Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
I'm looking for a free and up to date encryption library for Delphi 2010 that implements RSA and AES (Rijndael).
I want a free library because I plan to write and publish some sample code that will use it.
A Delphi 2010 version of TurboPower LockBox has been posted to the SongBeamer site, that implements both of these, but I'm concerned that it's getting a little old. For example, small RSA key sizes and no new security features for many years.
Update:
Is the perception that LockBox is out of date or lacks important features incorrect? Is it still relevant for production development? (Particularly the RSA key sizes)
TurboPower LockBox 3.1.0 is now released. It supports:
Delphi 2007 and Delphi 2010
Unicodestrings for Delphi 2010
AES, DES, 3DES, Blowfish and Twofish ciphers
A long list of block chaining modes
MD5 and SHA1 hashes
RSA encryption, decryption, signature and verification
Variable length RSA keys - Almost no contraints on the range.
D-Unit test code
Automatic salting
Proper mangement of IV's (in contrast to DCPcrypt)
White Box, Free and Open Source
100% visible native source code (no DLL's)
http://sourceforge.net/projects/tplockbox/ and
http://lockbox.seanbdurkin.id.au/
The RSA algorithm is not necessarily out of date, but the key size is important. It is still used regularly all over the place. An RSA key length of 3072 bits should be used if security is required beyond 2030. This is just a function of the improvements in computing power and not a weakness in the algorithm.
I was looking at the LockBox prior to SongBeamer starting to maintain it (Delphi 2007) I found the RSA unstable - just crashing or producing wrong results from time to time. It may have been fixed since then though. If you are going to use it, make sure it supports the key lengths you need, and then create some automated tests with known inputs and outputs. Make sure it runs stable. If it does, then use it by all means.
You can also use the Microsoft Crypto API to do your RSA encryption. I wrote a wrapper for Delphi 2007, but have not updated it for Unicode (I know, shame on me). Someone else might be able to update it to work with Unicode easily.
Another option would be to use the .NET Framework cryptography functions via COM interoperability or something.
Hi Bruce i use this library since Delphi 5,
Delphi Encryption Compedium Part I v.5.2
Complete Rewrite of the former DEC 3, Update to the DEC 5.1 (released back in 2006)
Many Ciphers (Blowfish, Twofish, 3DES, Rijndael...)
Many Hashs (MD2/4/5, SHA1-512, RipeMD128-320...)
Checksum Functions (CRC32, CRC16...)
Text conversion Functions (MIME Base 64, XX/UU Coding...)
Secure Random Number Functions
with Ciphers encryption in Modes (CTS/CBC/CFB/OFB/ECB...)
Full and easy object oriented
Highly optimized, fast core
Supports ANSI and Unicode in D2009 (and below by using WideStrings)...
Is Freeeware and With Sorce Code, unfortunately does not implement RSA.
Looks like the D2010 work is done:
TurboPower LockBox . Data Encryption . Sep 04 2009 . Download
Status: Should be working fine.
This library has been extended so that it supports encryption of Ansi and UnicodeStrings.
09/04/2009
* Delphi 2010 packages
* should compile without hints and warnings
As mentioned by Argalatyr, DCPCrypt works with Delphi 2009 but it doesn't do RSA;
ChillKat does support RSA and AES for Delphi, but it's not free;
Sergey Kirichenko made a free Rijndael implementation that you can download here: http://rcolonel.tripod.com/dwnload/rc_rnd.zip.
The files are dated november 2000, so I don't know if it'll work directly in the newer Delphi's.
There used to be a zipfile with Delphi code for download here: http://ace.ulyssis.student.kuleuven.ac.be/~triade/GInt/bin/RSA.zip, but the developer probably finished his study and the university removed his homepage. On this chinese webpage I could see the contents of the file (search for RSA.pas on the page and click the link).
I don't know exactly what you mean with "long in the tooth" (old?), but I'd just go for Lockbox, because it provides everything you need. Except for the 2009 update, the last official changes were made in 2003. But hey, if it works it works.
For sample code LockBox may be ok, but I would not use it in production any longer. Encryption does go "long in the tooth". Algorithms become old. Previously undiscoverd flaws, improved cryptoanalysis techniques, mathematical advancements, increasing processor power make once secure algorithms and key sizes no longer enough secure. 3DES, MD5, SHA-1 are already considered not enough. Attacks against AES have been recently published (http://eprint.iacr.org/2009/374). The minum recommended RSA key size is now 1024 bits, while 2048 and 3072 keys are recommended if data needs to be protected for years. Lockbox offers only keys of 1024 bits or less.
The right block cipher mode has to be selected too. And LockBox TLbRijndael (AES) class by default uses ECB which has known flaws, and don't offer anything more than CBC.
Due to the importance electronic security gained in these years, and the consequent researches both by good and bad guys, a seven years old library is really old - just recompiling it and adding support for UTF-16 strings is not enough.
Be aware that false security is worse than no security at all. If a system administrator is told "we don't have any security in place" he will work to implement security himself (say IPSec, VPNs or the like). If he's told "yes, we have RSA and AES!" he will feel ok, even if your implementation of AES and RSA is outdated and no longer secure.
I have not tried it in D2010, but DCPcrypt supposedly works in D2009.
Fundamentals Cody Library has implementations for both AES and RSA encryption. I haven't used the library however so can't comment on it's quality.
It seems like there are lots of free Delphi AES implementations. Feel free to add your favourites here.
There don't seem to be as many free RSA implementations, and very few libraries that offer both.
It looks like LockBox is still a pretty reasonable option. Especially since I don't need encryption that will take literally years to crack.
I think using Microsoft's Crypto API directly might be the most practical option.
Daniele Teti has released a collection of DataSnap filters for Delphi 2010, which includes hash, cipher and compression. He mentions that he may also implement asymmetric ciphers in the future.
http://www.danieleteti.it/
This is open source, so please feel free to contribute.
Related
is there a way or a library to encrypt/decrypt values with AES-256 mode GCM in Delphi? as it seems that most libraries do not support it like DCPcrypt or LockBox.
or maybe there is a Windows API that could handle that.
thanks in advance.
I know at least two Open Source libraries how does:
the reference code of the late Wolfgang Ehrhardt;
our SynCrypto library, from mORMot.
The later being faster in terms of performance.
I am working on a Flutter application which needs to communicate using DTLS. As far as I can see there is no current support for DTLS in the Dart APIs, only TLS.
Can anyone recommend what I can do? Perhaps just the high-level steps on how to get a Flutter application to communicate in DTLS? Any tips on what I should watch out for?
Thanks!
I wrote a DTLS server ten years ago in Java (before there was support in Bouncy Castle), and I've ported a lot of my Java code to Dart over the last few years (but not DTLS!).
I had a quick look through the server code for what the biggest gotchas might be in a pure Dart implementation (of a client - hope that's a correct assumption). Two immediate difficulties seem to be parsing the server's certificate chain (DER decode to get to a usable RSA public key) and then using that RSA key to encrypt the pre-master-secret. (There's an old implementation of RSA in pub, but I couldn't find any ASN/DER libraries to help with the certificates.) Validating the root CA certificate would be tricky without access to a trust store.
Most of the other stuff like random number generation (how secure?), SHA/MD5 hashing, serialization to/from network byte order, handling timers are doable.
All in all, given the support in BC, Rémi is correct to suggest a platform channel to Java.
I am looking for a FOSS SHA1 implementation for use with Delphi (7).
Preferably something small, maybe even standalone SHA1, rather than past of a humongous library. Ease of install and use are nice, but of course reliability is priority number 1.
Update:Thanks, Rob, that code works like a dream
Use the Cryptography API built in to the OS. You can use the Hashes.pas unit by Domingo Seoane to use it in Delphi, or you can write your own routine using CryptAcquireContext, CryptCreateHash, repeated calls to CryptHashData, and finally CryptGetHashParam to get the result.
I realize it's neither free (as in speech) nor open source, but there are also no distribution requirements since it's included on all your customers' systems already.
TurboPower LockBox is free and open-source and implements SHA1, as well as many others:
Features
AES
SHA2 (including the new SHA-512/224 & SHA-512/256)
DES/3DES
Blowfish
Twofish
SHA1
MD5
RSA Sign &
Verify
Chaining modes: ECB, CBC, CFB8, CFB, CTR, ECB, OFB, PCBC
Version 3 officially supports Delphi 2007 and Delphi 2010 (but may work with Delphi 7), but Version 2 has support for older versions of Delphi.
You have Open Source MD5, SHA-1, SHA-256, and Adler32 implementation in the SynCrypto.pas unit. There is also included AES-256 encryption.
This unit was very optimized for speed (the SHA-256 an AES-256 was even profiled at asm level), and can also use the very fast real-time instructions of the VIA C3/C7/Nano CPU if available.
Works from Delphi 6 up to XE.
You most probably already have SHA-1 implementation preinstalled within IdHashSHA1 unit (part of Indy 10).
for these 2 libraries,
Delphi Encryption Compendium v 5.2
TurboPower Lockbox v 2.07
I tested their Rijndael DCB/CBC algorithm with "AES Known Answer Test (KAT) Vectors" obtained at NIST website (http://csrc.nist.gov/groups/STM/cavp/index.html)
But, both of these libraries failed the tests.
Not sure if it was my testing that has error, has anyone tested them before as well?
I am looking for a Delphi Rijndael library that is able to pass the KAT Vectors test. Does anyone know of any such library?
Are you sure it fails? The vectors are written as hex strings. Did you feed the hex strings as strings or did you convert them first as binary data. If you fed them as strings it is no wonder you get a different result.
NB: I do not use both libraries but my own components but they bioth have a good track record and failing these simple tests seems highly unlikely.
I know another lib, but not if passes your test or not:
DCPCrypt http://www.cityinthesky.co.uk/cryptography.html
TurboPower LockBox 3.1.0 has been released.
It includes DUnit tests which validates the correctness of its implememtation using the official AES test vectors.
I'm looking for a Delphi implementation of an asymmetric encryption algorithm without any dependencies on external DLLs. Is there any available?
My goal is to encrypt/decrypt a string (or array of bytes) using a public/private key pair.
SecureBlackBox from Eldos offers a native, comprehensive solution - including certificate management and access to external crypto devices (i.e. USB tokens)
LockBox is now improved. It allows long keys for RSA, AES cipher and is in active development.
It is free, Open Source and 100% native code with no DLLs.
You can try Lockbox - http://sourceforge.net/projects/tplockbox/. It's free and includes RSA among others (Blowfish, MD5, SHA-1, DES, triple-DES, Rijndael, & digital signing of messages).
It comes complete with a good RSA example that demonstrates how to generate your public/private keys and how to actually encrypt and decrypt data using the keys.
I'm currently using it with Delphi 2010.
I realize that the original question stated "no external DLLs" but in the absence of an acceptable answer maybe you should take a look at the OpenSSL DLLs along with this Delphi link which contains an import unit for the library and some good examples on how to use it, including RSA encryption.
I have tinkered with this and got it working pretty well. There are some changes required to make it work with unicode Delphi - but these are mostly to do with changing PChar to PAnsiChar or PBytes.
Simple Delphi wrappers now allow me to sign/verify/encrypt sym or asym and use SSL. And let's be honest - the distribution of the OpenSSL DLLs is a lot more straightforward than some of the Microsoft offerings. Plus it's free and well maintained.
Take a look at the FGInt package on this site: http://submanifold.be/
If you can stomach using Windows services, there is the Crypto API: http://msdn.microsoft.com/en-us/library/aa380255(v=VS.85).aspx
If you are targeting Vista and up, there is the new Cryptography API: Next Generation. This also supports Elliptic Curve crypto: http://msdn.microsoft.com/en-us/library/aa376210(VS.85).aspx
Another very good fairly complete package is the Delphi Encryption Compendium (DEC) 5.2. You can download (Free with source) from http://www.torry.net/pages.php?id=519#939342.