9/6/2019 Major VFP Encryption Update – SweetPotato Software Blog

SweetPotato Software Blog

SweetPotato Software Home

Major VFP Encryption Update

Craig Boyd 9 Aug 2009 Information Technology, Visual Foxpro 1 Comment

The free vfpencryption71.fll and vfpencryption.fll have been updated. Changes include:
Bug fixes for Blowfish encryption (including blocksize and allowing keysize between 8 and 448 bits)
Bug fixes to modes CBC and CFB – operate correctly now.
Added ability to specify padding, key size, block size, and initialization vector (IV) where applicable
(these changes allow compatibility with .NET and other encryption systems as well as the ability to
adhere specifically to the AES specification as set out in the FIPS 197 Specification).
Added mode OFB to encryption/decryption algorithms.
Padding types supported are Zeroes (NULLs), Spaces (blanks), PKCS7, ANSI X.923, and ISO
10126.
Added HMAC() function that works with all supported hash types.
Added VFP test program files to the downloads that allow developers to see for themselves that
return values are correct for various functions provided by the FLL.
Added GenerateKey() function that will return a random key or IV based on some specified rules
(parameters).
Corrected and updated documentation (see below).
Please provide feedback here or send me an email if you run into any
problems with this latest version. You’ll be able to tell from the test
program files (Test Vectors) that I did a lot of testing on my own to
make sure that this version was solid. I also did a number of tests
between .NET System.Security.Cryptography classes (such as
RijndaelManaged for instance) and this FLL to ensure that there was a
good deal of compatibility.
The vfpencryption71.fll requires the VC++ 7.1 runtimes whereas the vfpencryption.fll requires the
VC++ 9.0 runtimes. If you are getting a “FLL is Invalid” error when running either of these FLLs it is
because you are missing the runtimes on the system you are deploying your application on. What
about the previous vfpencryption.fll that used the VC++ 8.0 runtimes? I continue to update to the
latest Visual Studio (10.0 will be next) and I suggest you do the same. Most VFP developers are
using the vfpencryption71.fll as the C runtime matches the one used for VFP 9.0 (msvcr71.dll) and
it provides the exact same functionality as vfpencryption.fll. However, I have had numerous
requests for an updated build of the FLL using the latest Visual Studio, so I include it below.
Download the Latest Version of the vfpencryption71.fll (134 KB approx.)
Download the Latest Version of the vfpencryption.fll (142 KB approx.)

vfpencryption71.fll/vfpencryption.fll Documentation…

Function ENCRYPT()
Signature: Encrypt(cStringtoEncrypt, cSecretKey[, nEncryptionType[, nEncryptionMode[,
nPaddingType[, nKeySize[, nBlockSize[, cIV]]]]]])
Parameters:
cStringtoEncrypt – A plain text string that you want to have encrypted, such as “Hello World!”
cSecretKey – A plain text string that is the Key you want used during encryption, such as
“My_SeCrEt_KeY”.
Please note that keys may need to be of a particular length for certain types of encryption. Refer
www.sweetpotatosoftware.com/blog/index.php/2009/08/09/major-vfp-encryption-update/ 1/8
9/6/2019 Major VFP Encryption Update – SweetPotato Software Blog

below for more information.

nEncryptionType – There are currently 5 types of encryption available. The value of this parameter
determines that type of encryption used and how long your Secret Key should be. A single
character in Visual FoxPro is equal to 1 byte or 8 bits. So an encryption algorithm requiring a 128-
bit key would need a Secret Key of 16 characters (16 x 8 = 128).
0 = Rijndael\AES 128 (requires a 16 character Key)
1 = Rijndael\AES 192 (requires a 24 character Key)
2 = Rijndael\AES 256 (requires a 32 character Key) *Default
4 = Blowfish (key between 1 and 56 characters)
8 = TEA (requires a 16 character Key)
1024 = RC4 (Key can be any length)
nEncryptionMode – There are three different modes available for the each of the encryption types
listed above. They include: Electronic Code Book (ECB), Cipher Block Chaining (CBC), Cipher
Feedback Block (CFB), and Output Feedback Block. The nEncryptionMode parameter does not
apply to RC4 encryption (nEncryptionType = 1024).
0 = ECB *Default
1 = CBC
2 = CFB
3 = OFB
nPaddingMode – For Block Ciphers the cStringtoEncrypt is padded to a multiple of the block size
for the algorithm. Setting this parameter allows you to specify how this padding is done.
0 = Zeroes (NULLs) *Default
1 = Spaces (blanks)
2 = PKCS7
3 = ANSI X.923
4 = ISO 10126
nKeySize – The size of the cSecretKey in bytes (characters).
nBlockSize – The block size the nEncryptionType should use.
cIV – The Initialization Vector (IV) that should be used for CBC, CFB, and OFB modes should use.
This IV should match the specified nBlockSize in total bytes (characters).
Return Value:
Character data type – the encrypted form of cStringtoEncrypt.
Remarks:
When saving the return value of Encrypt() function to a field in a table, remember that Visual
FoxPro will append blanks to the end of the string in order to fill the character field to its designated
length. This can cause problems when decrypting the data as the spaces will be considered part of
the encrypted string. To work around this, I suggest placing a single CHR(0) at the end of the
encrypted string when saving it to the table. Then when decrypting the data just the portion prior to
the CHR(0) can be sent into the Decrypt() function. This does not apply when using RC4
encryption (nEncryptionType = 1024).

Function DECRYPT()
Signature: Decrypt(cEncryptString, cSecretKey[, nDecryptionType[, nDecryptionMode[,
nPaddingType[, nKeySize[, nBlockSize[, cIV]]]]]])
Parameters:
cEncryptedString – A string that has been encrypted using the Encrypt() function.
cSecretKey – A plain text string that is the same Key that you used when you encrypted the data
using the Encrypt function, such as “My_SeCrEt_KeY”.
Please note that keys may need to be of a particular length for certain types of decryption. Refer
below for more information.
nDecryptionType – There are currently 5 types of decryption available and they correspond to the
same ones available in Encrypt(). A single character in Visual FoxPro is equal to 1 byte or 8 bits.
So an decryption algorithm requiring a 128-bit key would need a Secret Key of 16 characters (16 x
8 = 128).
0 = Rijndael\AES 128 (requires a 16 character Key)
1 = Rijndael\AES 192 (requires a 24 character Key)
2 = Rijndael\AES 256 (requires a 32 character Key) *Default

www.sweetpotatosoftware.com/blog/index.php/2009/08/09/major-vfp-encryption-update/ 2/8
9/6/2019 Major VFP Encryption Update – SweetPotato Software Blog

4 = Blowfish (key between 1 and 56 characters)

8 = TEA (requires a 16 character Key)
1024 = RC4 (Key can be any length)
nDecryptionMode – There are three different modes available for the each of the encryption types
listed above. They include: Electronic Code Book (ECB), Cipher Block Chaining (CBC), Cipher
Feedback Block (CFB), and Output Feedback Block. The nDecryptionMode parameter does not
apply to RC4 decryption (nDecryptionType = 1024).
0 = ECB *Default
1 = CBC
2 = CFB
3 = OFB
nPaddingMode – For Block Ciphers the
cStringtoEncrypt is padded to a multiple of the block size for the
algorithm. Setting this parameter allows you to specify how this
padding is done.
0 = Zeroes (NULLs) *Default
1 = Spaces (blanks)
2 = PKCS7
3 = ANSI X.923
4 = ISO 10126
nKeySize – The size of the cSecretKey in bytes (characters).
nBlockSize – The block size the nEncryptionType should use.
cIV – The Initialization Vector (IV) that should be used for CBC, CFB, and OFB modes should use.
This IV should match the specified nBlockSize in total bytes (characters).
Return Value:
Character data type – the decrypted form of cEncryptedString followed by a variable number of
CHR(0)s. See Remarks below for further clarification
Remarks:
IMPORTANT: Decryption is done on blocks of memory, so when the decrypt function returns the
encrypted string it will be followed by a variable number of CHR(0)s unless the decrypted string just
happens to end at exactly the same location as the last block decrypted. These extraneous
CHR(0)’s can be removed using a number of Visual FoxPro functions, such as STRTRAN(),
CHRTRAN(), or a combination of LEFT() and AT(). This does not apply when using RC4 decryption
(nDecryptionType = 1024).

Function ENCRYPTFILE()
Signature: EncryptFile(cFiletoEncrypt, cDestinationFile, cSecretKey[, nEncryptionType[,
nEncryptionMode[, nPaddingType[, nKeySize[, nBlockSize[, cIV]]]]]])
Parameters:
cFiletoEncrypt – A plain text string that is the fullpath to the file you wish to be encrypted, such as
“C:\SensitiveInfo.doc”
cDestinationFile – A plain text string that is the fullpath to an encrypted file you wish to have
created on disk, such as “C:\EncryptedInfo.doc”. If this file doesn’t exist then it will be created for
you.
cSecretKey – A plain text string that is the Key you want used during encryption, such as
“My_SeCrEt_KeY”.
Please note that keys may need to be of a particular length for certain types of encryption. Refer
below for more information.
nEncryptionType – There are currently 5 types of encryption available. The value of this parameter
determines that type of encryption used and how long your Secret Key should be. A single
character in Visual FoxPro is equal to 1 byte or 8 bits. So an encryption algorithm requiring a 128-
bit key would need a Secret Key of 16 characters (16 x 8 = 128).
0 = Rijndael\AES 128 (requires a 16 character Key)
1 = Rijndael\AES 192 (requires a 24 character Key)
2 = Rijndael\AES 256 (requires a 32 character Key) *Default
4 = Blowfish (key between 1 and 56 characters)
8 = TEA (requires a 16 character Key)
1024 = RC4 (Key can be any length)
www.sweetpotatosoftware.com/blog/index.php/2009/08/09/major-vfp-encryption-update/ 3/8
9/6/2019 Major VFP Encryption Update – SweetPotato Software Blog

nEncryptionMode – There are three different modes available for the each of the encryption types
listed above. They include: Electronic Code Book (ECB), Cipher Block Chaining (CBC), Cipher
Feedback Block (CFB), and Output Feedback Block. This does not apply when using RC4
encryption (nEncryptionType = 1024).
0 = ECB *Default
1 = CBC
2 = CFB
3 = OFB
nPaddingMode – For Block Ciphers the
cStringtoEncrypt is padded to a multiple of the block size for the
algorithm. Setting this parameter allows you to specify how this
padding is done.
0 = Zeroes (NULLs) *Default
1 = Spaces (blanks)
2 = PKCS7
3 = ANSI X.923
4 = ISO 10126
nKeySize – The size of the cSecretKey in bytes (characters).
nBlockSize – The block size the nEncryptionType should use.
cIV – The Initialization Vector (IV) that should be used for CBC, CFB, and OFB modes should use.
This IV should match the specified nBlockSize in total bytes (characters).
Return Value:
None
Remarks:
Currently the cFiletoEncrypt and cDestinationFile parameters cannot point to the same file. This
may be revised in a future version. But for safety sake, this function requires that the original file be
left untouched.

Function DECRYPTFILE()
Signature: DecryptFile(cEncryptedFile, cDestinationFile, cSecretKey[, nDecryptionType[,
nDecryptionMode[, nPaddingType[, nKeySize[, nBlockSize[, cIV]]]]]])
Parameters:
cEncyptedFile – A plain text string that is the fullpath to the file you wish to be decrypted, such as
“C:\EncryptedInfo.doc”
cDestinationFile – A plain text string that is the fullpath to a decrypted file you wish to have created
on disk, such as “C:\SensitiveInfo.doc”. If this file doesn’t exist then it will be created for you.
cSecretKey – A plain text string that is the same Key that you used when you encrypted the data
using the Encrypt function, such as “My_SeCrEt_KeY”.
Please note that keys may need to be of a particular length for certain types of decryption. Refer
below for more information.
nDecryptionType – There are currently 5 types of decryption available and they correspond to the
same ones available in Encrypt(). A single character in Visual FoxPro is equal to 1 byte or 8 bits.
So an decryption algorithm requiring a 128-bit key would need a Secret Key of 16 characters (16 x
8 = 128).
0 = Rijndael\AES 128 (requires a 16 character Key)
1 = Rijndael\AES 192 (requires a 24 character Key)
2 = Rijndael\AES 256 (requires a 32 character Key) *Default
4 = Blowfish (key between 1 and 56 characters)
8 = TEA (requires a 16 character Key)
1024 = RC4 (Key can be any length)
nDecryptionMode – There are three different modes available for the each of the encryption types
listed above. They include: Electronic Code Book (ECB), Cipher Block Chaining (CBC), Cipher
Feedback Block (CFB), and Output Feedback Block. This does not apply when using RC4
decryption (nDecryptionType = 1024).
0 = ECB *Default
1 = CBC
2 = CFB
3 = OFB
www.sweetpotatosoftware.com/blog/index.php/2009/08/09/major-vfp-encryption-update/ 4/8
9/6/2019 Major VFP Encryption Update – SweetPotato Software Blog

nPaddingMode – For Block Ciphers the

cStringtoEncrypt is padded to a multiple of the block size for the
algorithm. Setting this parameter allows you to specify how this
padding is done.
0 = Zeroes (NULLs) *Default
1 = Spaces (blanks)
2 = PKCS7
3 = ANSI X.923
4 = ISO 10126
nKeySize – The size of the cSecretKey in bytes (characters).
nBlockSize – The block size the nEncryptionType should use.
cIV – The Initialization Vector (IV) that should be used for CBC, CFB, and OFB modes should use.
This IV should match the specified nBlockSize in total bytes (characters).
Return Value:
None
Remarks:
As with EncryptFile(), the cFiletoEncrypt and cDestinationFile parameters cannot
point to the same file.

Function HASH()
Signature: Hash(cStringtoHash[, nHashType])
Parameters:
cStringtoHash – A plain text string you wish to have hashed
nHashType – The type of hash function to generate. There are currently 7 different hash functions
supported
1 = SHA1 (a.k.a SHA160)
2 = SHA256
3 = SHA384
4 = SHA512 *Default
5 = MD5
6 = RIPEMD128
7 = RIPEMD160
Return Value:
Binary Character Data – the hash for cStringtoHash.
Remarks:
The hash is returned as a series of binary characters. However, it is more common to see hashes
in a hexBinary format. This can be accomplished in Visual FoxPro by taking the return of the
Hash() function and sending it in as a parameter to the STRCONV() function. For example:
?STRCONV(Hash(“Some String”), 15) && hexBinary Hash

Function HASHFILE()
Signature: HashFile(cFileName[, nHashType])
Parameters:
cFileName – The fullpath and name of an existing file you wish to generate a message digest for
nHashType – The type of hash function to generate. There are currently 7 different hash functions
supported
1 = SHA1 (a.k.a SHA160)
2 = SHA256
3 = SHA384
4 = SHA512 *Default
5 = MD5
6 = RIPEMD128
7 = RIPEMD160
Return Value:
Binary Character Data – the hash for cFileName.
Remarks:

www.sweetpotatosoftware.com/blog/index.php/2009/08/09/major-vfp-encryption-update/ 5/8
9/6/2019 Major VFP Encryption Update – SweetPotato Software Blog

The hash is returned as a series of binary characters. However, it

is more common to see hashes in a hexBinary format. This can be accomplished
in Visual FoxPro by taking the return of the HashFile() function and sending
it in as a parameter to the STRCONV() function. For example:
?STRCONV(HashFile(“C:\MyFile.txt”), 15) && hexBinary Hash

Function HASHRECORD()
Signature: HashRecord(cAlias[, nHashType[,lIncludeMemos]])
Parameters:
cAlias – The table
alias containing the record to be hashed
nHashType – The type of hash function to generate.
There are currently 7 different hash functions supported
1 = SHA1 (a.k.a SHA160)
2 = SHA256
3 = SHA384
4 = SHA512 *Default
5 = MD5
6 = RIPEMD128
7 = RIPEMD160
lIncludeMemos – Flag determining
whether Memo fields should be included when generating the message digest. .T.
= Include Memo Fields, .F. = Exclude Memo Fields
Return Value:
Binary Character Data – the hash for the current record in cAlias.
Remarks:
The hash is returned as a series of binary characters. However, it
is more common to see hashes in a hexBinary format. This can be accomplished
in Visual FoxPro by taking the return of the HashRecord() function and sending
it in as a parameter to the STRCONV() function. For example:
?STRCONV(HashRecord(“MyTable”,5,.T.), 15) && hexBinary Hash

Function HMAC()
Signature: HMAC(cStringtoHash, cSecretKey[, nHashType])
Parameters:
cStringtoHash – A plain text string you wish to have a keyed Hash Message Authentication Code
(HMAC) generated from.
cSecretKey – A plain text string that is the Key you want used during generation of the keyed
HMAC.
nHashType – The type of hash function to use when generating the keyed HMAC. There are
currently 7 different hash functions supported:
1 = SHA1 (a.k.a SHA160)
2 = SHA256
3 = SHA384
4 = SHA512 *Default
5 = MD5
6 = RIPEMD128
7 = RIPEMD160
Return Value:
Binary Character Data – the HMAC for the given cStringtoHash and cSecretKey.
Remarks:
The HMAC is returned as a series of binary characters. However, it
is more common to see HMACs in a hexBinary format. This can be
accomplished in Visual FoxPro by taking the return of the HMAC()
function and sending it in as a parameter to STRCONV(cReturn, 15).

www.sweetpotatosoftware.com/blog/index.php/2009/08/09/major-vfp-encryption-update/ 6/8
9/6/2019 Major VFP Encryption Update – SweetPotato Software Blog

Function CRC()
Signature: CRC(cExpression[, nCRCType])
Parameters:
cExpression – The string
you wish to have a CRC generated for
nCRCType – The type of CRC to generate. There are
currently 2 different CRC types supported
1 = 16-bit
2 = 32-bit

Return Value:
Numeric Data – the CRC for cExpression.
Remarks:
The CRC that is returned is unsigned, which means that the returned 16-bit
CRC needs to be treated as a 4 Byte numeric value and the 32-bit CRC as a 8
byte numeric value in Visual FoxPro. The operation of the CRC() function presented
here is quite similar to Visual FoxPro’s Sys(2007) function, however you will
find that creation of 32-bit CRCs is much faster using this function.

Function CRCFILE()
Signature: CRCFile(cFileName[, nCRCType])
Parameters:
cFileName – The fullpath
and name of an existing file you wish to generate a CRC for
nCRCType – The type of CRC to generate. There are
currently 2 different CRC types supported
1 = 16-bit
2 = 32-bit

Return Value:
Numeric Data – the CRC for cFileName.
Remarks:
The CRC that is returned is unsigned, which means that the returned 16-bit
CRC needs to be treated as a 4 Byte numeric value and the 32-bit CRC as a 8
byte numeric value in Visual FoxPro.

Function CRCRECORD()
Signature: CRCRecord(cAlias[, nCRCType[,lIncludeMemos]])
Parameters:
cAlias – The table
alias containing the record to be hashed
nCRCType – The type of CRC to generate. There are
currently 2 different CRC types supported
1 = 16-bit
2 = 32-bit
lIncludeMemos – Flag determining
whether Memo fields should be included when generating the message digest. .T.
= Include Memo Fields, .F. = Exclude Memo Fields

Return Value:
Numeric Data – the CRC for the current record in cAlias .
Remarks:
The CRC that is returned is unsigned, which means that the returned 16-bit
CRC needs to be treated as a 4 Byte numeric value and the 32-bit CRC as a 8
byte numeric value in Visual FoxPro. The operation of the CRC() function presented
here is quite similar to Visual FoxPro’s Sys(2017) function, however you will

www.sweetpotatosoftware.com/blog/index.php/2009/08/09/major-vfp-encryption-update/ 7/8
9/6/2019 Major VFP Encryption Update – SweetPotato Software Blog

find that this CRC function is faster than Visual FoxPro’s Sys(2017). Also,
this function allows you to specify a table alias, which allows CRCs to be created
for a record in a table other than the currently selected work area. On the
downside, this function does not allow you to specify a comma delimited list
of fields to exclude like Sys(2017) does.

Function GENERATEKEY()
Signature: GenerateKey(nKeySize[, lIncludeNumbers[, lIncludeUpper[, lIncludeSpecial]]])
Parameters:
nKeySize – The size of the key to be returned in bytes (total characters you want returned)
lIncludeNumbers – Flag determining
whether Numbers (digits “0-9”) should be included when generating the key. .T.
= Include Numbers, .F. = Exclude Numbers (default)
lIncludeUpper – Flag determining
whether uppercase characters should be included when generating the key. .T.
= Include Uppercase Characters, .F. = Exclude Uppercase Characters (default)

lIncludeSpecial – Flag determining

whether Special Characters (characters “{}|\\]?[\”:;’><,./~!@#$%^&*()_+`-=”) should be included
when generating the key. .T.
= Include Special Characters, .F. = Exclude Special Characters (default)

Return Value:
Character Data – the random key generated based on the specified rules.
Remarks:
The key generated is a random set of lowercase characters by default. To add additional possible
characters for generating the key you can use the parameters (2-4) as specified. The random keys
returned can be used for the other FLL functions that allow for a cSecretKey or cIV. This function is
provided as a convenience function for developers needing to produce a random key quickly and
easily.

www.sweetpotatosoftware.com/blog/index.php/2009/08/09/major-vfp-encryption-update/ 8/8