Encrypt the data

To encrypt the data using X.509 certificates and PKCS#7 format you need to use TElMessageEncryptor component.

First of all, you need to specify the certificates, used for encryption. The owner of each private key, which corresponds to the certificates used, will be able to decrypt the resulting data. When you encrypt the data, you need to have only the certificates, without private keys. The storage with the certificates is specified using CertStorage property. Note, that all certificates from the storage will be used. So, if you need to take some certificate from, for example, Windows certificate storage, you need to create an instance of TElMemoryCertStorage class, add the necessary certificate to this storage, and then pass the storage to the encryptor.

Next set Algorithm and BitsInKey properties to the needed values, which specify the symmetric algorithm, that you want to use for encryption. Note, that BitsInKey value must be one of the values, accepted by selected algorithm. For example, in AES the key bit length is 128, 192 or 256 bits.

The final step is to call Encrypt() method of TElMessageEncryptor. In SecureBlackbox 5 and later two options are available: you can encrypt the data buffer or the data stream.

If you need to encrypt a text string, you can either create a data buffer from it, or write it to MemoryStream (available in .NET Framework and in VCL) and use this memory stream as the input data stream.