{"id":2614,"date":"2010-10-22T13:19:40","date_gmt":"2010-10-22T13:19:40","guid":{"rendered":"https:\/\/blogs.mathworks.com\/pick\/2010\/10\/22\/protecting-your-confidential-files\/"},"modified":"2016-11-16T15:17:32","modified_gmt":"2016-11-16T20:17:32","slug":"protecting-your-confidential-files","status":"publish","type":"post","link":"https:\/\/blogs.mathworks.com\/pick\/2010\/10\/22\/protecting-your-confidential-files\/","title":{"rendered":"Protecting your Confidential Files"},"content":{"rendered":"<div xmlns:mwsh=\"https:\/\/www.mathworks.com\/namespace\/mcode\/v1\/syntaxhighlight.dtd\" class=\"content\">\r\n   <p><a href=\"https:\/\/www.mathworks.com\/matlabcentral\/fileexchange\/authors\/15007\">Jiro<\/a>'s pick this week is <tt>cryptAES<\/tt> by <a href=\"https:\/\/www.mathworks.com\/matlabcentral\/fileexchange\/authors\/15233\">Jan Simon<\/a>.\r\n   <\/p>\r\n   <p>I do a lot of things in MATLAB, and if I could make it wash my dishes, I would. Perhaps one of these days, I should venture\r\n      out to the Simulink world to design and implement some controllers for a dish mounting\/washing robot. But let's leave that\r\n      for some other time. The other day, I wanted to create a simple database mechanism to store all of my username and passwords\r\n      to various online accounts I had. Since this database would contain sensitive information, I needed this to be pretty secure.\r\n      I knew that I could create a password-protected Excel file, but what fun would that be?\r\n   <\/p>\r\n   <p>So I built this simple GUI in MATLAB that showed my username\/password entries in a table format. I could add, change, or delete\r\n      entries from the table. But I needed a way to store that data in an encrypted format. I know very little about data encryption\r\n      but I know that there are sophisticated algorithms for it. I did a quick <a href=\"https:\/\/www.mathworks.com\/matlabcentral\/fileexchange\/?term=encryption\">search<\/a> on the File Exchange and found Jan's cryptAES. It implemented the 128-bit <a href=\"http:\/\/en.wikipedia.org\/wiki\/Advanced_Encryption_Standard\">AES<\/a> en\/decryption. What that translates for me was that I now have a way of garbling my confidential files so that others can't\r\n      see it! I can take my data from the table and encrypt it as some binary file using a passphrase I provide. When I open the\r\n      GUI, I would type the passphrase which would load and decrypt the file.\r\n   <\/p>\r\n   <p>His entry is purely written in MATLAB (without any calls to external functions like Java or MEX). While calling the Java method\r\n      is significantly faster (see Rapid AES En\/Decryption), Jan explained to me a couple of advantages for doing everything in MATLAB:\r\n   <\/p>\r\n   <div>\r\n      <ul>\r\n         <li>He cannot control whether the CBC vector of the Java implementation is really random, because it depends on the active Java\r\n            engine. He said he's seen too many advanced crypto-softwares failing due to poor random number generators.\r\n         <\/li>\r\n         <li>By P-coding the function (and not calling any external functions), it makes it harder for hackers to catch the intermediate\r\n            state.\r\n         <\/li>\r\n      <\/ul>\r\n   <\/div>\r\n   <p>\r\n   <p>He acknowledges two other File Exchange entries - AES Toolbox and Rapid AES En\/Decryption. Some of you may be interested in checking them out as well.\r\n   <\/p>\r\n   <p><b>Comments<\/b><\/p>\r\n   <p>Thanks, Jan, for helping me solve my problem! And thank you for explaining to me a little more of your motivations in creating\r\n      this entry.\r\n   <\/p>\r\n   <p>Give this a try and let us know what you think <a href=\"https:\/\/blogs.mathworks.com\/pick\/?p=2614#respond\">here<\/a> or leave a comment for Jan.\r\n   <\/p><script language=\"JavaScript\">\r\n<!--\r\n\r\n    function grabCode_8e5612ef1db44143bf81b5aa58c99254() {\r\n        \/\/ Remember the title so we can use it in the new page\r\n        title = document.title;\r\n\r\n        \/\/ Break up these strings so that their presence\r\n        \/\/ in the Javascript doesn't mess up the search for\r\n        \/\/ the MATLAB code.\r\n        t1='8e5612ef1db44143bf81b5aa58c99254 ' + '##### ' + 'SOURCE BEGIN' + ' #####';\r\n        t2='##### ' + 'SOURCE END' + ' #####' + ' 8e5612ef1db44143bf81b5aa58c99254';\r\n    \r\n        b=document.getElementsByTagName('body')[0];\r\n        i1=b.innerHTML.indexOf(t1)+t1.length;\r\n        i2=b.innerHTML.indexOf(t2);\r\n \r\n        code_string = b.innerHTML.substring(i1, i2);\r\n        code_string = code_string.replace(\/REPLACE_WITH_DASH_DASH\/g,'--');\r\n\r\n        \/\/ Use \/x3C\/g instead of the less-than character to avoid errors \r\n        \/\/ in the XML parser.\r\n        \/\/ Use '\\x26#60;' instead of '<' so that the XML parser\r\n        \/\/ doesn't go ahead and substitute the less-than character. \r\n        code_string = code_string.replace(\/\\x3C\/g, '\\x26#60;');\r\n\r\n        author = 'Jiro Doke';\r\n        copyright = 'Copyright 2010 The MathWorks, Inc.';\r\n\r\n        w = window.open();\r\n        d = w.document;\r\n        d.write('<pre>\\n');\r\n        d.write(code_string);\r\n\r\n        \/\/ Add author and copyright lines at the bottom if specified.\r\n        if ((author.length > 0) || (copyright.length > 0)) {\r\n            d.writeln('');\r\n            d.writeln('%%');\r\n            if (author.length > 0) {\r\n                d.writeln('% _' + author + '_');\r\n            }\r\n            if (copyright.length > 0) {\r\n                d.writeln('% _' + copyright + '_');\r\n            }\r\n        }\r\n\r\n        d.write('<\/pre>\\n');\r\n      \r\n      d.title = title + ' (MATLAB code)';\r\n      d.close();\r\n      }   \r\n      \r\n-->\r\n<\/script><p style=\"text-align: right; font-size: xx-small; font-weight:lighter;   font-style: italic; color: gray\"><br><a href=\"javascript:grabCode_8e5612ef1db44143bf81b5aa58c99254()\"><span style=\"font-size: x-small;        font-style: italic;\">Get \r\n            the MATLAB code \r\n            <noscript>(requires JavaScript)<\/noscript><\/span><\/a><br><br>\r\n      Published with MATLAB&reg; 7.11<br><\/p>\r\n<\/div>\r\n<!--\r\n8e5612ef1db44143bf81b5aa58c99254 ##### SOURCE BEGIN #####\r\n%%\r\n% <https:\/\/www.mathworks.com\/matlabcentral\/fileexchange\/authors\/15007\r\n% Jiro>'s pick this week is\r\n% <https:\/\/www.mathworks.com\/matlabcentral\/fileexchange\/25327-cryptaes\r\n% |cryptAES|> by\r\n% <https:\/\/www.mathworks.com\/matlabcentral\/fileexchange\/authors\/15233 Jan\r\n% Simon>.\r\n%\r\n% I do a lot of things in MATLAB, and if I could make it wash my dishes, I\r\n% would. Perhaps one of these days, I should venture out to the Simulink\r\n% world to design and implement some controllers for a dish\r\n% mounting\/washing robot. But let's leave that for some other time. The\r\n% other day, I wanted to create a simple database mechanism to store all of\r\n% my username and passwords to various online accounts I had. Since this\r\n% database would contain sensitive information, I needed this to be pretty\r\n% secure. I knew that I could create a password-protected Excel file, but\r\n% what fun would that be?\r\n%\r\n% So I built this simple GUI in MATLAB that showed my username\/password\r\n% entries in a table format. I could add, change, or delete entries from\r\n% the table. But I needed a way to store that data in an encrypted format.\r\n% I know very little about data encryption but I know that there are\r\n% sophisticated algorithms for it. I did a quick\r\n% <https:\/\/www.mathworks.com\/matlabcentral\/fileexchange\/?term=encryption\r\n% search> on the File Exchange and found Jan's cryptAES. It implemented the\r\n% 128-bit <http:\/\/en.wikipedia.org\/wiki\/Advanced_Encryption_Standard AES>\r\n% en\/decryption. What that translates for me was that I now have a way of\r\n% garbling my confidential files so that others can't see it! I can take my\r\n% data from the table and encrypt it as some binary file using a passphrase\r\n% I provide. When I open the GUI, I would type the passphrase which would\r\n% load and decrypt the file.\r\n%\r\n% His entry is purely written in MATLAB (without any calls to external\r\n% functions like Java or MEX). While calling the Java method is\r\n% significantly faster (see\r\n% <https:\/\/www.mathworks.com\/matlabcentral\/fileexchange\/8925-rapid-aes-data-encryption-and-decryption\r\n% Rapid AES En\/Decryption>), Jan explained to me a couple of advantages for\r\n% doing everything in MATLAB:\r\n%\r\n% * He cannot control whether the CBC vector of the Java implementation is\r\n% really random, because it depends on the active Java engine. He said he's\r\n% seen too many advanced crypto-softwares failing due to poor random number\r\n% generators.\r\n% * By P-coding the function (and not calling any external functions), it\r\n% makes it harder for hackers to catch the intermediate state.\r\n%\r\n% He acknowledges two other File Exchange entries -\r\n% <https:\/\/www.mathworks.com\/matlabcentral\/fileexchange\/1190-aes-toolbox AES\r\n% Toolbox> and\r\n% <https:\/\/www.mathworks.com\/matlabcentral\/fileexchange\/8925-rapid-aes-data-encryption-and-decryption\r\n% Rapid AES En\/Decryption>. Some of you may be interested in checking them\r\n% out as well.\r\n%\r\n% *Comments*\r\n%\r\n% Thanks, Jan, for helping me solve my problem! And thank you for\r\n% explaining to me a little more of your motivations in creating this\r\n% entry.\r\n%\r\n% Give this a try and let us know what you think\r\n% <https:\/\/blogs.mathworks.com\/pick\/?p=2614#respond here> or leave a\r\n% <https:\/\/www.mathworks.com\/matlabcentral\/fileexchange\/25327-cryptaes#comment\r\n% comment> for Jan.\r\n\r\n##### SOURCE END ##### 8e5612ef1db44143bf81b5aa58c99254\r\n-->","protected":false},"excerpt":{"rendered":"<p>\r\n   Jiro's pick this week is cryptAES by Jan Simon.\r\n   \r\n   I do a lot of things in MATLAB, and if I could make it wash my dishes, I would. Perhaps one of these days, I should venture\r\n     ... <a class=\"read-more\" href=\"https:\/\/blogs.mathworks.com\/pick\/2010\/10\/22\/protecting-your-confidential-files\/\">read more >><\/a><\/p>","protected":false},"author":35,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[16],"tags":[],"_links":{"self":[{"href":"https:\/\/blogs.mathworks.com\/pick\/wp-json\/wp\/v2\/posts\/2614"}],"collection":[{"href":"https:\/\/blogs.mathworks.com\/pick\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.mathworks.com\/pick\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.mathworks.com\/pick\/wp-json\/wp\/v2\/users\/35"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.mathworks.com\/pick\/wp-json\/wp\/v2\/comments?post=2614"}],"version-history":[{"count":2,"href":"https:\/\/blogs.mathworks.com\/pick\/wp-json\/wp\/v2\/posts\/2614\/revisions"}],"predecessor-version":[{"id":8050,"href":"https:\/\/blogs.mathworks.com\/pick\/wp-json\/wp\/v2\/posts\/2614\/revisions\/8050"}],"wp:attachment":[{"href":"https:\/\/blogs.mathworks.com\/pick\/wp-json\/wp\/v2\/media?parent=2614"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.mathworks.com\/pick\/wp-json\/wp\/v2\/categories?post=2614"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.mathworks.com\/pick\/wp-json\/wp\/v2\/tags?post=2614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}