EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Invalid Key Material

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#11265
Posted: 10/07/2009 11:41:15
by Joao Santos (Standard support level)
Joined: 10/07/2009
Posts: 12

Hello,

I'm trying to save the key for later uses. This code wull use AES 256 using the low level APIs...

Code
var ssTemp : TStream;
begin
   FSymmetricKeyMaterial := TElSymmetricKeyMaterial.Create();
   FSymmetricKeyMaterial.Generate (256);
   FSymmetricKeyMaterial.GenerateIV (128);

   ssTemp := TMemoryStream.Create;
   try
      FSymmetricKeyMaterial.Save(ssTemp);
      ssTemp.Seek(0, soFromBeginning);
      FSymmetricKeyMaterial.Load(ssTemp);
   finally
      FreeAndNil (ssTemp);
   end;
end;


The error is after saving (with success the key) it is unable to load it!

Code
FSymmetricKeyMaterial.Load(ssTemp);


What am I doing wrong?
#11266
Posted: 10/07/2009 14:28:44
by Ken Ivanov (EldoS Corp.)

Please remember to set the algorithm of the key as well:

FSymmetricKeyMaterial.Algorithm := SB_ALGORITHM_CNT_AES256;
#11267
Posted: 10/07/2009 17:28:36
by Joao Santos (Standard support level)
Joined: 10/07/2009
Posts: 12

Hello,

Yes, it did solve the problem.

Now, I've found another one, which seem to be a very serious one :(

I was trying to store the generated key inside a string. That string is the stream converted to Base64 (using Base64EncodeString). However, when I decode the string to be imported again, it fails.

By debugging it, the strings are different!!!

Before encoding:
Code
'p'#7#0' 7¤÷¥º'#$14'ÿ'#7#$18'¹@'#$1C'+S'#$1B'D['#$1E#6'¼%«Ôø}U`íØ·ª'#$13#0#$10'¶xÂÄï>Dð¦l'#$1D#$1E'º5z'#$11'v¦$¼·4åy#áàF'#$008F'¡H±'#$1E'Ë"?NÅ'#$1C'Þ'#$C#$1D'æskÌõ9'

Results into: 'cAcAIDek96W6FP8HGLlAHCtTG0RbHga8JavU+H1VY...M9Tk='


After decoding:
Code
'p'#7#0' 7¤÷¥º—ÿ'#7'‘¹@'#$1C'+œ'#$1B'D[„'#6'¼%«Ôø}UŠíØ·ª–'#0#$10'¶xÂÄï>Dð¦l'#$1D'„º5z'#$11'v¦$¼·4åy#áàF'#$008F'¡H±'#$1E'Ë"?NÅ“Þ'#$C'”æskÌõ9'


Is your code broken? I'm using the beta version because I'm using Delphi 2010.


If you need, I'll provide you with a full example.

Thanks
João
#11268
Posted: 10/07/2009 23:00:56
by Eugene Mayevski (EldoS Corp.)

Please show your code which encodes and decodes the string. Also you can attach the original key (binary file). Please put it to ZIP file (forum doesn't allow attachments with unknown extensions).


Sincerely yours
Eugene Mayevski
#11270
Posted: 10/08/2009 05:17:27
by Joao Santos (Standard support level)
Joined: 10/07/2009
Posts: 12

Hello,

I had to strip down the class I am developing to ease the use, so, the code is not the most efficient, but it shows the problem!

Code
procedure TForm1.Button1Click(Sender: TObject);
var msIn, msOut, msDec : TStringStream;
    z : TElAESSymmetricCrypto;
    k : TElSymmetricKeyMaterial;
    fsKey : TFileStream;
    strKey : String;
    ssKey : TStringStream;
begin
    z := TElAESSymmetricCrypto.Create(SB_ALGORITHM_CNT_AES256, cmCBC);
    k := TElSymmetricKeyMaterial.Create();
    msIn := TStringStream.Create ('Hello World');
    msOut := TStringStream.Create;
    msDec := TStringStream.Create;
    try
       k.Algorithm := SB_ALGORITHM_CNT_AES256;

       k.Generate (256);
       k.GenerateIV (128);
       z.Padding := cpPKCS5;

       fsKey := TFileStream.Create('c:\key.bin', fmCreate);
       try
          k.Save(fsKey);
       finally
          FreeAndNil (fsKey);
       end;

       // Test the key...
       ssKey := TStringStream.Create;
       try
          k.Save(ssKey);
          strKey := ssKey.DataString;
          if (strKey <> (Base64DecodeString(Base64EncodeString(strKey))) ) then
             ShowMessage ('Base64 encoding Failed!!!');
       finally
          FreeAndNil (ssKey);
       end;

       z.KeyMaterial := k;
       z.Encrypt(msIn, msOut);

       ShowMessage (msOut.DataString);

       msOut.Seek(0, soFromBeginning);
       z.Decrypt(msOut, msDec);

       ShowMessage (msDec.DataString);
    finally
       FreeAndNil (msIn);
       FreeAndNil (msOut);
       FreeAndNil (msDec);
       FreeAndNil (z);
       FreeAndNil (k);
    end;
end;


It fails here:
Code
if (strKey <> (Base64DecodeString(Base64EncodeString(strKey))) ) then
   ShowMessage ('Base64 encoding Failed!!!');


which means the decoded base64 string is not the same :(

Hope this helps!

PS: The key I'm attaching has the problem I'm reporting.


[ Download ]
#11271
Posted: 10/08/2009 06:03:38
by Dmytro Bogatskyy (EldoS Corp.)

TStringStream cannot contain binary data. Use TMemoryStream instead.
#11272
Posted: 10/08/2009 09:06:24
by Joao Santos (Standard support level)
Joined: 10/07/2009
Posts: 12

I've changed the test code without using any stream and still, I get problems!
Am I doing something wrong?

Code
       // Test the key...
       i := 0;
       k.Save(nil, i);
       SetLength (strKey, i);
       k.Save(@strKey[i], i);

       strKey := Base64DecodeString(Base64EncodeString(strKey));

       i := Length (strKey);
       k.Load(@strKey[i], i);


If I remove the line where the string is encoded and decoded to base64, everything works just fine, however, after the decoding, the string is different.
#11273
Posted: 10/08/2009 09:16:41
by Ken Ivanov (EldoS Corp.)

Are you using Unicode-capable Delphi (2009+)? If yes, then you should omit using strings for keeping binary data.

The following code is not correct as well:
Code
i := 0;
k.Save(nil, i);
SetLength (strKey, i);
k.Save(@strKey[i], i); // <--- @strKey[i] points to the end of the string
#11274
Posted: 10/08/2009 09:22:41
by Joao Santos (Standard support level)
Joined: 10/07/2009
Posts: 12

Ops... my mistake on that :)

And yes, as I said before, I'm using Delphi 2010.

What do you recommend I use? AnsiStrings?
#11275
Posted: 10/08/2009 09:35:04
by Ken Ivanov (EldoS Corp.)

Yes, either AnsiStrings or byte arrays will do the job.
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 3851 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!