A very simple solution for partial bitmap encryption

• Download source files - 1.78 Kb
• Download demo project - 185 Kb

The problem description

It can often be preferable for developers to store application images in separate image files, because it makes the construction and the maintenance of the application considerably easier. For example, using external images usually facilitates the cooperation between the programmer and the GUI designer, accommodates the localization and the use of themes, and also makes the updating procedure easier and faster.

On the other hand, having separate image files makes it easier for unauthorized persons, to change the appearance of the application, which is often unacceptable. Someone could add here that, in the case of the external image files, there is also a danger of stealing the GUI images. In my opinion, this is not an important issue (at least, not for still images), since these images are going to be displayed on the screen eventually, and screen captures are very easy to do. Hence, stealing the GUI images can almost never be avoided.

The proposed solution and the basic design decisions

The most obvious solution in order to use external images and also avoid the dangers described above, is to encrypt the image data. However, encryption will introduce two new problems to the image loading procedure. It will make this procedure much more complicated and slower. Since loading speed and simplicity are very important issues in my case, I have made the following design decisions:

1. I have picked a relatively fast and simple symmetric encryption algorithm: The BlowFish [1,2] algorithm.
2. I have decided to actually encrypt only a part of the image data. Namely, the first N consecutive pixel rows of every image will be encrypted, the next M pixel rows will not be encrypted, and then again the next N pixel rows will be encrypted etc. The actual values of N and M will be user defined.
3. Because of the previous design decision (#2), this solution can only work easily with uncompressed images. Moreover, for the time being, I have only implemented it for DIB Sections, since I personally work with uncompressed BMPs most of the time.

As a result of the above design decisions, the encrypted image will be easily recognizable (only some pixel rows will be encrypted), but it would be difficult to reuse it in another application, and even more difficult to replace or modify it in an existing application.

The code implementation and usage

All my implementation code resides in the CImgCrypt class, which is derived from the CBlowFish class, introduced by George Anescu in another CodeProject article [1]. Compared to the CBlowFish class, CImgCrypt provides two additional public methods that can be used in order to encrypt and decrypt DIB Sections.

bool CImgCrypt::EncryptDIBSection(HBITMAP hbitmap, 
     unsigned encryptedHeight, unsigned unencryptedHeight)
bool CImgCrypt::DecryptDIBSection(HBITMAP hbitmap, 
     unsigned encryptedHeight, unsigned unencryptedHeight)

Specifically, the CImgCrypt::EncryptDIBSection and CImgCrypt::DecryptDIBSection methods encrypt or decrypt, respectively, the DIB Sections that correspond to their hbitmap parameter, processing encryptedHeight pixel rows, and skipping unencryptedHeight pixel rows by turns. Both these methods return true on success, and false otherwise. As a simple usage example, I demonstrate below, a piece of code that loads and decrypts a BMP file:

CImgCrypt imgCryptEngine("blowfish-key", 12);

HBITMAP hBitmap = (HBITMAP)LoadImage(NULL, "image.bmp", 
                   IMAGE_BITMAP, 0, 0, LR_LOADFROMFILE | 
                   LR_CREATEDIBSECTION | LR_DEFAULTSIZE);

imgCryptEngine.DecryptDIBSection(hBitmap, 3, 6);

I hope that this work will be helpful for you. In the download section, you will also find a demo application that provides a more "live" demonstration of what I have described in this article. Thank you for reading this.

Acknowledgments

I have based this work on the BlowFish implementation of George Anescu [1], and I have also used the CDIBSectionLite class of Chris Maunder [3] in my demo application. Thanks a lot guys!

Future plans

• Benchmark many Blowfish implementations, and then use the faster one.
• Extend this work, in order to be applicable on other image formats as well, besides the uncompressed BMPs.

History

• 16 March 2006
  • Initial release.

References

1. A C++ Implementation of the BlowFish Encryption/Decryption method.
2. The BlowFish Encryption Algorithm.
3. A DIBSection wrapper for Win32 and WinCE.