Cryptography

LockBoxWhen it comes to the cryptography implementation in your project you are always using a certain library. For a years there were few most commonly used libraries (there are not that many free cryptography libraries). I can’t list all the libraries, but for sure I can remember following ones:

I personally use and prefer the LockBox by SeanBDurkin. The library supports the hashing, symmetric ciphers and also asymmetric RSA cipher. The routines are unit tested and it compiles and works flawlessly on all versions from XE7. All you need is just to adjust the TPLB3.Common.inc file (if required). And one more thing you would probably need is adding {$Q-, R-} in the INC file – as if you are testing your projects with range and overflow check (which should be enabled for debugging) then you will get sometimes overflow and in more rare case – the range check errors (they are not dangerous, it’s about assignments to scalar and sub-range variables).

So with the LockBox you can:

  • Encrypt/decrypt/sign with RSA;
  • Encrypt/decrypt with AES, Blowfish, DES/3DES (no-one cares anymore :)) and Twofish;
  • Hashing with MD5 and SHA (with diff length in bits);
  • Select block chaining modes (CBC, ECB, CFB, OFB and CTR) for the block ciphers like AES, DES/3DES.

mORMot

There is one newcomer in the mORMot framework called SynECC which stands for elliptic curve cryptography. You can access the mORMot repository at GitHub. There are two modules you are interested in:

  • SynEcc – for asymmetric cipher;
  • SynCrypto – for cryptography algorithms like AES, XOR, ADLER32, MD5, RC4, SHA1, SHA256.

Note that you should never use the RC4 in the production systems if that is intended to protect your data. All stream ciphers are unsafe. Unless we are not talking about generating really safe random and unique sequence from nuclear reaction results and then transferring the generated key-stream in a stainless steel case to the receiver in Moscow :). If you want stream-like encryption you can use the AES in output feedback mode as it’s done for the satellites.

Also consider reliability of the elliptic curve cryptography as some sources (A, B) doubt the safety of the ECC in general. There were speculations that the ECC was invented intentionally to make it possible to decrypt it by special agencies of the US.

For symmetric ciphers the mORMot framework is actually a very good choice as it’s very actively supported by the members of the project.

5 comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s