How to encorporate encyption to FlexPaper

views:

196

answers:

+1 Q:

How to encorporate encyption to FlexPaper

Is it possible to configure the FlexPaper reader to un-encrypt password-protected pdfs or swfs?

Here is the use-case:

User uploads a pdf
My server would then convert the pdf to swf via pdf2swf
Then somehow encrypt the swf with a password (not sure best way to do this)
Then the FlexPaper would be able to un-encrypt the swf and display it

What I am trying to avoid is the caching of readable swf in the browser's cache.

Any ideas on the best way to achieve this?

I know, even with this it will not be a fully secure solution, but certainly helps.

Note: I am running this on Linux and OS X and using Rails.

Answers from questions asked in the responses:

Do you need it on the wire? No, I don't think so, the application will be only accessed via ssl

Do you need the files to be stored securely on your hard drive? Ideally yes, we will keep them ecrypted on the server -- but not critical

What exactly are you trying to prevent by encrypting them? I want users of the application only to be able to view the documents from the FlexPaper reader on the website. I do not want users to be able to download a readable document to their machine.

Thanks!

Jonathan

+1 A:

What I am trying to avoid is the caching of readable swf in the browser's cache.

I'm not sure if using a password will help at all. If the SWF is encrypted it may likely be stored in the cache encrypted. I think this post on how to prevent caching is probably what you want.

But in case not, I'll answer some of the encryption questions below.

pdf2swf supports a -P (or --password) option that allows you to decrypt an encrypted PDF, which implies you need a password fairly early in that process.

If you want to encrypt the SWF, you should check out the as3crypto libraries for the Flex side and some ruby crypto libraries for the server side.

I have a blog post entitled, "Why Obfuscate, Encrypt those SWFs! that talks about how you can encrypt a SWF that is then decrypted via a SWFLoader that I hope is useful to you. The same concepts apply here:

Encrypt the SWF (after it's been converted from PDF)
Use a modified SWFLoader (or URLLoader) to decrypt the SWF
Use the decrypted SWF just like you would a regular one

But, a few questions:

Where do you need security? Do you need it on the wire? Do you need the files to be stored securely on your hard drive? What exactly are you trying to prevent by encrypting them? The answers to these questions will largely determine the best approach to take.

Kaleb Pederson 2010-05-26 20:41:37

+1 Thanks for your detailed response. I'll update my question with answers to your questions. My guess is that your approach is the right one. Unfortunately, SWF development is one skill that I currently don't have.

Jonathan 2010-05-27 00:04:30

Flex isn't that difficult to learn, especially if you've dealt with dynamic languages like Python and Ruby. My suggestions hold for your updates. Encrypt the SWF using a known key and then decrypt in the client. There's probably a variable in FlexPaper that you can set to the decrypted version of the SWF after which you're set.

Kaleb Pederson 2010-05-28 04:28:47

Cool, I'll give it a try. I'll let you know how it goes

Jonathan 2010-05-28 13:02:23

FlexPaper should have a key to decrypt your encrypted SWF. I advice you to check squidoo tutorials about this topic... like this one

http://www.squidoo.com/lensmaster/new_workshop/how-to-protect-your-flash-files-from-decompilers-by-using-encryption

Alex 2010-06-07 09:54:14

(a) Link is broken -- get unauthorized to view page, (b) I looked again and did not see FlexPaper exposing a key to decrypt -- can you point me to the API. Really appreciate it

Jonathan 2010-06-07 14:16:03

ansaurus

tags:

views:

answers:

How to encorporate encyption to FlexPaper

related questions