how about that [developer.qt.nokia.com]

Thanks, I’ll try it.

Why does Qt doesn’t embed some cryptographic functions…? :-)

It do the works!!!

Thanks you for the link.

And Thanks Andre for the rest!

qcryptographichash [doc.qt.nokia.com]
I have read an explanation here in the forum, but cannot find it anymore.

koahnig wrote:

qcryptographichash [doc.qt.nokia.com] I have read an explanation here in the forum, but cannot find it anymore.

For what I’ve read it isn’t usable to crypt and decrypt text.

Yes, if you like to decrypt that will not work.
In case you want to decrypt and use with another application, you need to go with the simple encryption.
BTW: here is the original thread [developer.qt.nokia.com]

Luca wrote:

Hi all,
I need a very easy way to crypt a password in a text file and get it back when needed.

The application should works in various Linux and Windows PC so I’d like to avoid the use of some external library for cryptographic function.

Some ideas?

Yes: don’t do that and use a password storage mechanism.

peppe wrote:

Yes: don’t do that and use a password storage mechanism.

Can you some more hints how to do so?

peppe wrote:

Luca wrote:

Hi all,
I need a very easy way to crypt a password in a text file and get it back when needed.

The application should works in various Linux and Windows PC so I’d like to avoid the use of some external library for cryptographic function.

Some ideas?

Yes: don’t do that and use a password storage mechanism.

Does Qt supply a platform independent way to do that? Does it even exist on Windows? No, I didn’t think so. By all means, if you are on KDE, use KWallet. But AFAIK, there is no cross platform solution for this (yet).

In the meantime, I think encrypting the login data, even if it is by using a weak encryption like my SimpleCrypt class provides, is a better solution than no solution at all.

koahnig wrote:

qcryptographichash [doc.qt.nokia.com]
I have read an explanation here in the forum, but cannot find it anymore.

This function is not an encryption algorithm, though it can be used as a component in one. In SimpleCrypt, it is optionally used to validate if you are using the right key for decryption.

Luca – do you really need to store the password itself, or do you just want to be able to check if a password entered by the user is correct?
To be able to check if an entered password is correct you can use QCryptographicHash to create a hash from the original password, store the hash, and then compare the stored hash with a hash created from the password entered by the user.

ludde wrote:

Luca – do you really need to store the password itself, or do you just want to be able to check if a password entered by the user is correct? To be able to check if an entered password is correct you can use QCryptographicHash to create a hash from the original password, store the hash, and then compare the stored hash with a hash created from the password entered by the user.

As I said in my first post:

Luca wrote:

I need a very easy way to crypt a password in a text file and get it back when needed.

But I solved with SimpleCrypt… :-)

Andre wrote:

peppe wrote:

Yes: don’t do that and use a password storage mechanism.

Does Qt supply a platform independent way to do that? Does it even exist on Windows? No, I didn’t think so. By all means, if you are on KDE, use KWallet. But AFAIK, there is no cross platform solution for this (yet).

What’s the point in having the user inputting a password for decoding one, another, specific password?

Who said that that may be the chosen implementation? The application may choose to hard-code the key, or determine key in another way*. And, what is more, your question equally applies to services like KWallet. The point is that the user does not need to remember a load of different passwords for different services. That will make it easier for the user to use different, complex passwords for different services, thus strengthening the users security in the long run (one compromised service does not compromise the users credentials with other services).

*) And no, I am not claiming that using a hard coded key is very save practise. But then again, I also did not claim that SimpleCrypt provides strong cryptography.

Who said that that may be the chosen implementation? The application may choose to hard-code the key, or determine key in another way*. And, what is more, your question equally applies to services like KWallet

My point doesn’t apply to a wallet. The purpose of a password wallet is to store a whole set of passwords, not only one, using strong cryptography, proper memory locking, etc.

Encrypting only one password with another one using a simply cryptography scheme is simply nonsense (why don’t you just ask it? And if the first one is a valuable password, then you should not use a simple encryption mechanism, so we go back to “use a proper wallet”).

And it’s even more nonsense if the second one is hardcoded or saved somewhere along the encrypted password (WHY using encryption at all then? You’re giving away the cyphertext, the key and the algorithm).