason a data table is not an option.

Re: Use JSL to encrypt scripts for add-in development

Craige_Hales — Mon, 03 May 2021 17:08:27 GMT

something like this?

mySecretKey = "The quick brown fox";

aa = [=> ];
aa["expiredate"] = "1jan2022";
aa["checkcode"] = Hex( Blob MD5( Char To Blob( mySecretKey || expiredate ) ) );
Save Text File( "$temp/license.txt", As JSON Expr( aa ) );
///////////////////
bb = Parse JSON( Load Text File( "$temp/license.txt" ) );
If( Hex( Blob MD5( Char To Blob( mySecretKey || bb["expiredate"] ) ) ) == bb["checkcode"],
	Print( "ok: " || bb["expiredate"] ),
	Print( "bad" )
);

embed the secret key in the encrypted script so you can check it.

the file looks like

{"checkcode":"B7611676E821AA1ECC4CB5D6F02C6BA9","expiredate":"1jan2022"}

Re: Use JSL to encrypt scripts for add-in development

pauldeen — Tue, 04 May 2021 13:06:20 GMT

Thanks @Craige_Hales that is an interesting solution embedding the expiry date and a checksum.

Small fix for a coding error in line 5:

mySecretKey = "The quick brown fox";

aa = [=> ];
aa["expiredate"] = "1jan2022";
aa["checkcode"] = Hex( Blob MD5( Char To Blob( mySecretKey || aa["expiredate"] ) ) );
Save Text File( "$temp/license.txt", As JSON Expr( aa ) );
///////////////////
bb = Parse JSON( Load Text File( "$temp/license.txt" ) );
If( Hex( Blob MD5( Char To Blob( mySecretKey || bb["expiredate"] ) ) ) == bb["checkcode"],
	Print( "ok: " || bb["expiredate"] ),
	Print( "bad" )
);

Re: Use JSL to encrypt scripts for add-in development

Craige_Hales — Tue, 04 May 2021 13:37:50 GMT

Thanks. That variable was left over from a first version, before I realized it wanted to be a JSON solution.

This is similar to what JMP does with a PER file (not JSON); you can lock in other variables too, like a user or site name, by adding them to the concatenation.

You should use ShowGlobals() after running your app to make sure your secret isn't too easy to discover.