$title Input File Encryption Demo (ENCRYPT,SEQ=318) $onText Input files can be encrypted with an encryption key. Either the privacy license file mechanism or the command line parameter pair encryptKey/decryptKey can be for managing the password. Similar to compression, we offer an $encrypt utility to lock any file to a specific key. Once a file has been encrypted it can only be read by a gams program that has the matching license file or the matching decryption key. There is no inverse operation possible: you cannot recover the original GAMS file from the encrypted version. To create an encrypted file, we need a license file which has the security option enabled. Keywords: GAMS language features, input file encryption $offText $if not set MYPLICENSE $set MYPLICENSE "%gams.sysdir%plicense.txt" $ifThen not exist "%MYPLICENSE%" $ log *** Target license file "%MYPLICENSE%" does not exist. $ log *** Specify via --MYPLICENSE=... $ log *** Encryption only via en/decryptKey $ drop MYPLICENSE $endIf * --- get model $onDollar $call gamslib -q trnsport $eolCom // $ifThen.MYPLICENSE set MYPLICENSE * --- encrypt and try to decrypt $call rm -f t1.gms $echo $encrypt trnsport.gms t1.gms > s1.gms $call gams s1 plicense="%MYPLICENSE%" lo=%gams.lo% $ifE errorLevel<>0 $abort encryption failed $if not errorFree $abort pending errors $decompress t1.gms t1.org // this has to fail $if errorFree $abort decompress did not fail $clearError * --- execute original and encrypted model $call gams trnsport gdx=trnsport lo=%gams.lo% $ifE errorLevel<>0 $abort model trnsport failed $call gams t1 license="%MYPLICENSE%" gdx=t1 lo=%gams.lo% $ifE errorLevel<>0 $abort model t1 failed $call gdxdiff trnsport t1 %system.reDirLog% $ifE errorLevel<>0 $abort results for trnsport and t1 are not equal * --- use the encrypted file as an include file $onEcho > t2.gms $offListing * this is hidden option limRow = 0, limCol = 0, solPrint = off; $include t1.gms $onListing * this will show $offEcho $call gams t2 license="%MYPLICENSE%" lo=%gams.lo% $ifE errorLevel<>0 $abort model t2 failed * --- protect against viewing * now we will show how to protect parts of an input * file from viewing and extracting original source * via the gams DUMPOPT parameter. We just need to * encrypt again * --- encrypt new model $call rm -f t3.gms $echo $encrypt t2.gms t3.gms > s1.gms $call gams s1 plicense="%MYPLICENSE%" lo=%gams.lo% $ifE errorLevel<>0 $abort encryption failed $call gams t3 license="%MYPLICENSE%" gdx=t3 dumpopt=19 lo=%gams.lo% $ifE errorLevel<>0 $abort model t3 failed $call gdxdiff trnsport t3 %system.reDirLog% $ifE errorLevel<>0 $abort results for trnsport and t3 are not equal * --- check for hidden output $call grep "this is hidden" t3.lst > %system.nullfile% $if not errorLevel 1 $abort did not hide in listing $call grep "this is hidden" t3.dmp > %system.nullfile% $if not errorLevel 1 $abort did not hide in dump file $endIf.MYPLICENSE * Same with encryptKey/decryptKey * --- encrypt and try to decrypt $call rm -f t1.gms $echo $encrypt trnsport.gms t1.gms > s1.gms $call gams s1 encryptKey=ThisIsMyPassword lo=%gams.lo% $ifE errorLevel<>0 $abort encryption failed $if not errorFree $abort pending errors $decompress t1.gms t1.org // this has to fail $if errorFree $abort decompress did not fail $clearError *-- execute original and encrypted model $call gams trnsport gdx=trnsport lo=%gams.lo% $ifE errorLevel<>0 $abort model trnsport failed $call gams t1 decryptKey=ThisIsMyPassword gdx=t1 lo=%gams.lo% $ifE errorLevel<>0 $abort model t1 failed $call gdxdiff trnsport t1 %system.reDirLog% $ifE errorLevel<>0 $abort results for trnsport and t1 are not equal * --- use the encrypted file as an include file $onEcho > t2.gms $offListing * this is hidden option limRow = 0, limCol = 0, solPrint = off; $include t1.gms $onListing * this will show $offEcho $call gams t2 decryptKey=ThisIsMyPassword lo=%gams.lo% $ifE errorLevel<>0 $abort model t2 failed * --- protect against viewing * now we will show how to protect parts of an input * file from viewing and extracting original source * via the gams DUMPOPT parameter. We just need to * encrypt again * --- encrypt new model $call rm -f t3.gms $echo $encrypt t2.gms t3.gms > s1.gms $call gams s1 encryptKey=ThisIsMyPassword lo=%gams.lo% $ifE errorLevel<>0 $abort encryption failed $call gams t3 decryptKey=ThisIsMyPassword gdx=t3 dumpopt=19 lo=%gams.lo% $ifE errorLevel<>0 $abort model t3 failed $call gdxdiff trnsport t3 %system.reDirLog% $ifE errorLevel<>0 $abort results for trnsport and t3 are not equal * --- check for hidden output $call grep "this is hidden" t3.lst > %system.nullfile% $if not errorLevel 1 $abort did not hide in listing $call grep "this is hidden" t3.dmp > %system.nullfile% $if not errorLevel 1 $abort did not hide in dump file