Description
Input files can be encrypted with an encryption key. Either the privacy license file mechanism or the command line parameter pair encryptKey/decryptKey can be for managing the password. Similar to compression, we offer an $encrypt utility to lock any file to a specific key. Once a file has been encrypted it can only be read by a gams program that has the matching license file or the matching decryption key. There is no inverse operation possible: you cannot recover the original GAMS file from the encrypted version. To create an encrypted file, we need a license file which has the security option enabled. Keywords: GAMS language features, input file encryption
Small Model of Type : GAMS
Category : GAMS Model library
Main file : encrypt.gms
$title Input File Encryption Demo (ENCRYPT,SEQ=318)
$onText
Input files can be encrypted with an encryption key. Either the
privacy license file mechanism or the command line parameter pair
encryptKey/decryptKey can be for managing the password. Similar to
compression, we offer an $encrypt utility to lock any file to a
specific key. Once a file has been encrypted it can only be read
by a gams program that has the matching license file or the matching
decryption key. There is no inverse operation possible: you cannot recover
the original GAMS file from the encrypted version.
To create an encrypted file, we need a license file which has the
security option enabled.
Keywords: GAMS language features, input file encryption
$offText
$if not set MYPLICENSE $set MYPLICENSE "%gams.sysdir%plicense.txt"
$ifThen not exist "%MYPLICENSE%"
$ log *** Target license file "%MYPLICENSE%" does not exist.
$ log *** Specify via --MYPLICENSE=...
$ log *** Encryption only via en/decryptKey
$ drop MYPLICENSE
$endIf
* --- get model
$onDollar
$call gamslib -q trnsport
$eolCom //
$ifThen.MYPLICENSE set MYPLICENSE
* --- encrypt and try to decrypt
$call rm -f t1.gms
$echo $encrypt trnsport.gms t1.gms > s1.gms
$call gams s1 plicense="%MYPLICENSE%" lo=%gams.lo%
$ifE errorLevel<>0 $abort encryption failed
$if not errorFree $abort pending errors
$decompress t1.gms t1.org // this has to fail
$if errorFree $abort decompress did not fail
$clearError
* --- execute original and encrypted model
$call gams trnsport gdx=trnsport lo=%gams.lo%
$ifE errorLevel<>0 $abort model trnsport failed
$call gams t1 license="%MYPLICENSE%" gdx=t1 lo=%gams.lo%
$ifE errorLevel<>0 $abort model t1 failed
$call gdxdiff trnsport t1 %system.reDirLog%
$ifE errorLevel<>0 $abort results for trnsport and t1 are not equal
* --- use the encrypted file as an include file
$onEcho > t2.gms
$offListing
* this is hidden
option limRow = 0, limCol = 0, solPrint = off;
$include t1.gms
$onListing
* this will show
$offEcho
$call gams t2 license="%MYPLICENSE%" lo=%gams.lo%
$ifE errorLevel<>0 $abort model t2 failed
* --- protect against viewing
* now we will show how to protect parts of an input
* file from viewing and extracting original source
* via the gams DUMPOPT parameter. We just need to
* encrypt again
* --- encrypt new model
$call rm -f t3.gms
$echo $encrypt t2.gms t3.gms > s1.gms
$call gams s1 plicense="%MYPLICENSE%" lo=%gams.lo%
$ifE errorLevel<>0 $abort encryption failed
$call gams t3 license="%MYPLICENSE%" gdx=t3 dumpopt=19 lo=%gams.lo%
$ifE errorLevel<>0 $abort model t3 failed
$call gdxdiff trnsport t3 %system.reDirLog%
$ifE errorLevel<>0 $abort results for trnsport and t3 are not equal
* --- check for hidden output
$call grep "this is hidden" t3.lst > %system.nullfile%
$if not errorLevel 1 $abort did not hide in listing
$call grep "this is hidden" t3.dmp > %system.nullfile%
$if not errorLevel 1 $abort did not hide in dump file
$endIf.MYPLICENSE
* Same with encryptKey/decryptKey
* --- encrypt and try to decrypt
$call rm -f t1.gms
$echo $encrypt trnsport.gms t1.gms > s1.gms
$call gams s1 encryptKey=ThisIsMyPassword lo=%gams.lo%
$ifE errorLevel<>0 $abort encryption failed
$if not errorFree $abort pending errors
$decompress t1.gms t1.org // this has to fail
$if errorFree $abort decompress did not fail
$clearError
*-- execute original and encrypted model
$call gams trnsport gdx=trnsport lo=%gams.lo%
$ifE errorLevel<>0 $abort model trnsport failed
$call gams t1 decryptKey=ThisIsMyPassword gdx=t1 lo=%gams.lo%
$ifE errorLevel<>0 $abort model t1 failed
$call gdxdiff trnsport t1 %system.reDirLog%
$ifE errorLevel<>0 $abort results for trnsport and t1 are not equal
* --- use the encrypted file as an include file
$onEcho > t2.gms
$offListing
* this is hidden
option limRow = 0, limCol = 0, solPrint = off;
$include t1.gms
$onListing
* this will show
$offEcho
$call gams t2 decryptKey=ThisIsMyPassword lo=%gams.lo%
$ifE errorLevel<>0 $abort model t2 failed
* --- protect against viewing
* now we will show how to protect parts of an input
* file from viewing and extracting original source
* via the gams DUMPOPT parameter. We just need to
* encrypt again
* --- encrypt new model
$call rm -f t3.gms
$echo $encrypt t2.gms t3.gms > s1.gms
$call gams s1 encryptKey=ThisIsMyPassword lo=%gams.lo%
$ifE errorLevel<>0 $abort encryption failed
$call gams t3 decryptKey=ThisIsMyPassword gdx=t3 dumpopt=19 lo=%gams.lo%
$ifE errorLevel<>0 $abort model t3 failed
$call gdxdiff trnsport t3 %system.reDirLog%
$ifE errorLevel<>0 $abort results for trnsport and t3 are not equal
* --- check for hidden output
$call grep "this is hidden" t3.lst > %system.nullfile%
$if not errorLevel 1 $abort did not hide in listing
$call grep "this is hidden" t3.dmp > %system.nullfile%
$if not errorLevel 1 $abort did not hide in dump file