Cryptography and Flash

Ever wondered how to crypt or decrypt strings in Flash?

Many times, when you’re developing a rich Flash app, or more frequently an advanced Flash website, you have to deal with login forms to authenticate users.
And maybe you want to store your encrypted password in a database, and then retrieve them using some server-side script.
Or you want to send an encrypted string back to the database.

In a scenario like this, you might want (or need) to decrypt encrypted password or string in order to obtain readable data. ActionScript, by default, can’t handle it.

I found an interesting solution provided by Meychi, called ASCrypt.
It is simple Flash Extension that enables crypting and decrypting functions in ActionScript. It provides classes with methods to crypt and decrypt strings and support all the following standards: Base8, Base64, Goauld, LZW, GUID, RC4, MD5, SHA1, ROT13, Rijndael and TEA.
It is quite easy to use and works great with both ActionScript and ActionScript 2.0.

Anyway, I’m going to show you a really basic example of how to pass an encrypted password from a server-side ASP.NET page to a SWF movie.

Let’s make a stupid ASP.NET script that encrypts a given password and passes the obtained string to Flash.

encrypted_pass.aspx

<% 
'sets a variable containing our password 
Dim PassWord = "pass"

'encrypts the password to a Base64 string
Response.Write("pwd="+Convert.ToBase64String(System.Text.ASCIIEncoding.ASCII.GetBytes(PassWord))) 
%> 

These few lines of script take a simple variable (PassWord) and encrypt it to a Base64 string.
If you view it in a browser, you’ll see an output like pwd=cGFzcw==.

decrypt_pass.fla

// imports Meychi's ASCrypt class
import com.meychi.ascrypt.*;
 
// creates a LoadVars object to handle loaded external data
this.pwdLoader = new LoadVars();
 
// function to be called when external data is loaded into Flash
this.pwdLoader.onLoad = function(success) {
  // checks if loading was succesful and external file contains data
  if (success && pwdLoader.pwd != "" && pwdLoader.pwd != undefined) {
  
    // decrypts the password retrieved from the external file
    // and outputs the original string
    trace("PASSWORD= "+Base64.decode(pwdLoader.pwd));
  }
};
 
// loads the external .aspx file
this.pwdLoader.load("encrypted_pass.aspx");

Save your Flash file and test it. The output panel will show PASSWORD = pass, so it gets back to the original value.

This is a really simple example, but shows how easy it is to handle encrypted data with the ASCrypt class.

You can download the ASCrypt Extension (.mxp file) and some sample Flash files from Meychi’s website.

Here is the source code for the example:
Download ascrypt_sample.zip (28k ZIP)

This tutorial is provided as is. Please do not email me questions or support requests about the scripts contained in this page. Use the comments below instead. Thank you.