1

Is there a way I can Convert my Lockbox 2 Cipher text to LockBox 3 Cipher text. We are migrating our application built on Delphi 2007 to Delphi xe2, we used the Lockbox 2 RSA Encryption algorithm in Delphi 2007 and we intend to use lockbox 3 in Delphi xe2 to support Unicode data. since the cipher text generated by both of them differs as Xe2 supports Unicode data we face a problem . So we would like to convert the cipher text that is generated by Lockbox 2 to LockBox 3 somehow.

RRUZ
  • 134,889
  • 20
  • 356
  • 483
SK9
  • 87
  • 11
  • I am assuming you've got stored encrypted passwords or other data. Either you have the private key and you can decrypt and reencrypt, and in which case, why are you asking this question, or you don't have the private key, and what you have is a password hash, and the plaintext is not recoverable. Either way, you know the answer already. So why ask here? – Warren P Mar 23 '12 at 01:55

2 Answers2

2

Since your cipher text by definition is unrecognizable, there is no easy way to tell if the underlying plaintext data was Ansi or Unicode....so you likely need to manage a new associated property.

It obviously depends on the layout of your application and where this data is stored and how the clients are going to be upgraded, but there could be a new version flag of some sort associated with the stored ciphertext. If it's in a local table say, add a new column for PlainTextVersion and set the version to some value to flag that the ciphertext was saved from Unicode plaintext. When reading the ciphertext and this new field doesn't match the Unicdoe flag, you could upgrade the ciphertext by decrypting, and encrypting using Unicode plaintext, and then re-save the ciphertext and set the new flag (or simply put-off the ciphertext version upgrade until the plaintext has changed and needs to be updated.)

Or, better yet, auto-upgrade all current ciphertext at one time if feasible.

Darian Miller
  • 7,808
  • 3
  • 43
  • 62
1

To convert, it would be easiest to use Lockbox 2 to decrypt your cypher text and use Lockbox 3 to reencrypt it.

The reason is that from what I can tell, Lockbox 2 stuffed up the implementation of the RSA block type 2 padding which means that Lockbox 2's RSA encryption is not compatible with anybody else's RSA decryption.

Lockbox 2's RSA encryption pads out the message incorrectly as follows (found by placing a breakpoint and inspecting the memory at biBlock.Fi.IntBuf.pBuf):

message-bytes 0x00 random-padding-bytes 0x02 0x00

e.g. 'test' was padded to:

$01C883AC  74 65 73 74 00 D4 50 50  test..PP 
$01C883B4  A7 BO E5 51 7A 4C C2 BC  ...QzL.. 
$01C883BC  8C B8 69 8A 97 DF AA 1D  ..I..... 
$01C883C4  78 67 1E OE 8B AB 02 00  xg......

But it should be padded out to (e.g. look at this worked example):

0x00 0x02 random-padding-bytes 0x00 message-bytes

Lockbox 2 isn't just storing the bytes in reverse (otherwise the message "test" would also be reversed) or reversed 32 bit little endian (otherwise the 02 00 would be swapped too). Everything works so long as you use Lockbox 2 for both encryption and decryption.

Also I noticed another bug where Lockbox 2 calls e.RandomSimplePrime() to generate the public exponent e but it generates an even number i.e. a fairly noteworthy bug in RandomSimplePrime() eh? I only looked at Lockbox 2.07. Lockbox 3 was a complete rewrite, so it won't have these bugs.

Community
  • 1
  • 1
robocat
  • 5,293
  • 48
  • 65