encrypt.gms : Input file encyption demo

Description

Input files can be encrypted with an encryption key. Either the
privacy license file mechanism or the command line parameter pair
encryptKey/decryptKey can be for managing the password. Similar to
compression, we offer an $encrypt utility to lock any file to a
specific key. Once a file has been encrypted it can only be read
by a gams program that has the matching license file or the matching
decryption key. There is no inverse operation possible: you cannot recover
the original GAMS file from the encrypted version.

To create an encrypted file, we need a license file which has the
security option enabled.

Keywords: GAMS language features, input file encryption


Reference

  • GAMS Development Corporation, Formulation and Language Example.

Small Model of Type : GAMS


Category : GAMS Model library


Main file : encrypt.gms

$title Input File Encryption Demo (ENCRYPT,SEQ=318)

$onText
Input files can be encrypted with an encryption key. Either the
privacy license file mechanism or the command line parameter pair
encryptKey/decryptKey can be for managing the password. Similar to
compression, we offer an $encrypt utility to lock any file to a
specific key. Once a file has been encrypted it can only be read
by a gams program that has the matching license file or the matching
decryption key. There is no inverse operation possible: you cannot recover
the original GAMS file from the encrypted version.

To create an encrypted file, we need a license file which has the
security option enabled.

Keywords: GAMS language features, input file encryption
$offText

$if not set MYPLICENSE $set MYPLICENSE "%gams.sysdir%plicense.txt"
$ifthen not exist "%MYPLICENSE%"
$   log *** Target license file "%MYPLICENSE%" does not exist.
$   log *** Specify via --MYPLICENSE=...
$   log *** Encryption only via en/decryptKey
$   drop MYPLICENSE
$endif

* --- get model
$onDollar
$call gamslib -q trnsport
$eolCom  //

$ifthen.MYPLICENSE set MYPLICENSE
* --- encrypt and try to decrypt
$call rm -f t1.gms
$echo $encrypt trnsport.gms t1.gms > s1.gms
$call gams s1 plicense="%MYPLICENSE%" lo=%gams.lo%
$ifE  errorLevel<>0     $abort encryption failed

$if not errorFree $abort pending errors
$decompress t1.gms t1.org  // this has to fail
$if     errorFree $abort decompress did not fail
$clearError

* --- execute original and encrypted model
$call gams trnsport gdx=trnsport lo=%gams.lo%
$ifE  errorLevel<>0 $abort model trnsport failed
$call gams t1 license="%MYPLICENSE%" gdx=t1 lo=%gams.lo%
$ifE  errorLevel<>0 $abort model t1 failed
$call gdxdiff trnsport t1 %system.reDirLog%
$ifE  errorLevel<>0 $abort results for trnsport and t1 are not equal

* --- use the encrypted file as an include file
$onEcho > t2.gms
$offListing
* this is hidden
option limRow = 0, limCol = 0, solPrint = off;
$include t1.gms
$onListing
* this will show
$offEcho
$call gams t2 license="%MYPLICENSE%" lo=%gams.lo%
$ifE  errorLevel<>0 $abort model t2 failed

* --- protect against viewing
*     now we will show how to protect parts of an input
*     file from viewing and extracting original source
*     via the gams DUMPOPT parameter. We just need to
*     encrypt again

* --- encrypt new model
$call rm -f t3.gms
$echo $encrypt t2.gms t3.gms > s1.gms
$call gams s1 plicense="%MYPLICENSE%" lo=%gams.lo%
$ifE errorLevel<>0  $abort encryption failed
$call gams t3 license="%MYPLICENSE%" gdx=t3 dumpopt=19 lo=%gams.lo%
$ifE errorLevel<>0 $abort model t3 failed
$call gdxdiff trnsport t3 %system.reDirLog%
$ifE errorLevel<>0 $abort results for trnsport and t3 are not equal

* --- check for hidden output
$call grep "this is hidden" t3.lst > %system.nullfile%
$if not errorLevel 1 $abort did not hide in listing
$call grep "this is hidden" t3.dmp > %system.nullfile%
$if not errorLevel 1 $abort did not hide in dump file
$endif.MYPLICENSE

* Same with encryptKey/decryptKey
* --- encrypt and try to decrypt
$call rm -f t1.gms
$echo $encrypt trnsport.gms t1.gms > s1.gms
$call gams s1 encryptKey=ThisIsMyPassword lo=%gams.lo%
$ifE  errorLevel<>0     $abort encryption failed

$if not errorFree $abort pending errors
$decompress t1.gms t1.org  // this has to fail
$if     errorFree $abort decompress did not fail
$clearError

*-- execute original and encrypted model
$call gams trnsport gdx=trnsport lo=%gams.lo%
$ifE  errorLevel<>0 $abort model trnsport failed
$call gams t1 decryptKey=ThisIsMyPassword gdx=t1 lo=%gams.lo%
$ifE  errorLevel<>0 $abort model t1 failed
$call gdxdiff trnsport t1 %system.reDirLog%
$ifE  errorLevel<>0 $abort results for trnsport and t1 are not equal

* --- use the encrypted file as an include file
$onEcho > t2.gms
$offListing
* this is hidden
option limRow = 0, limCol = 0, solPrint = off;
$include t1.gms
$onListing
* this will show
$offEcho
$call gams t2 decryptKey=ThisIsMyPassword lo=%gams.lo%
$ifE  errorLevel<>0 $abort model t2 failed

* --- protect against viewing
*     now we will show how to protect parts of an input
*     file from viewing and extracting original source
*     via the gams DUMPOPT parameter. We just need to
*     encrypt again

* --- encrypt new model
$call rm -f t3.gms
$echo $encrypt t2.gms t3.gms > s1.gms
$call gams s1 encryptKey=ThisIsMyPassword lo=%gams.lo%
$ifE errorLevel<>0  $abort encryption failed
$call gams t3 decryptKey=ThisIsMyPassword gdx=t3 dumpopt=19 lo=%gams.lo%
$ifE errorLevel<>0 $abort model t3 failed
$call gdxdiff trnsport t3 %system.reDirLog%
$ifE errorLevel<>0 $abort results for trnsport and t3 are not equal

* --- check for hidden output
$call grep "this is hidden" t3.lst > %system.nullfile%
$if not errorLevel 1 $abort did not hide in listing
$call grep "this is hidden" t3.dmp > %system.nullfile%
$if not errorLevel 1 $abort did not hide in dump file