DCPCrypt to Lockbox3 migration

Question

I'm a newbie on encrypting/decrypting routines. I'm trying to use Lockbox3, which I want migrate my app to, in order to decrypt a string encrypted by using DCPCrypt. Let's say I have this function to encrypt:

function TfrmMain.Encrypt(value: string): string;
var
  CipherR : TDCP_rijndael;
  m, sm, Key, IV: string;
  Data: string;
begin
  Key := PadWithZeros(m, KeySize);
  IV := PadWithZeros(sm, BlockSize);
  Data := PadWithZeros(value, BlockSize);
  m := 'SOMEWORDSOMEWORD';
  sm := 'WORDSOMEWORDSOME';

  Key := PadWithZeros(m, KeySize);
  IV := PadWithZeros(sm, BlockSize);
  CipherR := TDCP_rijndael.Create(Self);
  if Length(m) <= 16 then
    CipherR.Init(Key[1], 128, @IV[1])
  else if Length(m) <= 24 then
    CipherR.Init(Key[1], 192, @IV[1])
  else
    CipherR.Init(Key[1], 256, @IV[1]);
  CipherR.EncryptCBC(Data[1], Data[1], Length(Data));
  CipherR.Free;
  FillChar(Key[1], Length(Key), 0);
  code := Base64EncodeStr(Data);
  Result := code;
end;

I would like now to decrypt strings encrypted this way using Lockbox3, but I should use the values used in encrypt function as m and sm and I know how I can do it - if I can. I thought to use the sm value to set Codec1.Password but this doesn't work.

Any idea? Thanks to all for any advice.

score 0 · Accepted Answer · answered Mar 29 '13 at 07:35

0

How about ...

function TfrmMain.Encrypt( const value: string): string;
var
  Codec: TCodec;
  Lib  : TCyptographicLibrary;
  Ciphertext: ansistring;
begin
Codec := TCodec.Create( nil);
Lib   := TCyptographicLibrary.Create( nil);
Codec.CryptoLibrary := Lib;
Codec.StreamCipherId := BlockCipher_ProgId;
Codec.BlockCipherId := 'native.AES-256'; // AES-256 cipher
Codec.ChainModeId := CBC_ProgId;         // CBC chaining
Codec.Password := 'WORDSOMEWORDSOME';
Codec.EncryptString( Value, Ciphertext); // Assumes UNICODE supporting compiler.
result := Ciphertext; // Implicit utf8string --> unicode string coersion here.
Codec.Burn;
Lib.Free;
Codec.Free;
end;

function TfrmMain.ShowCiphertextOfSomeWords;
begin
ShowMessage( 'base64 of ciphertext = ' + Encrypt( 'SOMEWORDSOMEWORD'))
end;

All this is shown in the bundled Demo program and online help. The bundled demo program and the online help should be your first point of reference. Please examine these before going to Stackoverflow or forums, as answerers will tend to repeat what was already written for your benefit.

answered Mar 29 '13 at 07:35

Sean B. Durkin

12,659
1
36
65

I fear to have not been clear. My problem is not encrypting the string 'SOMEWORDSOMEWORD'. Using DCPCrypt I used the function above to encrypt a string. With DCPCrypt, I have to set two values, called Key and IV (see the snippet). To decrypt it I have to use the same values for Key and IV and the decryption works fine. Now I wnat to migrate to Lockbox3 and I need to decrypt the same string encrypted by DCPCrypt using Lockbox, but in Lockbox I can set a password (so the same value of Key or IV, I think) but I don't know how use the other value. – Marco Mar 29 '13 at 09:19
If you are starting from your own IV and key, what you are asking for can't be done. Although you could certainly go the other way and DCPcrypt decrypt a string encrypted with LB3. LB3 manufactures a binary key by hashing (SHA1) the password. When encrypting, LB3 generates a random 64 bit number (the nonce). This nonce is zero extended to be used as the IV. The nonce is prepended to the output stream. When LB3 is decrypting, the nonce is picked up and prepended to form the IV. So as far as IV is concerned, you could decrypt from LB3 by prepending the IV, but this only works if the high ... – Sean B. Durkin Mar 29 '13 at 11:38
...64 bits of your DCPcrypt IV was zero. Also the problem of converting a binary key into a password string remains. Your problem could be solved if you allowed control over how you did the DCPcrypt encryption, but as the question is currently framed, it is not solvable. – Sean B. Durkin Mar 29 '13 at 11:41
"Your problem could be solved if you allowed control over how you did the DCPcrypt encryption": Don't know if I understand what you mean, but I didn't anything more than what is in the function I posted above: Email := Encrypt(EmailAddress); I have no other code to encrypt my string. I'm sorry if I'm saying stupid things, but I really don't know anything about encryption... Anyway, if you think to have to know something other, tell me precisely and I'll try to give any info... Otherwise, I'll migrate to Lockbox clearing old data and ask my clients to register new data. – Marco Mar 29 '13 at 12:50
If your messages are already encrypted with DCPcrypt, and so you do not have the freedom to choose your own key and IV, then you are going to have to, as you say, clear your old data and ask your clients to register new data. – Sean B. Durkin Mar 29 '13 at 14:51
1

Thank you very mutch, Sean. And let me say your Lockbox is really easy to use! Cheers – Marco Mar 29 '13 at 15:05

DCPCrypt to Lockbox3 migration

1 Answers1