I'm trying to put a "Set Up" in an AIR application of mine so what I'm having it do is check for the Activation code which should be saved in the Application Directory if the set up has already be run. My class is supposed to check for the key and if it finds it get the users application information from a database I host. If the key is not there then it is supposed 2 run the set up which among other things asks for and saves the key into Application Directory. The Key is AES encrypted using an AES javascript. The rest of my application works fine but the key part keeps giving me errors what am i doing wrong?

The Key Class looks like this:


package com.Key
{
import com.adobe.crypto.*;

import flash.events.Event;
import flash.external.ExternalInterface;
import flash.filesystem.*;
import flash.html.HTMLLoader;
import flash.net.URLRequest;

import mx.core.Application;
import mx.managers.CursorManager;

public class Activate
{
private var password:String = "";//removed for security resons
private var loadedFunction:Function;
private var html:HTMLLoader = new HTMLLoader();

public function loadEncryption(doneFunction:Function):void {
loadedFunction = doneFunction;
CursorManager.setBusyCursor();
var JSlocation:String = mx.core.Application.application.PHPurl + "?method=AES";
var urlReq:URLRequest = new URLRequest(JSlocation);
html.load(urlReq);
html.addEventListener(Event.COMPLETE, loaded);
}
private function loaded(event:Event):void {
loadedFunction();
CursorManager.removeBusyCursor();
}
public function checkKey():Boolean {
var activationFile:File = File.applicationDirectory.resolvePath("Team.xml");
var fileStream:FileStream = new FileStream();
fileStream.open(activationFile, FileMode.WRITE);
var fileData:String = fileStream.readUTFBytes(fileStream.bytesAvailable) ;
if(fileData == null)
{
return false;
}
else
{
return true
}
fileStream.close();
}
public function getKey():String {
var activationFile:File = File.applicationDirectory.resolvePath("Team.xml");
var fileStream:FileStream = new FileStream();
fileStream.open(activationFile, FileMode.READ);
var fileData:XML = XML(fileStream.readUTFBytes(fileStream.bytesAvaila ble));
var key:String = AESdecrypt(fileData.key);
var keyMD5:String = hashMD5(key);
var keySHA:String = hashSHA(key);
if(keyMD5 == fileData.security_code_1 && keySHA == fileData.security_code_2)
{
return(key);
}
else
{
return ("Could not verify the key");
}
}
public function insertKey(key:String):void {
var xml:String = '<?xml version="1.0" encoding="utf-8"?><activation><key>' + AESencrypt(key) + "</key><security_code_1>" + hashMD5(key) + "</security_code_1><security_code_2>" + hashMD5(key) + "</security_code_2></activation>";
}
private function AESencrypt(inputString:String):String {
var outputString:String = html.window.AESEncryptCtr(inputString, password, 256);
return outputString;
}
private function AESdecrypt(inputString:String):String {
var outputString:String = html.window.AESDecryptCtr(inputString, password, 256);
return outputString;
}
private function hashSHA(hashString:String):String {
var hashedString:String = SHA256.hash(hashString);
return hashedString;
}
private function hashMD5(hashString:String):String {
var hashedString:String = MD5.hash(hashString);
return hashedString;
}

}
}


Im running it in my application like this:

private function checkKey():void {
if(key.checkKey() == true)
{
if(key.getKey() != "Could not verify the key")
{
dataService.sendEncryptedData({"method": "getUUID", "key": String(key.getKey())}, PHPurl, recieveUUID);
}
else
{
Alert.show("Fatal Error: 1\nThe application must now close", "Error", 4, null, mx.core.Application.application.close);
}
}
else
{
appViews.selectedIndex = 3;
}
}
private function recieveUUID(response:Object):void {
uuid = String(response);
if(uuid == "UUID not found")
{
Alert.show("Error: Could not find team", "Error");
}
else if(uuid == "Team Unactive")
{
Alert.show("This team has been deactivated", "Deactivated");
}
else if(uuid == "")
{
Alert.show("Error selecting team", "Error");
}
else
{
appViews.selectedIndex = 1;
}
}

is there something else that i need 2 post? i cant believe that nobody has tried to do this before

you couldn't figure out how to use the AS3 encryption library?

but anyways. what is the "key" part that you are having troubles with? Is it the checking of the key against the database? Is it the part where it saves the key in the applicationDirectory? Is it the encrypting or decrypting the key using javascript?

yes it is encrypting it using javascript cause thats the package a already was using since the AS3 library isnt compatible with PHP and neither does AS3 crypto ... anyway ya it is supposed 2 encrypt the key and then save it to the file system so that any time it starts after that it just gets the key from the file and then contacts the database to get the users UUID

ya i actually built a whole encrypted data service for my applications i spent weeks trying 2 get As3 crypto to work before i finally was told by somebody that it wasn't compatible with PHP's MyCrypt class so i used this custom PHP and javascript class instead:

http://code.google.com/p/as3-to-php-aes-dataservice/downloads/list

im trying 2 find somebody who can help me convert the Javascript 2 actionscript since i dont know javascript

is there anyting else u needed 2 know?

I dont see any javascript class or code or document or anything related to Javascript on that link.

Does the application check against an online database of keys? or does the application try to connect to your server at all? If so I think you could code a workaround.

The first function called load-encryption loads the javascript but that part works just fine it is the file access part that doesn't work, and yes it contacts a database 2 verify the key as my application is an Admin back end for web-application so it has to be able to contact the database to work anyway

it's just the file writing that's causing problems? Well then you should have said so. I thought you were having problems with the actual encryption. Does it not write the key to the file? Does it give you an error? Is the file created? Does the file have a filesize? Can you retrieve the key from the file but not send it to the server?

any time i try to access the file system it errors out on the the filestream part

mind sharing the error?

see if you get an error with this.
if it does work, start uncommenting line by line till you find what line causes the error.

public function getKey():String {
var activationFile:File = File.applicationDirectory.resolvePath("Team.xml");
var fileStream:FileStream = new FileStream();
fileStream.open(activationFile, FileMode.READ);
/*
var fileData:XML = XML(fileStream.readUTFBytes(fileStream.bytesAvaila ble));
var key:String = AESdecrypt(fileData.key);
var keyMD5:String = hashMD5(key);
var keySHA:String = hashSHA(key);
if(keyMD5 == fileData.security_code_1 && keySHA == fileData.security_code_2)
{
return(key);
}
else
{
return ("Could not verify the key");
}
*/
}

Ya sorry i just started this post quite a while ago so i went back and tested again and the first problem im having is that if i just run the checkKey() function i dont get any response at all ... no error or anything

well in that function you open the filestream with write mode but yet you just read the file. change that to read.


fileStream.open(activationFile, FileMode.READ);

But if the file doesn't exist then i will get an I/O error and the purpose of that function is to see if the file exists and has a key in it or not

This is what i used when trying to build this function

http://www.insideria.com/2008/03/beginning-air-accessing-the-fi-1.html

k then, open it with FileMode.UPDATE

still just does nothing

after you run the program does a file show up where its supposed to? does the file have a file size (check the number beside the label size, not size on disk)? if you put your own file there (if one doesn't exist) and add your own data to it that is supposed to be save there, will it run ok?

and have you ever thought about using the EncryptedLocalStore?

Its easier to use.

ya it is just that as i said before that doesnt work for my dataservice so i already have this one set up and know how to use it so why use two different sets of encryption? and no it doesnt create the file at all

i ended up using the shared data object instead

The reason your first method didin't work is that you aren't allowed to write to files in the application directory. (Unless I misread your code.)

Instead of File.applicationDirectory use File.applicationStorageDirectory.

Thanks a lot i actually ended up using Flash Shared object but thanks that will be good 2 know in the future