1. Computing

Crypting Your INI (Configuration) Files

By June 8, 2012

Follow me on:

in INI Files :: In most of my applications I'm using INI files to store configuration options.

INI files are text based documents with a simple structure. A user can open your INI files using Notepad or similar applications and see or manually change the content.

For one particular situation I wanted to somehow hide the content of the INI file. Yes, INI files are not to be used to store critical data, but in this case I only simply wanted to have a no-eye situation.

Read the full article to learn how to Hide The Content Of Your INI Files From Unwanted Eyes.


September 13, 2011 at 10:53 am
(1) LDS says:

You should have used Windows CryptProtectData() to ensure a sound encryption.

September 13, 2011 at 5:49 pm
(2) Boz says:

I have used a similar method since 1988 using an XOR fn to scramble short strings which are saved to disk as part of a record. Like you say probably not that secure but quite effective especially when used with other tricks

Tscramble=array[1..30] of integer;

TSecretRecord = record
// etc other fields not all need to be scrambled

SecretFile: file of TSecretRecord;

function scramble(ClearText:string):Tscramble;
var i:integer;
for i:=1 to 30 do
result[i]:=ord(ClearText[i]) xor i;

function unscramble(input:Tscramble):string;
var i:integer;
for i:=1 to 30 do
if ord(input[i]) xor i=0 then break;
result:=result+chr(ord(input[i]) xor i);

// not really md5 but puts the curious off :-)

// save secrets to disk

// read secrets back off disk
showmessage(‘Password is ‘+unscramble(secret.pwd));

September 13, 2011 at 5:51 pm
(3) Wm says:

INI files are meant to be accessible.
If a config file needs to be encrypted it should be called something else.

September 14, 2011 at 4:01 am
(4) Zarko Gajic says:

@Wm : yep, you are right of course, and I said something like this in the article. You can always save the file using a different extension associated with your application – but that is “out of scope” of this article.

January 12, 2012 at 10:55 am
(5) jackson says:

and there was me thinking you were going to do something professional like extending the TIniFile class.

this is rookie/amateur code mr gajic. dissapointed.

January 13, 2012 at 11:09 am
(6) Zarko Gajic says:

@Jackson: rookie or not, the code works for me and is here posted for those that would like to use it. Have never said it is the only way to crypt INI files – only provided one simple solution.

June 8, 2012 at 11:51 pm
(7) Wouter van Nifterick says:

Nowadays we have TFile.Encrypt(path:string) and TFile.Decrypt(path:string) in the IOUtils unit.

In turn they call Windows.EncryptFile and Windows.DecryptFile.

June 9, 2012 at 11:56 pm
(8) Silver Warior says:

As WM sad before INI files are ment to be accesible ouside the application, so encryptic them seems useles for me.
As for storing application configration I rather use typed files. Why? Becouse in a typed file you can save complete record containing all your application settings. Infact this recod can have completly the same structure as the one you use inside your applications. So you don’t need to have seperate cals for reading or storing each property but one call for reading and storing them all.

Leave a Comment

Line and paragraph breaks are automatic. Some HTML allowed: <a href="" title="">, <b>, <i>, <strike>

©2014 About.com. All rights reserved.