Black Book

A Project Report on “Lock And Key”

Submitted by Yash Jhunjhunwala - 1298016

Raj Mehta - 1298022Akash Mehta -1298023

Guided By Ms. Priti Bokariya

Term – December’14 to April’15

Department of Computer Engineering/ Information Technology

SVKM’sShri Bhaghubhai Mafatlal Polytechnic,

Irla, N. R. G. Marg, Vile Parle (W), Mumbai -400056

Table of Contents

1.ACKNOWLEDGEMENT1

2.ABSTRACT 2

3.PROBLEM STATEMENT 3

4.EXISTING SYSTEM 4

5.PROPOSED SYSTEM 5

6.TECHNOLOGIES USED 6

6.1.VB.NET 6

6.2.MS ACCESS 7

6.3.VISUAL STUDIO 8

6.4.ASP.NET 9

6.5.DYNAMIC LINK LIBRARY 10

7.DIAGRAM 11

8.ENCRYPTION 13

9.APPLICATION PROGRAMMING INTERFACE 14

10.CODE 15

11.API DOCUMENTATION 76

12.SCREENSHOTS 78

13.LIMITATIONS 82

14.CONCLUSION 83

15.REFERENCES 84

Acknowledgement

We’d like to take this opportunity and thank Shri Bhagubhai Mafatlal Polytechnic’s dean Prof. Y.I Shah

and Head of department (H.O.D) of Information Technology Mrs. Neeta Kadukar for their constant

support and guidance in making this project a reality.

We’d also like to thank our project guide Ms. Preeti Bokariya for being there with us at every milestone of

the project and our technician Ms. Smita Rajai for helping us out with technical issues.

And last, but not the least, we’d like to thank our friends and family for their constant moral support.

Without all the people mentioned above, this project would’ve never seen the light of day.

1

Abstract

Applications are vulnerable to theft of sensitive information. Hackers all around the world are repeatedly

trying to gain unauthorized access to data. We tried to solve that problem.

We created a technology for encryption which provides practical and provable confidentiality in the face of

these attacks for applications based by MS Access databases. We’re calling this technology Lock & Key.

Lock & Key works by executing SQL queries over encrypted data using AES encryption scheme.

Even if the application is compromised, the attacker won’t be able get access to any user’s data. As a result,

nobody can get access to the original data without authorization.

2.1 Compromised System

2

Problem StatementTheft of private information is a significant problem, particularly for online applications. An adversary can

exploit software vulnerabilities to gain unauthorized access to servers; curious or malicious administrators at

a hosting or application provider can snoop on private data; and attackers with physical access to servers can

access all data on disk and in memory.

One approach to reduce the damage caused by server compromises is to encrypt sensitive data and run all

computations (application logic) on clients. Unfortunately, several important applications do not lend

themselves to this approach, including database-backed web sites that process queries to generate data for

the user, and applications that compute over large amounts of data.

Even when this approach is tenable, converting an existing server-side application to this form can be

difficult. Another approach would be to consider theoretical solutions such as fully homomorphic

encryption, which allows servers to compute arbitrary functions over encrypted data, while only clients see

decrypted data. However, fully homomorphic encryption schemes are still prohibitively expensive by orders

of magnitude.

We need a technology that can encrypt all the data in a database such that even the database admin won’t

have access to the original data.

3

Existing SystemCryptDB

It uses 6 to 7 layers of encryption, we’re using only 1.

It is used by Google for Big Data.

It is c++ based.

It uses chaining encryption which we are not using.

4

Proposed SystemWe present Lock & Key, an encryption technology that can be used to encrypt databases. It is an encryption

technique which will encrypt all the data in a database.

It uses a widely acknowledged technique of encryption called AES (Advanced Encryption Standard).

It is a specification for the encryption of electronic data. It has been established by the US national Institute

of Standards and Technology (NIST). AES is based on the Rijndael cipher.

This approach works on MS Access databases. To demonstrate Lock & Key, we have made an ASP.NET

website firing SQL queries to an Access database. We have also created a Windows software with the help

of which the user can create Databases and perform various queries on it.

We have also developed an API of this technology so that other people using Access databases can use it to

encrypt their own data as well.

5

Technologies used

VB.NETVisual Basic .NET (VB.NET) is a multi-paradigm, high level programming language, implemented on

the .NET Framework. Microsoft launched VB.NET in 2002 as the successor to its original Visual Basic

language. Although ".NET" portion dropped in 2005, this article uses "Visual Basic .NET" to refer to all

Visual Basic languages releases since 2002, in order to distinguish between them and the classic Visual

Basic. Along with Visual C#, it is one of the two main languages targeting the .NET framework.

Microsoft's integrated development environment (IDE) for developing in Visual Basic .NET language is

Visual Studio. Most of Visual Studio editions are commercial; the only exceptions are Visual Studio Express

and Visual Studio Community which are freeware. In addition, .NET Framework SDK includes a freeware

command-line compiler called vbc.exe. Mono also includes a command-line VB.NET compiler.

A .dll file can be created by VB.NET. Hence, this technology can be used in any ASP.NET, VB.NET or

C#.NET projects.

6

MS AccessMicrosoft Access, also known as Microsoft Office Access, is a database management system from Microsoft

that combines the relational Microsoft Jet Database Engine with a graphical user interface and software-

development tools. It is a member of the Microsoft Office suite of applications, included in the Professional

and higher editions or sold separately.

Microsoft Access stores data in its own format based on the Access Jet Database Engine. It can also import

or link directly to data stored in other applications and databases.

Software developers and data architects can use Microsoft Access to develop application software, and

"power users" can use it to build software applications. Like other Office applications, Access is supported

by Visual Basic for Applications (VBA), an object-oriented programming language that can reference a

variety of objects including DAO (Data Access Objects), ActiveX Data Objects, and many other ActiveX

components. Visual objects used in forms and reports expose their methods and properties in the VBA

programming environment, and VBA code modules may declare and call Windows operating-system

functions.

7

IDE used: Microsoft Visual Studio

Microsoft Visual Studio is an integrated developmentt environment (IDE) from Microsoft. It is used to

develop computer programs for Microsoft Windows, as well as web sites, web applications and web

services. Visual Studio uses Microsoft software development platforms such as Windows API, Windows

Forms, Windows Presentation Foundation, Windows Store and Microsoft Silverlight. It can produce both

native code and managed code.

Visual Studio includes a code editor supporting IntelliSense (the code completion component) as well as

code refactoring. The integrated debugger works both as a source-level debugger and a machine-level

debugger. Other built-in tools include a forms designer for building GUI applications, web designer, class

designer, and database schema designer. It accepts plug-ins that enhance the functionality at almost every

level—including adding support for source-control systems (like Subversion) and adding new toolsets like

editors and visual designers for domain-specific languages or toolsets for other aspects of the software

development lifecycle (like the Team Foundation Server client: Team Explorer).

Visual Studio supports different programming languages and allows the code editor and debugger to support

(to varying degrees) nearly any programming language, provided a language-specific service exists. Built-in

languages include C, C++ and C++/CLI (via Visual C++), VB.NET (via Visual Basic .NET), C# (via Visual

C#), and F# (as of Visual Studio 2010). Support for other languages such as M, Python, and Ruby among

others is available via language services installed separately. It also supports XML/XSLT, HTML/XHTML,

JavaScript and CSS. Java (and J#) were supported in the past.

Microsoft provides "Express" editions of its Visual Studio at no cost. Commercial versions of Visual Studio

along with select past versions are available for free to students via Microsoft's DreamSpark program.

8

ASP.NET

ASP.NET is an open source server-side Web application framework designed for Web development to produce dynamic Web pages. It was developed by Microsoft to allow programmers to build dynamic web sites, web applications and web services.

It was first released in January 2002 with version 1.0 of the .NET Framework, and is the successor to Microsoft's Active Server Pages (ASP) technology. ASP.NET is built on the Common Language Runtime (CLR), allowing programmers to write ASP.NET code using any supported .NET language. The ASP.NET SOAP extension framework allows ASP.NET components to process SOAP messages.

ASP.NET is in the process of being re-implemented as a modern and modular web framework, together with other frameworks like Entity Framework. The new framework will make use of the new open-source .NET Compiler Platform (code-name "Roslyn") and be cross platform. ASP.NET MVC, ASP.NET Web API, and ASP.NET Web Pages (a platform using only Razor pages) will merge into a unified MVC 6.[3] The project is called "ASP.NET vNext".

9

Dynamic-link Library

Dynamic-link library (also written unhyphenated), or DLL, is Microsoft's implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems. These libraries usually have the file extension DLL, OCX (for libraries containing ActiveX controls), or DRV (for legacy system drivers). The file formats for DLLs are the same as for Windows EXE files – that is, Portable Executable (PE) for 32-bit and 64-bit Windows, and New Executable (NE) for 16-bit Windows. As with EXEs, DLLs can contain code, data, and resources, in any combination.

Data files with the same file format as a DLL, but with different file extensions and possibly containing only resource sections, can be called resource DLLs. Examples of such DLLs include icon libraries, sometimes having the extension ICL, and font files, having the extensions FON and FOT.

Since DLLs are essentially the same as EXEs, the choice of which to produce as part of the linking process is for clarity, since it is possible to export functions and data from either.

It is not possible to directly execute a DLL, since it requires an EXE for the operating system to load it through an entry point, hence the existence of utilities like RUNDLL.EXE or RUNDLL32.EXE which provide the entry point and minimal framework for DLLs that contain enough functionality to execute without much support.

DLLs provide a mechanism for shared code and data, allowing a developer of shared code/data to upgrade functionality without requiring applications to be re-linked or re-compiled. From the application development point of view Windows and OS/2 can be thought of as a collection of DLLs that are upgraded, allowing applications for one version of the OS to work in a later one, provided that the OS vendor has ensured that the interfaces and functionality are compatible.

DLLs execute in the memory space of the calling process and with the same access permissions which means there is little overhead in their use but also that there is no protection for the calling EXE if the DLL has any sort of bug.

10

Flow chart

Browse Database

Password valid?

Login input

Start

Input password

Create Database

Login

Valid?

Open or create?

A

B

Yes No

Create parameterCreate

Open

Yes

No

11

BA

Delete Decrypt Edit

Confirm

Delete

Message

Confirm

Decrypt

Message

DB operation

Save

Edit screen

Stop

12

EncryptionThe Advanced Encryption Standard (AES), also referenced as Rijndael (its original name), is a specification

for the encryption of electronic data established by the U.S. National Institute of Standards and Technology

(NIST) in 2001.

AES is based on the Rijndael cipher developed by two Belgian cryptographers, Joan Daemen and Vincent

Rijmen, who submitted a proposal to NIST during the AES selection process. Rijndael is a family of ciphers

with different key and block sizes.

For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three

different key lengths: 128, 192 and 256 bits.

AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data

Encryption Standard (DES), which was published in 1977. The algorithm described by AES is a symmetric-

key algorithm, meaning the same key is used for both encrypting and decrypting the data.

In the United States, AES was announced by the NIST as U.S. FIPS PUB 197 (FIPS 197) on November 26,

2001. This announcement followed a five-year standardization process in which fifteen competing designs

were presented and evaluated, before the Rijndael cipher was selected as the most suitable (see Advanced

Encryption Standard process for more details).

13

Description of the cipherAES is based on a design principle known as a substitution-permutation network, combination of both

substitution and permutation, and is fast in both software and hardware.[10] Unlike its predecessor DES,

AES does not use a Feistel network. AES is a variant of Rijndael which has a fixed block size of 128 bits,

and a key size of 128, 192, or 256 bits. By contrast, the Rijndael specification per se is specified with block

and key sizes that may be any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits.

AES operates on a 4×4 column-major order matrix of bytes, termed the state, although some versions of

Rijndael have a larger block size and have additional columns in the state. Most AES calculations are done

in a special finite field.

The key size used for an AES cipher specifies the number of repetitions of transformation rounds that

convert the input, called the plaintext, into the final output, called the ciphertext. The number of cycles of

repetition are as follows:

10 cycles of repetition for 128-bit keys.



Each round consists of several processing steps, each containing four similar but different stages, including

one that depends on the encryption key itself. A set of reverse rounds are applied to transform ciphertext

back into the original plaintext using the same encryption key.

14

Application Programming Interface

In computer programming, an application programming interface (API) is a set of routines, protocols, and tools for building software applications. An API expresses a software component in terms of its operations, inputs, outputs, and underlying types. An API defines functionalities that are independent of their respective implementations, which allows definitions and implementations to vary without compromising each other. A good API makes it easier to develop a program by providing all the building blocks. A programmer then puts the blocks together.

In addition to accessing databases or computer hardware, such as hard disk drives or video cards, an API can ease the work of programming GUI components. For example, an API can facilitate integration of new features into existing applications (a so-called "plug-in API"). An API can also assist otherwise distinct applications with sharing data, which can help to integrate and enhance the functionalities of the applications.

APIs often come in the form of a library that includes specifications for routines, data structures, object classes, and variables. In other cases, notably SOAP and REST services, an API is simply a specification of remote calls exposed to the API consumers.

An API specification can take many forms, including an International Standard, such as POSIX, vendor documentation, such as the Microsoft Windows API, or the libraries of a programming language, e.g., the Standard Template Library in C++ or the Java APIs.

An API differs from an application binary interface (ABI) in that an API is source code-based while an ABI is a binary interface. For instance POSIX is an API, while the Linux Standard Base provides an ABI.

15

CodeMainForm.Designer.vb

<Global.Microsoft.VisualBasic.CompilerServices.DesignerGenerated()> _

Partial Class MainForm

Inherits System.Windows.Forms.Form

'Form overrides dispose to clean up the component list.

<System.Diagnostics.DebuggerNonUserCode()> _

Protected Overrides Sub Dispose(ByVal disposing As Boolean)

Try

If disposing AndAlso components IsNot Nothing Then

components.Dispose()

End If

Finally

MyBase.Dispose(disposing)

End Try

End Sub

'Required by the Windows Form Designer

Private components As System.ComponentModel.IContainer

'NOTE: The following procedure is required by the Windows Form Designer

'It can be modified using the Windows Form Designer.

'Do not modify it using the code editor.

<System.Diagnostics.DebuggerStepThrough()> _

16

Private Sub InitializeComponent()

Me.GroupBox1 = New System.Windows.Forms.Panel()

Me.SuspendLayout()

'

'GroupBox1

'

Me.GroupBox1.Dock = System.Windows.Forms.DockStyle.Fill

Me.GroupBox1.Location = New System.Drawing.Point(0, 0)

Me.GroupBox1.Name = "GroupBox1"

Me.GroupBox1.Size = New System.Drawing.Size(731, 543)

Me.GroupBox1.TabIndex = 0

'

'MainForm

'

Me.AutoScaleDimensions = New System.Drawing.SizeF(6.0!, 13.0!)

Me.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font

Me.ClientSize = New System.Drawing.Size(731, 543)

Me.Controls.Add(Me.GroupBox1)

Me.MaximizeBox = False

Me.MinimizeBox = False

Me.Name = "MainForm"

Me.Text = "Lock & Key"

Me.WindowState = System.Windows.Forms.FormWindowState.Maximized

Me.ResumeLayout(False)

End Sub

Friend WithEvents GroupBox1 As System.Windows.Forms.Panel

17

End Class

MainForm.vb

Imports System.Data

Imports System.Data.OleDb

Public Class MainForm

Dim strConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &

System.Environment.CurrentDirectory & "\LockKeyMast.mdb;Jet OLEDB:Database

Password=iamlock&key9;"

Private Sub MainForm_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles

MyBase.Load

Dim loginfrm As Login

loginfrm = New Login

loginfrm.Anchor = AnchorStyles.Bottom Or AnchorStyles.Left Or AnchorStyles.Right Or

AnchorStyles.Top

loginfrm.Height = GroupBox1.Height

loginfrm.Width = GroupBox1.Width

GroupBox1.Controls.Add(loginfrm)

End Sub

End Class

Login.Designer.vb


Partial Class Login

Inherits System.Windows.Forms.UserControl

18

'UserControl overrides dispose to clean up the component list.



Try



End If

Finally


End Try

End Sub








Dim resources As System.ComponentModel.ComponentResourceManager = New

System.ComponentModel.ComponentResourceManager(GetType(Login))

Me.PictureBox1 = New System.Windows.Forms.PictureBox()

Me.btnLogin = New System.Windows.Forms.Button()

Me.textPass = New System.Windows.Forms.TextBox()

Me.Label2 = New System.Windows.Forms.Label()19

Me.textUser = New System.Windows.Forms.TextBox()

Me.Label1 = New System.Windows.Forms.Label()

Me.Panel1 = New System.Windows.Forms.Panel()

CType(Me.PictureBox1, System.ComponentModel.ISupportInitialize).BeginInit()

Me.Panel1.SuspendLayout()

Me.SuspendLayout()

'

'PictureBox1

'

Me.PictureBox1.Anchor = System.Windows.Forms.AnchorStyles.None

Me.PictureBox1.Image = CType(resources.GetObject("PictureBox1.Image"), System.Drawing.Image)

Me.PictureBox1.Location = New System.Drawing.Point(115, 2)

Me.PictureBox1.MaximumSize = New System.Drawing.Size(135, 131)

Me.PictureBox1.Name = "PictureBox1"

Me.PictureBox1.Size = New System.Drawing.Size(135, 131)

Me.PictureBox1.SizeMode = System.Windows.Forms.PictureBoxSizeMode.StretchImage

Me.PictureBox1.TabIndex = 12

Me.PictureBox1.TabStop = False

'

'btnLogin

'

Me.btnLogin.Anchor = System.Windows.Forms.AnchorStyles.None

Me.btnLogin.Location = New System.Drawing.Point(142, 200)

Me.btnLogin.Name = "btnLogin"

Me.btnLogin.Size = New System.Drawing.Size(75, 23)

Me.btnLogin.TabIndex = 11

20

Me.btnLogin.Text = "Login"

Me.btnLogin.UseVisualStyleBackColor = True

'

'textPass

'

Me.textPass.Anchor = System.Windows.Forms.AnchorStyles.None

Me.textPass.Location = New System.Drawing.Point(115, 166)

Me.textPass.MaximumSize = New System.Drawing.Size(135, 20)

Me.textPass.Name = "textPass"

Me.textPass.PasswordChar = Global.Microsoft.VisualBasic.ChrW(42)

Me.textPass.Size = New System.Drawing.Size(135, 20)

Me.textPass.TabIndex = 10

'

'Label2

'

Me.Label2.Anchor = System.Windows.Forms.AnchorStyles.None

Me.Label2.AutoSize = True

Me.Label2.Location = New System.Drawing.Point(58, 169)

Me.Label2.Name = "Label2"

Me.Label2.Size = New System.Drawing.Size(53, 13)

Me.Label2.TabIndex = 9

Me.Label2.Text = "Password"

'

'textUser

'

Me.textUser.Anchor = System.Windows.Forms.AnchorStyles.None

21

Me.textUser.Location = New System.Drawing.Point(115, 140)

Me.textUser.MaximumSize = New System.Drawing.Size(135, 20)

Me.textUser.Name = "textUser"

Me.textUser.Size = New System.Drawing.Size(135, 20)

Me.textUser.TabIndex = 8

'

'Label1

'







Me.Label1.Text = "Username"

'

'Panel1

'

Me.Panel1.Controls.Add(Me.PictureBox1)

Me.Panel1.Controls.Add(Me.Label1)

Me.Panel1.Controls.Add(Me.btnLogin)

Me.Panel1.Controls.Add(Me.textUser)

Me.Panel1.Controls.Add(Me.textPass)


Me.Panel1.Location = New System.Drawing.Point(1, 3)

Me.Panel1.Name = "Panel1"

22

Me.Panel1.Size = New System.Drawing.Size(359, 232)

Me.Panel1.TabIndex = 13

'

'Login

'



Me.AutoSize = True

Me.AutoSizeMode = System.Windows.Forms.AutoSizeMode.GrowAndShrink

Me.Controls.Add(Me.Panel1)

Me.Name = "Login"

Me.Size = New System.Drawing.Size(363, 238)

CType(Me.PictureBox1, System.ComponentModel.ISupportInitialize).EndInit()

Me.Panel1.ResumeLayout(False)

Me.Panel1.PerformLayout()


End Sub

Friend WithEvents PictureBox1 As System.Windows.Forms.PictureBox

Friend WithEvents btnLogin As System.Windows.Forms.Button

Friend WithEvents textPass As System.Windows.Forms.TextBox

Friend WithEvents Label2 As System.Windows.Forms.Label

Friend WithEvents textUser As System.Windows.Forms.TextBox


Friend WithEvents Panel1 As System.Windows.Forms.Panel

End Class

23

Login.vb


Public Class Login

Dim strConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &

System.Environment.CurrentDirectory & "\LockKeyMast.mdb;Jet OLEDB:Database

Password=iamlock&key9;"

Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles

btnLogin.Click

Dim cnnOLEDB As New OleDbConnection

Dim cmdOLEDB As New OleDbCommand

If String.IsNullOrEmpty(textUser.Text) Then

MsgBox("Username cannot be empty")

Else

If String.IsNullOrEmpty(textPass.Text) Then

MsgBox("Password cannot be empty")

Else

cnnOLEDB.ConnectionString = strConnectionString

cnnOLEDB.Open()

cmdOLEDB.Connection = cnnOLEDB

cmdOLEDB.CommandText = "SELECT * FROM LogiMast where UserName = """ +

textUser.Text + """ AND Pass = """ + textPass.Text + """"

Dim result = cmdOLEDB.ExecuteReader()

If result.HasRows Then

' MsgBox("Login Successful")

24

Dim optionfrm As New DBOpti

optionfrm.Anchor = AnchorStyles.Bottom Or AnchorStyles.Left Or AnchorStyles.Right Or

AnchorStyles.Top

optionfrm.Height = Me.Parent.Height

optionfrm.Width = Me.Parent.Width

Me.Parent.Controls.Add(optionfrm)

Me.Parent.Controls.Remove(Me)

Else

MsgBox("Invalid Username or Password")

textUser.Text = ""

textPass.Text = ""

End If

End If

End If

End Sub

Private Sub Login_Resize(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Resize

Dim boundWidth As Integer = Screen.PrimaryScreen.Bounds.Width

Dim boundHeight As Integer = Screen.PrimaryScreen.Bounds.Height

Dim x As Integer = boundWidth - Panel1.Width

Dim y As Integer = boundHeight - Panel1.Height - 100

Panel1.Location = New Point(x / 2, y / 2)

End Sub

End Class

DBOpti.Designer.vb


25

Partial Class DBOpti





Try



End If

Finally


End Try

End Sub








Me.creaDB = New System.Windows.Forms.Button()

Me.openDB = New System.Windows.Forms.Button()

Me.DeleDB = New System.Windows.Forms.Button()

26

Me.openDBDial = New System.Windows.Forms.OpenFileDialog()

Me.EditDB = New System.Windows.Forms.Button()

Me.DecrDB = New System.Windows.Forms.Button()





Me.SuspendLayout()

'

'creaDB

'

Me.creaDB.Anchor = System.Windows.Forms.AnchorStyles.None

Me.creaDB.Location = New System.Drawing.Point(246, 21)

Me.creaDB.Name = "creaDB"

Me.creaDB.Size = New System.Drawing.Size(75, 23)

Me.creaDB.TabIndex = 2

Me.creaDB.Text = "Create"

Me.creaDB.UseVisualStyleBackColor = True

'

'openDB

'

Me.openDB.Anchor = System.Windows.Forms.AnchorStyles.None

Me.openDB.Location = New System.Drawing.Point(102, 21)

Me.openDB.Name = "openDB"

Me.openDB.Size = New System.Drawing.Size(75, 23)

Me.openDB.TabIndex = 1

27

Me.openDB.Text = "Open "

Me.openDB.UseVisualStyleBackColor = True

'

'DeleDB

'

Me.DeleDB.Anchor = System.Windows.Forms.AnchorStyles.None

Me.DeleDB.Location = New System.Drawing.Point(298, 135)

Me.DeleDB.Name = "DeleDB"

Me.DeleDB.Size = New System.Drawing.Size(75, 23)

Me.DeleDB.TabIndex = 5

Me.DeleDB.Text = "Delete"

Me.DeleDB.UseVisualStyleBackColor = True

Me.DeleDB.Visible = False

'

'openDBDial

'

Me.openDBDial.Filter = "Access Database (*.mdb,*.accdb)|*.mdb;*.accdb"

'

'EditDB

'

Me.EditDB.Anchor = System.Windows.Forms.AnchorStyles.None

Me.EditDB.Location = New System.Drawing.Point(20, 135)

Me.EditDB.Name = "EditDB"

Me.EditDB.Size = New System.Drawing.Size(75, 23)

Me.EditDB.TabIndex = 3

Me.EditDB.Text = "Edit"

28

Me.EditDB.UseVisualStyleBackColor = True

Me.EditDB.Visible = False

'

'DecrDB

'

Me.DecrDB.Anchor = System.Windows.Forms.AnchorStyles.None

Me.DecrDB.Location = New System.Drawing.Point(167, 133)

Me.DecrDB.Name = "DecrDB"

Me.DecrDB.Size = New System.Drawing.Size(75, 23)

Me.DecrDB.TabIndex = 4

Me.DecrDB.Text = "Decrypt"

Me.DecrDB.UseVisualStyleBackColor = True

Me.DecrDB.Visible = False

'

'Panel1

'

Me.Panel1.AutoSize = True

Me.Panel1.AutoSizeMode = System.Windows.Forms.AutoSizeMode.GrowAndShrink

Me.Panel1.Controls.Add(Me.Panel2)

Me.Panel1.Dock = System.Windows.Forms.DockStyle.Fill





'

'Panel2

29

'

Me.Panel2.Anchor = System.Windows.Forms.AnchorStyles.None

Me.Panel2.Controls.Add(Me.openDB)

Me.Panel2.Controls.Add(Me.creaDB)

Me.Panel2.Controls.Add(Me.EditDB)

Me.Panel2.Controls.Add(Me.DeleDB)

Me.Panel2.Controls.Add(Me.DecrDB)





'

'DBOpti

'



Me.AutoSize = True


Me.Name = "DBOpti"





Me.PerformLayout()

End Sub

30

Friend WithEvents creaDB As System.Windows.Forms.Button

Friend WithEvents openDB As System.Windows.Forms.Button

Friend WithEvents DeleDB As System.Windows.Forms.Button

Friend WithEvents openDBDial As System.Windows.Forms.OpenFileDialog

Friend WithEvents EditDB As System.Windows.Forms.Button

Friend WithEvents DecrDB As System.Windows.Forms.Button



End Class

DBOpti.vb


Public Class DBOpti

Dim textpass As String

Dim strConnectionString As String

Private Sub openDB_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles

openDB.Click

openDBDial.ShowDialog()

End Sub

Private Sub DeleDB_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles

DeleDB.Click

Try

Dim var = MsgBox("Are you sure?", MsgBoxStyle.YesNo, "Delete Database")

If var = vbYes Then

System.IO.File.Delete(openDBDial.FileName)

End If

Catch ex As Exception31

Console.Write(ex.Message)

End Try

End Sub

Private Sub openDBDial_FileOk(ByVal sender As Object, ByVal e As

System.ComponentModel.CancelEventArgs) Handles openDBDial.FileOk

Pass:

textpass = InputBox("Enter Password", "Database", , , )

If textpass <> "" Then

strConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &

openDBDial.FileName & ";Jet OLEDB:Database Password=" & textpass & ";"


cnnOLEDB.ConnectionString = strConnectionString

Try

cnnOLEDB.Open()

cnnOLEDB.Close()

EditDB.Visible = True

DecrDB.Visible = True

DeleDB.Visible = True

Catch ex As OleDbException

MsgBox(ex.Message)

End Try

End If

End Sub

Private Sub DecrDB_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles

DecrDB.Click

Dim var = MsgBox("Are you sure?", MsgBoxStyle.YesNo, "Decrypt Database")

If var = vbYes Then

32

Try

Dim class1 As New RAYDB.RAYEncryption

class1.strConnString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &


class1.DecryptDB()

Dim Query = "DROP TABLE ColuList"



cnnOLEDB.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &


cnnOLEDB.Open()


cmdOLEDB.CommandText = Query

cmdOLEDB.ExecuteNonQuery()

Query = "DROP TABLE TableList"



MsgBox("Successfully Decrypted Database")

Catch ex As Exception

Console.WriteLine(ex.Message)

End Try

End If

End Sub

Private Sub EditDB_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles

EditDB.Click

Dim frm As EditDB = New EditDB

33

frm.Anchor = AnchorStyles.Bottom Or AnchorStyles.Left Or AnchorStyles.Right Or

AnchorStyles.Top

frm.Height = Me.Parent.Height

frm.Width = Me.Parent.Width

frm.strConnString = strConnectionString

frm.DisplayTableNames()

Me.Parent.Controls.Add(frm)


End Sub

Private Sub creaDB_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles

creaDB.Click

Dim frm As CreateDB = New CreateDB

frm.Anchor = AnchorStyles.Bottom Or AnchorStyles.Left Or AnchorStyles.Right Or

AnchorStyles.Top

frm.Height = Me.Parent.Height

frm.Width = Me.Parent.Width

Me.Parent.Controls.Add(frm)


End Sub

End Class

CreateDB.Designer.vb


Partial Class CreateDB



34



Try



End If

Finally


End Try

End Sub









Me.textDBName = New System.Windows.Forms.TextBox()


Me.SelectPathDial = New System.Windows.Forms.FolderBrowserDialog()

Me.PathSelector = New System.Windows.Forms.LinkLabel()

Me.bttnCreateDB = New System.Windows.Forms.Button()

Me.textDBPass = New System.Windows.Forms.TextBox()

35


Me.textConfPass = New System.Windows.Forms.TextBox()


Me.SuspendLayout()

'

'Label1

'






Me.Label1.Text = "Database Name"

'

'textDBName

'

Me.textDBName.Location = New System.Drawing.Point(127, 28)

Me.textDBName.Name = "textDBName"

Me.textDBName.Size = New System.Drawing.Size(170, 20)

Me.textDBName.TabIndex = 1

'

'Label2

'




36



Me.Label2.Text = "Database Path"

'

'PathSelector

'

Me.PathSelector.AutoSize = True

Me.PathSelector.Location = New System.Drawing.Point(124, 83)

Me.PathSelector.Name = "PathSelector"

Me.PathSelector.Size = New System.Drawing.Size(62, 13)

Me.PathSelector.TabIndex = 2

Me.PathSelector.TabStop = True

Me.PathSelector.Text = "Select Path"

'

'bttnCreateDB

'

Me.bttnCreateDB.Location = New System.Drawing.Point(222, 213)

Me.bttnCreateDB.Name = "bttnCreateDB"

Me.bttnCreateDB.Size = New System.Drawing.Size(75, 23)

Me.bttnCreateDB.TabIndex = 5

Me.bttnCreateDB.Text = "Create"

Me.bttnCreateDB.UseVisualStyleBackColor = True

'

'textDBPass

'

Me.textDBPass.Location = New System.Drawing.Point(127, 130)

37

Me.textDBPass.Name = "textDBPass"

Me.textDBPass.PasswordChar = Global.Microsoft.VisualBasic.ChrW(42)

Me.textDBPass.Size = New System.Drawing.Size(170, 20)

Me.textDBPass.TabIndex = 3

'

'Label3

'






Me.Label3.Text = "Database Password"

'

'textConfPass

'

Me.textConfPass.AccessibleRole = System.Windows.Forms.AccessibleRole.Pane

Me.textConfPass.Location = New System.Drawing.Point(127, 174)

Me.textConfPass.Name = "textConfPass"

Me.textConfPass.PasswordChar = Global.Microsoft.VisualBasic.ChrW(42)

Me.textConfPass.Size = New System.Drawing.Size(170, 20)

Me.textConfPass.TabIndex = 4

'

'Label4

'


38





Me.Label4.Text = "Confirm Password"

'

'CreateDB

'



Me.Controls.Add(Me.textConfPass)

Me.Controls.Add(Me.Label4)

Me.Controls.Add(Me.textDBPass)


Me.Controls.Add(Me.bttnCreateDB)

Me.Controls.Add(Me.PathSelector)


Me.Controls.Add(Me.textDBName)


Me.Name = "CreateDB"



Me.PerformLayout()

End Sub


Friend WithEvents textDBName As System.Windows.Forms.TextBox

39


Friend WithEvents SelectPathDial As System.Windows.Forms.FolderBrowserDialog

Friend WithEvents PathSelector As System.Windows.Forms.LinkLabel

Friend WithEvents bttnCreateDB As System.Windows.Forms.Button

Friend WithEvents textDBPass As System.Windows.Forms.TextBox


Friend WithEvents textConfPass As System.Windows.Forms.TextBox


End Class

CreateDB.vb

Imports System.Runtime.InteropServices


Public Class CreateDB

Dim connString As String

Private Sub PathSelector_LinkClicked(ByVal sender As System.Object, ByVal e As

System.Windows.Forms.LinkLabelLinkClickedEventArgs) Handles PathSelector.LinkClicked

Dim result = SelectPathDial.ShowDialog()

If result = DialogResult.OK Then

If Not SelectPathDial.SelectedPath.EndsWith("\") Then

SelectPathDial.SelectedPath = SelectPathDial.SelectedPath + "\"

End If

PathSelector.Text = SelectPathDial.SelectedPath + textDBName.Text + ".mdb"

End If

End Sub

Private Sub textDBName_TextChanged(ByVal sender As System.Object, ByVal e As System.EventArgs)

Handles textDBName.TextChanged40

If PathSelector.Text <> "Select Path" Then

If Not SelectPathDial.SelectedPath.EndsWith("\") Then

SelectPathDial.SelectedPath = SelectPathDial.SelectedPath + "\"

End If

PathSelector.Text = SelectPathDial.SelectedPath + textDBName.Text + ".mdb"

End If

End Sub

Private Sub bttnCreateDB_Click(ByVal sender As System.Object, ByVal e As System.EventArgs)

Handles bttnCreateDB.Click

If String.IsNullOrWhiteSpace(textDBName.Text) Then

MsgBox("Please Enter Database Name")

ElseIf PathSelector.Text = "Select Path" Then

MsgBox("Select the path")

ElseIf String.IsNullOrWhiteSpace(textDBPass.Text) Then

MsgBox("Enter Database Password")

ElseIf String.IsNullOrWhiteSpace(textConfPass.Text) Then

MsgBox("Confirm Database Password")

ElseIf textDBPass.Text <> textConfPass.Text Then

MsgBox("Passwords do not match")

ElseIf CreateAccessDatabase(PathSelector.Text) Then

MsgBox("Database created")

CreateDefaultTables()

Dim optionfrm As New EditDB

optionfrm.strConnString = connString

optionfrm.Anchor = AnchorStyles.Bottom Or AnchorStyles.Left Or AnchorStyles.Right Or

AnchorStyles.Top

optionfrm.Height = Me.Parent.Height

41

optionfrm.Width = Me.Parent.Width

Me.Parent.Controls.Add(optionfrm)


End If

End Sub

Private Sub CreateDefaultTables()

Dim query = "Create Table TableList(TablID AUTOINCREMENT PRIMARY KEY ,TableName

TEXT(255))"



cnnOLEDB.ConnectionString = connString

cnnOLEDB.Open()




cmdOLEDB.CommandText = "Create Table ColuList(ColuID AUTOINCREMENT PRIMARY

KEY,TablID Integer,ColuName TEXT(255),ColuDataType TEXT(255),ColuSize TEXT(255) DEFAULT

0)"


cnnOLEDB.Close()

End Sub

Public Function CreateAccessDatabase(ByVal DatabaseFullPath As String) As Boolean

Dim bAns As Boolean

Dim cat As New ADOX.Catalog()

Try

Dim sCreateString As String

42

sCreateString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & DatabaseFullPath & ";Jet

OLEDB:Database Password=" + textDBPass.Text

connString = sCreateString

cat.Create(sCreateString)

bAns = True

Dim conn As New ADODB.Connection()

conn = cat.ActiveConnection

conn.Close()

cat = Nothing

Catch Excep As System.Runtime.InteropServices.COMException

MsgBox(Excep.Message)

bAns = False

Finally

cat = Nothing

End Try

Return bAns

End Function

End Class

EditDB.Designer.vb


Partial Class EditDB





43

Try



End If

Finally


End Try

End Sub








Me.TableName = New System.Windows.Forms.ListBox()

Me.TabControl1 = New System.Windows.Forms.TabControl()

Me.TabPage1 = New System.Windows.Forms.TabPage()

Me.ListColumns = New System.Windows.Forms.ListBox()

Me.DeleColumn = New System.Windows.Forms.Button()

Me.EditColumn = New System.Windows.Forms.Button()

Me.AddColumn = New System.Windows.Forms.Button()

Me.ComboSize = New System.Windows.Forms.ComboBox()


44

Me.ComboDataType = New System.Windows.Forms.ComboBox()


Me.txtColName = New System.Windows.Forms.TextBox()


Me.TabPage2 = New System.Windows.Forms.TabPage()

Me.DisplayData = New System.Windows.Forms.DataGridView()

Me.queryText = New System.Windows.Forms.TextBox()


Me.runQueryButton = New System.Windows.Forms.Button()

Me.AddTabl = New System.Windows.Forms.Button()

Me.DeleTabl = New System.Windows.Forms.Button()

Me.editTabl = New System.Windows.Forms.Button()


Me.TabControl1.SuspendLayout()

Me.TabPage1.SuspendLayout()

Me.TabPage2.SuspendLayout()

CType(Me.DisplayData, System.ComponentModel.ISupportInitialize).BeginInit()


Me.SuspendLayout()

'

'TableName

'

Me.TableName.Anchor = System.Windows.Forms.AnchorStyles.None

Me.TableName.FormattingEnabled = True

Me.TableName.Location = New System.Drawing.Point(2, 5)

Me.TableName.Name = "TableName"

45

Me.TableName.Size = New System.Drawing.Size(189, 342)

Me.TableName.TabIndex = 0

'

'TabControl1

'

Me.TabControl1.Anchor = System.Windows.Forms.AnchorStyles.None

Me.TabControl1.Controls.Add(Me.TabPage1)

Me.TabControl1.Controls.Add(Me.TabPage2)

Me.TabControl1.Location = New System.Drawing.Point(213, 5)

Me.TabControl1.Name = "TabControl1"

Me.TabControl1.SelectedIndex = 0

Me.TabControl1.Size = New System.Drawing.Size(679, 342)

Me.TabControl1.TabIndex = 1

'

'TabPage1

'

Me.TabPage1.Controls.Add(Me.ListColumns)

Me.TabPage1.Controls.Add(Me.DeleColumn)

Me.TabPage1.Controls.Add(Me.EditColumn)

Me.TabPage1.Controls.Add(Me.AddColumn)

Me.TabPage1.Controls.Add(Me.ComboSize)

Me.TabPage1.Controls.Add(Me.Label4)

Me.TabPage1.Controls.Add(Me.ComboDataType)


Me.TabPage1.Controls.Add(Me.txtColName)


46

Me.TabPage1.Location = New System.Drawing.Point(4, 22)

Me.TabPage1.Name = "TabPage1"

Me.TabPage1.Padding = New System.Windows.Forms.Padding(3)

Me.TabPage1.Size = New System.Drawing.Size(671, 316)

Me.TabPage1.TabIndex = 0

Me.TabPage1.Text = "Schema"

Me.TabPage1.UseVisualStyleBackColor = True

'

'ListColumns

'

Me.ListColumns.FormattingEnabled = True

Me.ListColumns.Location = New System.Drawing.Point(521, 9)

Me.ListColumns.Name = "ListColumns"

Me.ListColumns.Size = New System.Drawing.Size(127, 264)

Me.ListColumns.TabIndex = 10

'

'DeleColumn

'

Me.DeleColumn.Location = New System.Drawing.Point(35, 147)

Me.DeleColumn.Name = "DeleColumn"

Me.DeleColumn.Size = New System.Drawing.Size(91, 23)

Me.DeleColumn.TabIndex = 9

Me.DeleColumn.Text = "Delete Column"

Me.DeleColumn.UseVisualStyleBackColor = True

Me.DeleColumn.Visible = False

'

47

'EditColumn

'

Me.EditColumn.Location = New System.Drawing.Point(224, 147)

Me.EditColumn.Name = "EditColumn"

Me.EditColumn.Size = New System.Drawing.Size(75, 23)

Me.EditColumn.TabIndex = 8

Me.EditColumn.Text = "Edit Column"

Me.EditColumn.UseVisualStyleBackColor = True

Me.EditColumn.Visible = False

'

'AddColumn

'

Me.AddColumn.Location = New System.Drawing.Point(138, 147)

Me.AddColumn.Name = "AddColumn"

Me.AddColumn.Size = New System.Drawing.Size(75, 23)

Me.AddColumn.TabIndex = 6

Me.AddColumn.Text = "Add Column"

Me.AddColumn.UseVisualStyleBackColor = True

'

'ComboSize

'

Me.ComboSize.DropDownStyle = System.Windows.Forms.ComboBoxStyle.DropDownList

Me.ComboSize.FormattingEnabled = True

Me.ComboSize.Items.AddRange(New Object() {"16", "32", "48", "64", "80", "96", "112", "128"})

Me.ComboSize.Location = New System.Drawing.Point(97, 91)

Me.ComboSize.Name = "ComboSize"

48

Me.ComboSize.Size = New System.Drawing.Size(121, 21)

Me.ComboSize.TabIndex = 5

'

'Label4

'






Me.Label4.Text = "Size"

'

'ComboDataType

'

Me.ComboDataType.DropDownStyle = System.Windows.Forms.ComboBoxStyle.DropDownList

Me.ComboDataType.FormattingEnabled = True

Me.ComboDataType.Items.AddRange(New Object() {"Text", "Number", "YES/NO", "DateTime"})

Me.ComboDataType.Location = New System.Drawing.Point(97, 52)

Me.ComboDataType.Name = "ComboDataType"

Me.ComboDataType.Size = New System.Drawing.Size(121, 21)

Me.ComboDataType.TabIndex = 3

'

'Label3

'



49




Me.Label3.Text = "Data Type"

'

'txtColName

'

Me.txtColName.Location = New System.Drawing.Point(97, 9)

Me.txtColName.Name = "txtColName"

Me.txtColName.Size = New System.Drawing.Size(119, 20)

Me.txtColName.TabIndex = 1

'

'Label2

'






Me.Label2.Text = "Column Name"

'

'TabPage2

'

Me.TabPage2.Controls.Add(Me.DisplayData)

Me.TabPage2.Location = New System.Drawing.Point(4, 22)

Me.TabPage2.Name = "TabPage2"

50

Me.TabPage2.Padding = New System.Windows.Forms.Padding(3)

Me.TabPage2.Size = New System.Drawing.Size(671, 316)

Me.TabPage2.TabIndex = 1

Me.TabPage2.Text = "Data"

Me.TabPage2.UseVisualStyleBackColor = True

'

'DisplayData

'

Me.DisplayData.AllowUserToAddRows = False

Me.DisplayData.AllowUserToDeleteRows = False

Me.DisplayData.ColumnHeadersHeightSizeMode =

System.Windows.Forms.DataGridViewColumnHeadersHeightSizeMode.AutoSize

Me.DisplayData.Dock = System.Windows.Forms.DockStyle.Fill

Me.DisplayData.Location = New System.Drawing.Point(3, 3)

Me.DisplayData.Name = "DisplayData"

Me.DisplayData.ReadOnly = True

Me.DisplayData.Size = New System.Drawing.Size(665, 310)

Me.DisplayData.TabIndex = 0

'

'queryText

'

Me.queryText.Anchor = System.Windows.Forms.AnchorStyles.None

Me.queryText.Location = New System.Drawing.Point(133, 365)

Me.queryText.Name = "queryText"

Me.queryText.Size = New System.Drawing.Size(536, 20)

Me.queryText.TabIndex = 2

'51

'Label1

'







Me.Label1.Text = "Enter Query:"

'

'runQueryButton

'

Me.runQueryButton.Anchor = System.Windows.Forms.AnchorStyles.None

Me.runQueryButton.Location = New System.Drawing.Point(767, 365)

Me.runQueryButton.Name = "runQueryButton"

Me.runQueryButton.Size = New System.Drawing.Size(75, 23)

Me.runQueryButton.TabIndex = 4

Me.runQueryButton.Text = "Fire"

Me.runQueryButton.UseVisualStyleBackColor = True

'

'AddTabl

'

Me.AddTabl.Anchor = System.Windows.Forms.AnchorStyles.None

Me.AddTabl.Location = New System.Drawing.Point(9, 319)

Me.AddTabl.Name = "AddTabl"

Me.AddTabl.Size = New System.Drawing.Size(27, 23)

52

Me.AddTabl.TabIndex = 5

Me.AddTabl.Text = "+"

Me.AddTabl.UseVisualStyleBackColor = True

'

'DeleTabl

'

Me.DeleTabl.Anchor = System.Windows.Forms.AnchorStyles.None

Me.DeleTabl.Location = New System.Drawing.Point(42, 319)

Me.DeleTabl.Name = "DeleTabl"

Me.DeleTabl.Size = New System.Drawing.Size(27, 23)

Me.DeleTabl.TabIndex = 6

Me.DeleTabl.Text = "-"

Me.DeleTabl.UseVisualStyleBackColor = True

'

'editTabl

'

Me.editTabl.Anchor = System.Windows.Forms.AnchorStyles.None

Me.editTabl.Location = New System.Drawing.Point(75, 319)

Me.editTabl.Name = "editTabl"

Me.editTabl.Size = New System.Drawing.Size(32, 23)

Me.editTabl.TabIndex = 7

Me.editTabl.Text = "C"

Me.editTabl.UseVisualStyleBackColor = True

Me.editTabl.Visible = False

'

'Panel1

53

'

Me.Panel1.Anchor = System.Windows.Forms.AnchorStyles.None

Me.Panel1.Controls.Add(Me.TabControl1)

Me.Panel1.Controls.Add(Me.editTabl)

Me.Panel1.Controls.Add(Me.DeleTabl)

Me.Panel1.Controls.Add(Me.queryText)

Me.Panel1.Controls.Add(Me.AddTabl)


Me.Panel1.Controls.Add(Me.runQueryButton)

Me.Panel1.Controls.Add(Me.TableName)





'

'EditDB

'




Me.Name = "EditDB"


Me.TabControl1.ResumeLayout(False)

Me.TabPage1.ResumeLayout(False)

Me.TabPage1.PerformLayout()

Me.TabPage2.ResumeLayout(False)

54

CType(Me.DisplayData, System.ComponentModel.ISupportInitialize).EndInit()


Me.Panel1.PerformLayout()


End Sub

Friend WithEvents TableName As System.Windows.Forms.ListBox

Friend WithEvents TabControl1 As System.Windows.Forms.TabControl

Friend WithEvents TabPage1 As System.Windows.Forms.TabPage

Friend WithEvents TabPage2 As System.Windows.Forms.TabPage

Friend WithEvents DisplayData As System.Windows.Forms.DataGridView

Friend WithEvents queryText As System.Windows.Forms.TextBox


Friend WithEvents runQueryButton As System.Windows.Forms.Button

Friend WithEvents AddTabl As System.Windows.Forms.Button

Friend WithEvents DeleTabl As System.Windows.Forms.Button

Friend WithEvents editTabl As System.Windows.Forms.Button

Friend WithEvents txtColName As System.Windows.Forms.TextBox



Friend WithEvents ComboDataType As System.Windows.Forms.ComboBox

Friend WithEvents ComboSize As System.Windows.Forms.ComboBox


Friend WithEvents AddColumn As System.Windows.Forms.Button

Friend WithEvents EditColumn As System.Windows.Forms.Button

Friend WithEvents DeleColumn As System.Windows.Forms.Button

55

Friend WithEvents ListColumns As System.Windows.Forms.ListBox


End Class

EditDB.vb


Public Class EditDB

Public strConnString As String

Sub DisplayTableNames()

TableName.Items.Clear()


cnnOLEDB.ConnectionString = strConnString

Try

Dim rst As New ADODB.Recordset

rst.Open("SELECT TableName FROM TableList", strConnString)

rst.MoveFirst()

While Not rst.EOF

TableName.Items.Add(rst.Fields(0).Value.ToString)

rst.MoveNext()

End While

rst.Close()


MsgBox(ex.Message())



56

End Try

End Sub

Private Sub loadData()


class1.strConnString = strConnString



Try

class1.ExecuteSelect("SELECT * FROM " + TableName.SelectedItem.ToString())

cnnOLEDB.Open()

Dim dataAdapter = New OleDbDataAdapter("SELECT * FROM " +

TableName.SelectedItem.ToString(), cnnOLEDB)

Dim ds = New DataSet()

dataAdapter.Fill(ds)

DisplayData.DataSource = ds.Tables(0)

cnnOLEDB.Close()

class1.EndQuery("SELECT * FROM " + TableName.SelectedItem.ToString())





End Try

End Sub

Private Sub TableName_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As

System.EventArgs) Handles TableName.SelectedIndexChanged

loadData()

LoadCols()

57

End Sub

Private Sub LoadData(ByVal query As String)



Try

cnnOLEDB.Open()

Dim dataAdapter = New OleDbDataAdapter(query, cnnOLEDB)

Dim ds = New DataSet()

dataAdapter.Fill(ds)

DisplayData.Columns.Clear()

DisplayData.AutoGenerateColumns = True

DisplayData.DataSource = ds.Tables(0)

cnnOLEDB.Close()





End Try

End Sub

Private Sub runQueryButton_Click(ByVal sender As System.Object, ByVal e As System.EventArgs)

Handles runQueryButton.Click


class1.strConnString = strConnString



Try

cnnOLEDB.Open()58

If queryText.Text.Contains("SELECT") Then

class1.ExecuteSelect(queryText.Text)

loadData(queryText.Text)

class1.EndQuery(queryText.Text)

Else

class1.ExecuteInsertUpdate(queryText.Text)



cmdOLEDB.CommandText = queryText.Text


cnnOLEDB.Close()

class1.EndQuery(queryText.Text)

DisplayTableNames()

End If


MsgBox(ex.Message)

End Try

End Sub

Private Sub AddTabl_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles

AddTabl.Click

Dim Text = InputBox("Enter TableName", "Database", , , )




Try

If Not String.IsNullOrWhiteSpace(Text) Then59

cnnOLEDB.Open()


cmdOLEDB.CommandText = "CREATE TABLE " + Text


cmdOLEDB.CommandText = "INSERT INTO TableList(TableName) VALUES('" + Text + "')"


cnnOLEDB.Close()

DisplayTableNames()

End If





End Try

End Sub

Private Sub DeleTabl_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles

DeleTabl.Click




Try

Dim var = MsgBox("Are you sure you want to delete the table?", MsgBoxStyle.YesNo)

If var = 6 Then

cnnOLEDB.Open()


cmdOLEDB.CommandText = "Drop Table " + TableName.SelectedItem.ToString()

cmdOLEDB.ExecuteNonQuery()60

cmdOLEDB.CommandText = "Delete from TableList where TableName = '" +

TableName.SelectedItem.ToString + "'"


cnnOLEDB.Close()

DisplayTableNames()

End If





End Try

End Sub

Public Sub LoadCols()

ListColumns.Items.Clear()


Try

rst.Open("SELECT * FROM " + TableName.SelectedItem.ToString(), strConnString)

Dim ii As Integer

For ii = 0 To rst.Fields.Count - 1

ListColumns.Items.Add(rst.Fields(ii).Name.ToString())

Next (ii)

rst.Close()





End Try 61

End Sub

Private Sub TabControl1_SelectedIndexChanged(ByVal sender As Object, ByVal e As System.EventArgs)

Handles TabControl1.SelectedIndexChanged

If TabControl1.SelectedIndex = 0 Then

LoadCols()

Else

loadData()

End If

End Sub

Private Sub AddColumn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles

AddColumn.Click

Try

Dim SelectTableID As String

SelectTableID = "Select TablID From TableList where TableName = '" +


Dim Query = "ALTER TABLE " + TableName.SelectedItem.ToString + " ADD " +

txtColName.Text + " " + "TEXT"

If ComboSize.Enabled Then

Query = Query + "(" + (Integer.Parse(ComboSize.SelectedItem.ToString) + 16).ToString + ")"

End If




cnnOLEDB.Open()


cmdOLEDB.CommandText = SelectTableID


62

result.Read()

Dim id = result.GetInt32(0)

result.Close()

Dim InsertCol = "Insert into ColuList(TablID, ColuName, ColuDataType, ColuSize) Values (" +

id.ToString + ",'" + txtColName.Text + "', '" + ComboDataType.SelectedItem + "','" +

ComboSize.SelectedItem + "')"

cmdOLEDB.CommandText = InsertCol




cnnOLEDB.Close()

LoadCols()





End Try

End Sub

Private Sub ComboDataType_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As

System.EventArgs) Handles ComboDataType.SelectedIndexChanged

If ComboDataType.SelectedItem <> "Text" Then

ComboSize.Enabled = False

Else

ComboSize.Enabled = True

End If

End Sub

63

Private Sub editTabl_Click(ByVal sender As System.Object, ByVal e As System.EventArgs)

Handles editTabl.Click

Dim Text = InputBox("Enter TableName", "Database", , , )




Try

If Not String.IsNullOrWhiteSpace(Text) Then

cnnOLEDB.Open()


cmdOLEDB.CommandText = "ALTER TABLE " + TableName.SelectedItem.ToString +

"RENAME TO " + Text


cmdOLEDB.CommandText = "UPDATE TableList set TableName = '" + Text + "' WHERE

TableName = '" + TableName.SelectedItem.ToString + "'"


cnnOLEDB.Close()

DisplayTableNames()

End If





End Try

End Sub

Private Sub ListColumns_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As

System.EventArgs) Handles ListColumns.SelectedIndexChanged

64

If Not ListColumns.SelectedIndex = -1 Then

Try







cnnOLEDB.Open()




result.Read()


result.Close()

SelectTableID = "Select * From ColuList where ColuName = '" +

ListColumns.SelectedItem.ToString + "' AND TablID = " + id.ToString



result = cmdOLEDB.ExecuteReader()

result.Read()

id = result.GetInt32(0)

Dim coluType = result.GetString(3)

Dim coluSize = result.GetString(4)

txtColName.Text = ListColumns.SelectedItem.ToString

ComboDataType.SelectedIndex = ComboDataType.FindStringExact(coluType)

If coluType = "Text" Then

65

ComboSize.SelectedIndex = ComboSize.FindStringExact(coluSize)

Else

ComboSize.Enabled = False

End If

EditColumn.Visible = True

DeleColumn.Visible = True

result.Close()





End Try

End If

End Sub

Private Sub DeleColumn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles

DeleColumn.Click

Try




Dim Query = "ALTER TABLE " + TableName.SelectedItem.ToString + " DROP " +

txtColName.Text




cnnOLEDB.Open()

66




result.Read()


result.Close()

Dim InsertCol = "DELETE FROM ColuList WHERE ColuName = '" +

ListColumns.SelectedItem.ToString + "' AND TablID = " + id.ToString

cmdOLEDB.CommandText = InsertCol




cnnOLEDB.Close()

LoadCols()





End Try

End Sub

End Class

RAYEncryption.vb


Imports System.IO

Imports System.Security.Cryptography

Imports System.Text

67

Public Class RAYEncryption

Public strConnString As String

Public Sub EncryptDB()


Try

rst.Open("SELECT * FROM TableList", strConnString)

rst.MoveFirst()

While Not rst.EOF

Dim tableName As ADODB.Field

tableName = rst.Fields.Item("TableName")

Dim ColList As New ADODB.Recordset

ColList.LockType = ADODB.LockTypeEnum.adLockPessimistic

ColList.Open("Select * From " + tableName.Value, strConnString)

ColList.MoveFirst()

Dim i = 0

While Not ColList.EOF

Dim fld As ADODB.Field

For Each fld In ColList.Fields

fld.Value = Encrypt(fld.Value.ToString, "LOCKEY")

Next

ColList.MoveNext()

End While

rst.MoveNext()

End While

rst.Close()


68


End Try

End Sub

Public Sub DecryptDB()


Try

rst.Open("SELECT * FROM TableList", strConnString)

rst.MoveFirst()

While Not rst.EOF

Dim tableName As ADODB.Field

tableName = rst.Fields.Item("TableName")



ColList.Open("Select * From " + tableName.Value, strConnString)

ColList.MoveFirst()

Dim i = 0




fld.Value = Decrypt(fld.Value.ToString, "LOCKEY")

Next

ColList.MoveNext()

End While

rst.MoveNext()

End While

rst.Close()

69



Finally

rst.Close()

End Try

End Sub

Private Function Encrypt(ByVal plainText As String, ByVal secretKey As String) As String

Dim encryptedPassword As String = Nothing

Using outputStream As MemoryStream = New MemoryStream()

Dim algorithm As RijndaelManaged = getAlgorithm(secretKey)

Using cryptoStream As CryptoStream = New CryptoStream(outputStream,

algorithm.CreateEncryptor(), CryptoStreamMode.Write)

Dim inputBuffer() As Byte = Encoding.Unicode.GetBytes(plainText)

cryptoStream.Write(inputBuffer, 0, inputBuffer.Length)

cryptoStream.FlushFinalBlock()

encryptedPassword = Convert.ToBase64String(outputStream.ToArray())

End Using

End Using

Return encryptedPassword

End Function

Private Function Decrypt(ByVal encryptedBytes As String, ByVal secretKey As String) As String

Dim plainText As String = Nothing

Using inputStream As MemoryStream = New

MemoryStream(Convert.FromBase64String(encryptedBytes))

Dim algorithm As RijndaelManaged = getAlgorithm(secretKey)

Using cryptoStream As CryptoStream = New CryptoStream(inputStream,

algorithm.CreateDecryptor(), CryptoStreamMode.Read)

70

Dim outputBuffer(0 To CType(inputStream.Length - 1, Integer)) As Byte

Dim readBytes As Integer = cryptoStream.Read(outputBuffer, 0, CType(inputStream.Length,

Integer))

plainText = Encoding.Unicode.GetString(outputBuffer, 0, readBytes)

End Using

End Using

Return plainText

End Function

Private Function getAlgorithm(ByVal secretKey As String) As RijndaelManaged

Const salt As String = "put your salt here"

Const keySize As Integer = 256

Dim keyBuilder As Rfc2898DeriveBytes = New Rfc2898DeriveBytes(secretKey,

Encoding.Unicode.GetBytes(salt))

Dim algorithm As RijndaelManaged = New RijndaelManaged()

algorithm.KeySize = keySize

algorithm.IV = keyBuilder.GetBytes(CType(algorithm.BlockSize / 8, Integer))

algorithm.Key = keyBuilder.GetBytes(CType(algorithm.KeySize / 8, Integer))

algorithm.Padding = PaddingMode.PKCS7

Return algorithm

End Function

Private Function getTableName(ByVal query As String)

Dim input As String = query

Dim phrase As String = "FROM"

Dim Occurrences As Integer = (input.Length - input.Replace(phrase, String.Empty).Length) /

phrase.Length

If Occurrences > 0 Then

Dim cut_at As String = "FROM"

71

Dim x As Integer = InStr(query, cut_at)

Dim string_after As String = query.Substring(x + cut_at.Length - 1)

Dim TableName = string_after.Split(" ")

Return TableName(1)

End If

Return "Unknown"

End Function

Private Function getTableNameInsert(ByVal query As String)


Dim phrase As String = "INTO"


phrase.Length


Dim cut_at As String = "INTO"




Return TableName(1)

End If

Return "Unknown"

End Function

Private Function getTableNameUpdate(ByVal query As String)


Dim phrase As String = "UPDATE"


phrase.Length


72

Dim cut_at As String = "UPDATE"




Return TableName(1)

End If

Return "Unknown"

End Function

Private Sub decryptTable(ByVal query As String)


Try

Dim tableName

Dim type As String = detectQueryType(query)

If type = "INSERT" Then

tableName = getTableNameInsert(query)

ElseIf type = "UPDATE" Then

tableName = getTableNameUpdate(query)

Else

tableName = getTableName(query)

End If


ColList.Open("Select * From " + tableName.ToString, strConnString)

ColList.MoveFirst()

Dim i = 0



73


'fld.Value = Decrypt(fld.Value.ToString, "LOCKEY")

ColList.Update(fld.Name, Decrypt(fld.Value.ToString, "LOCKEY"))

Next

ColList.MoveNext()

End While


MsgBox(ex.Message)

Finally

ColList.Close()

ColList.ActiveConnection = Nothing

End Try

End Sub

Private Sub encryptTable(ByVal query As String)

Try

Dim tableName


If type = "INSERT" Then

tableName = getTableNameInsert(query)

Else

tableName = getTableName(query)

End If



ColList.Open("Select * From " + tableName.ToString, strConnString)

ColList.MoveFirst()

74

Dim i = 0




ColList.Update(fld.Name, Encrypt(fld.Value.ToString, "LOCKEY"))

Next

ColList.MoveNext()

End While

ColList.Close()

ColList.ActiveConnection = Nothing



End Try

End Sub

Public Sub ExecuteSelect(ByVal query As String)


decryptTable(query)

End Sub

Public Sub EndQuery(ByVal query As String)

encryptTable(query)

End Sub

Public Sub ExecuteInsertUpdate(ByVal query As String)

decryptTable(query)

End Sub

Public Function detectQueryType(ByVal Query As String) As String

Dim input As String = Query

75

Dim phrase As String = "SELECT"


phrase.Length


phrase = "WHERE"

Occurrences = (input.Length - input.Replace(phrase, String.Empty).Length) / phrase.Length


Return "SELECT WHERE"

End If

Return "SELECT"

Else

phrase = "INSERT"



Return "INSERT"

Else

phrase = "UPDATE"



Return "UPDATE"

End If

Return "UNKNOWN"

End If

End If

End Function

End Class

76

API DocumentationClass name: RAYEncryption

Method name: ExecuteSelect(string query)

This method should be called before executing any SELECT query on the database. Pass the query that you want to execute as this method’s parameter.

Method name: ExecuteInsertUpdate(string query)

This method should be called before executing any INSERT or UPDATE query on the database. Pass the query that you want to execute as this method’s parameter.

Method name: EndQuery(string query)

This method should be called after executing all the queries.

77

Screenshots

11.1 Login Screen

11.2 Database Options

11.3 Creating a Database

78

11.4 Creating a Database Named ‘svkm’

11.5 Creating a Table

11.6 Editing ‘sbmp’ Table

79

11.7 Viewing Data in ‘sbmp’ Table

11.8 Viewing Data in MS Access

80

11.9 ASP Login

82

Limitations Sub-queries not supported

DDL queries not supported

Joins not supported

83

ConclusionWe presented Lock & Key, a system that provides a practical and strong level of confidentiality in the face

of two significant threats confronting database-backed applications: curious DBAs and arbitrary

compromises of the application server and the DBMS.

This technology will benefit administrators dealing with sensitive information secure their data.

84

ReferencesAdvanced Encryption Standard (AES) Instructions Set

https://www.intel.in/content/dam/www/public/us/en/documents/white-papers/aes-instructions-set-white-paper.pdf

VB.Net documentation

http://msdn.microsoft.com/en-us/library/2x7h1hfk.aspx

ASP.Net documentation

https://aspnet.codeplex.com/documentation

85

https://aspnet.codeplex.com/documentation

Black Book

Documents

Transcript of Black Book