encrypt a linked message

Can you encrypt a linked message and how would one go about doing it?

yes, and there are as manywaysasthere are reasons... serch this forum, anything that applies to encrypting a message, can be applied to link messages.

PS note that no mod items have no need for this, since you can't add running scripts to them, so the messagescan't be exposed.

PPS depending on your usage, you also don't need encryption, since it'susually easier to just not include any useful (to others) information in the message, besides triggers for other scripts (but not always true)

its for a partner license script. I have the llGetInventoryPermMask end set up just need a way to hide my linked message to tell the other scripts to change the wait state.

How many resources do the attackers have? If they have none, you don't need to encrypt. If they have a little, then any simple crypt will suffice. If they have a lot, then you have to implement something strong in LSL.

As Void says, others have done a lot of work on this already, go search for it.

I only need to hide one liked message that will tell the others to go from the default state to the run state.

actually, it sounds like you need authentication, not encryption (also found on these forums)

encryption masks data that is sensitive, like if you are transfering texture keys, CC numbers. or personal info

authentication prevnts the wrong source from sending false messages

from what you are saying, you are only sending a message to activate other scripts, and the message doesn't actually have anything to steal. if that's the case, go with the the latter, if there is something to steal (say a special activation code that works regardless of the source) then and only then should you ADD encryption to that

In this case it sounds like you want to protect against replay attacks. Encryption is useless for this. (You send your encrypted "activate now" method, and the hacker drops a script into the object to print out the message. Then, they write a script which sends it on - still encrypted - but your script was expecting to recieve an encrypted message, so it looks fine!)

so what is the best choice in this matter? seems no matter what why I want to take it there is a way around it by a hacker.

I repeat, you need to use 'authentication', search the word on the forum.

I'd suggest more, but I usually don't script anything that needs it. ie not my specialty, but the information IS on this board

The way I've used to do authentication (although I learned it from Kyrah Abattoir back in the day) is for the two parties that are going to be authenticated to both have a "secret" string. This must be the same for both parties, and must never be sent.

Then, assuming that the actual message you want to send is "message", pick a random number to be "nonce", and then send the following:

|message|obfuscate(nonce)|md5 (message + nonce + secret)|

The receiver can then de-obfuscate the nonce, reproduce "message + nonce + secret", md5 it and check that the md5 matches that sent by the sender. Unauthorised senders can't reproduce this because without knowing the secret, they can't generate the correct md5s.

Note: you have to do this for EVERY SINGLE command.. you can't do it for one "sign on" command at the beginning, as otherwise you're vulnerable to the proxy attack, where the hacker lets the official script sign on and then, once it's done so, starts sending their own messages. Since you can't identify which script sent a message (only the prim it was in) you have to be careful with this.

Also: BE WARNED that this CAN still be replayed - unless you have some way of making sure that the nonce constantly varies, a hacker can just duplicate the entire transmission. If your operation is idempotent (eg, selling a copy-ok no-transfer item; it doesn't matter if the same person gets multiple copies, as long as a hacker can't have a copy sent to someone else) then this is ok, and making sure that a nonce really is a nonce is probably a memory intensive (ie, bad for LSL) operation. A better way, if you need this, would be to have the authenticator SEND a nonce, that the authenticatee would be required to use..