Automatic Doc/View File Encryption/Decryption

Environment: VC6 SP5, W2K SP3


I've been using this site for some time now to help me with my projects. I just want to say thank you to the sponsors! This site is a great resource!

I'm presently working on a project that needs to save files from a document/view application in an encrypted format. I didn't have any tricks in my bag, so I looked around here for some examples, but was unable to find any. (Looks like it's my turn to contribute.) So I banged out some code, and here is what I came up with.

The project requirements were fairly simple. Here's what I needed the program to do:

  1. Always encrypt the file during write cycles.
  2. Ability to read in previous unencrypted file versions or encrypted versions automatically without user intervention or conversion programs (backward compatibility).
  3. Relatively quick read and write times. For this I choose the BlowFish algorithm.

Design/Implementation Goals

  1. Provide a mechanism that could be used to trigger different behaviors during the read cycle of the file, such as:
    • Use/Change encryption codecs
    • Use/Change compression/decompression engines
  2. I didn't want to have to change one or more object serialization methods (which meant to accomplish requirement #2, I'd have to use schema numbers, and that can get way too messy/confusing), so as a result, it must work in a generic fashion for the document file that could accomplish requirement #2 easily.

The implementation is a CDocument derivative called CDocumentBlowFish; it uses a CFile derivative called CFileBlowFish.

I only partially implemented Design goal #1, in that during the read cycle of a file, it automatically determines whether the file was previously encrypted. So the goal of "Use/Change encryptions codecs" was met. However, I have not yet taken the time to accomplish the goal of "Use/Change compression/decompression engines."

Warning: This code should be considered 0.1 Alpha. I've done some very light testing, but that is all. That being said, I believe the code to be in working order. YMMV!

How to Use the Program

  1. Drop the following files into your project directory, and then add them to the IDE project:
    • blowfish.cpp
    • blowfish.h
    • blowfish.h2
    • DocumentBlowFish.cpp
    • DocumentBlowFish.h
    • FileBlowFish.cpp
    • FileBlowFish.h
  2. Replace all occurences of the CDocument base class in your doc/view document class .h and .cpp files with CDocumentBlowFish.
  3. Add an #include "DocumentBlowFish.h" to your doc/view document class .h file.
  4. Change the encryption seed in CFileBlowFish::MemberInit() to be unique to your project.
  5. Compile and test. (Make sure that you keep backup copies of your original document files!)

Comments, suggestions, bug fixes, flames (for coding style), and so forth should be posted here. Please do not send me e-mail asking questions or for help; I get way too much spam as it is...

Neal Horman


Download demo exe - 17 Kb
Download demo project - 52 Kb
Download source - 18 Kb


  • Ummmm.....not very secure!

    Posted by Legacy on 10/02/2002 12:00am

    Originally posted by: Ben Curley


    Just thought I would point out some of the problems with your code and make some suggestions for some changes you could make.

    1. I notice that you are using blowfish in ECB (Electronic Code Book) Mode. Are you aware that this is the most insecure method of any block cipher and is no more secure than XOR Encryption really. I would suggest using blowfish in a chaining mode, for example CBC (Cipher Block Chaining) this uses the previous block as input into the cipher.

    2. Hard coding the key into the executable is a really silly idea. I would suggest a password based system. The password can ben hashed using SHA-1 to provide the key for the encryption/decryption.

    Hope this helps.


  • Text Length MOD 8!

    Posted by Legacy on 09/30/2002 12:00am

    Originally posted by: Dave


    Nice article . . .

    But, if you want this to work,
    you've got to make sure your
    text length is 'Mod 8'.

    In other words, if the length
    of text in your document is 15
    it won't work. If you pad the
    same text to 16, it will.

  • I can not make it in my computer.

    Posted by Legacy on 09/28/2002 12:00am

    Originally posted by: Leon Storm

    As title.

    My working environment is WIN98,VC6 SP?,

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • As the mobile enterprise marketplace expands and customer needs grow more diverse, Samsung recognizes that solution partners and developers play an essential role by continually innovating to meet their customers' needs. Samsung works to provide these developers and partners with the latest tools and resources needed to create these solutions. Read this program guide to learn how the Samsung Enterprise Alliance Program provides partners and developers with Samsung enterprise software development kits (SDKs) …

  • Lenovo recommends Windows 8 Pro. "I dropped my laptop getting out of the taxi." This probably sounds familiar to most IT professionals. If your employees are traveling, you know their devices are in for a rough go. Whether it's a trip to the conference room or a convention out of town, any time equipment leaves a user's desk it is at risk of being put into harm's way. Stay connected at all times, whether at the office or on the go, with agile, durable, and flexible devices like the Lenovo® …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date