EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How do I encrypt text using AES 128

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#28472
Posted: 02/20/2014 02:41:35
by informatica@cst.cat (Standard support level)
Joined: 02/20/2014
Posts: 12

Hi,

I need to encrypt a string using AES 128 bits, CBC and PKCS5Padding.

I assume that I have to create some objects like:
AES: TElAESSymmetricCrypto;
key: TElSymmetricKeyMaterial;

and then set the encryption and padding this way:
Aes := TElAESSymmetricCrypto.Create(SB_ALGORITHM_CNT_AES128, cmCBC);
aes.Padding := cpPKCS5;

But I don't know how to set the value for the key and how do a text encryption because I have found only one example wich uses FileStreams.

Can you help me please?

Thanks in advance.
#28473
Posted: 02/20/2014 02:47:18
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Your assumption is correct. Please refer to our sample that is located in \EldoS\SecureBlackbox.VCL\Samples\Delphi\PKIBlackbox\SymmetricCrypto for details of implementation.
#28475
Posted: 02/20/2014 04:15:39
by informatica@cst.cat (Standard support level)
Joined: 02/20/2014
Posts: 12

Thank for your answer.

I have one doubt, in the example the encryption is done 2 times:

procedure TfmMain.bbEncryptClick(Sender: TObject);
var
Crypto : TElSymmetricCrypto;
KeyMaterial : TElSymmetricKeyMaterial;
InBuf, OutBuf : ByteArray;
OutSize : integer;
begin
Crypto := FFactory.CreateInstance(SB_ALGORITHM_CNT_AES256, cmDefault);
try
try
Crypto.KeyMaterial := PasswordToKeyMaterial(edPassword.Text);

InBuf := SBUtils.BytesOfString(edInputStr.Text);

OutSize := 0;
Crypto.Encrypt(@InBuf[0], Length(InBuf), nil, OutSize);
SetLength(OutBuf, OutSize);
Crypto.Encrypt(@InBuf[0], Length(InBuf), @OutBuf[0], OutSize);
SetLength(OutBuf, OutSize);


// convert binary output to Base64 to make it readable
edEncryptedStr.Text := SBEncoding.Base64EncodeArray(OutBuf, false);
except
on Ex : Exception do
ShowMessage('Encryption error: ' + Ex.Message);
end;
finally
FreeAndNil(Crypto);
end;
end;


Is it always needed? Why?

Best regards.
#28476
Posted: 02/20/2014 04:47:40
by Eugene Mayevski (EldoS Corp.)

If you look at the code, you'll see that in the first call the output buffer is nil. No encryption takes place, and the size of the needed output buffer is returned via OutSize. Then the buffer is allocated and actual encryption is performed.


Sincerely yours
Eugene Mayevski
#28479
Posted: 02/20/2014 05:59:48
by informatica@cst.cat (Standard support level)
Joined: 02/20/2014
Posts: 12

Hi again,

When doing my own code, encryption works correctly. But when I try to decrypt I get the following error: "Invalid symmetric cipher padding."

Sorry I am newy with encription.
#28480
Posted: 02/20/2014 06:02:37
by Vsevolod Ievgiienko (EldoS Corp.)

Please study the above mentioned sample. Does it works for you? If yes then just use its code in your project.
#28486
Posted: 02/20/2014 07:58:01
by informatica@cst.cat (Standard support level)
Joined: 02/20/2014
Posts: 12

I need AES 128 bits, so if I change the encyption algorithm to SB_ALGORITHM_CNT_AES128 in the example you have proposed i get "Invalid key material" when I run the application.

I have made my own code which encrypts what seems correct:
Code
procedure TForm1.bbEncryptClick(Sender: TObject);
var
  AES: TElAESSymmetricCrypto;
  key: TElSymmetricKeyMaterial;
  KeyBuf,InBuf,OutBuf: ByteArray; OutSize: integer;
  IV : ByteArray;

begin

  Aes := TElAESSymmetricCrypto.Create(SB_ALGORITHM_CNT_AES128, cmCBC);
  key := TElSymmetricKeyMaterial.Create;

  SetLength(IV, 16);
  //FillChar(IV[0], 16, 0);
  IV:= SBUtils.BytesOfString(Copy(edPassword.Text,1,16));
  Key.IV := IV;
  KeyBuf := SBUtils.BytesOfString(edPassword.Text);
  Key.Key:=KeyBuf;
  key.Generate(128);
  aes.Padding := cpPKCS5;
  aes.KeyMaterial := Key;
  InBuf := SBUtils.BytesOfString(edInputStr.Text);
  OutSize := 0;
  aes.Encrypt(@InBuf[0], Length(InBuf), nil, OutSize);
  SetLength(OutBuf, OutSize);
  aes.Encrypt(@InBuf[0], Length(InBuf), @OutBuf[0], OutSize);
  SetLength(OutBuf, OutSize);
  // convert binary output to Base64 to make it readable
  edEncryptedStr.Text := SBEncoding.Base64EncodeArray(OutBuf, false);

  FreeAndNil(aes);
  FreeAndNil(key);

end;

But when I click on the decypt button with this code I get the "Exception class EElSymmetricCryptoError with message 'Invalid symmetric cipher padding'. error.
Decrypt button code:
Code
procedure TForm1.bbDecryptClick(Sender: TObject);
var
  AES: TElAESSymmetricCrypto;
  key: TElSymmetricKeyMaterial;

  KeyBuf,InBuf,OutBuf: ByteArray; OutSize: integer;
  IV : ByteArray;

begin

  Aes := TElAESSymmetricCrypto.Create(SB_ALGORITHM_CNT_AES128, cmCBC);
  key := TElSymmetricKeyMaterial.Create;

  SetLength(IV, 16);
  //FillChar(IV[0], 16, 0);
  IV:= SBUtils.BytesOfString(Copy(edPassword.Text,1,16));
  Key.IV := IV;
  KeyBuf := SBUtils.BytesOfString(edPassword.Text);
  Key.Key:=KeyBuf;
  key.Generate(128);
  aes.Padding := cpPKCS5;
  aes.KeyMaterial := Key;
  InBuf := SBEncoding.Base64DecodeArray(edEncryptedStr.Text);
  OutSize := 0;
  AES.Decrypt(@InBuf[0], Length(InBuf), nil, OutSize);
  SetLength(OutBuf, OutSize);
  AES.Decrypt(@InBuf[0], Length(InBuf), @OutBuf[0], OutSize);
  SetLength(OutBuf, OutSize);
  edDecryptedStr.Text := SBUtils.StringOfBytes(OutBuf);

  FreeAndNil(aes);
  FreeAndNil(key);

end;

Regards.
#28487
Posted: 02/20/2014 08:03:52
by Vsevolod Ievgiienko (EldoS Corp.)

For AES-128 you must use TElSymmetricKeyMaterial.Key that has exactly 128 (16 bytes) length.

Also you should not call key.Generate(128) as it generates random key after you assign needed key.
#28489
Posted: 02/20/2014 08:42:50
by informatica@cst.cat (Standard support level)
Joined: 02/20/2014
Posts: 12

Thanks, I have removed the "key.Generate(128)" sentence and now I can encrypt and decrypt with Delphi.

But when I send a string wich has been generated by Delphi to a java server wich is using same algorithm, padding, and of course same password we get the following error:
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)

Am I missing something?
#28491
Posted: 02/20/2014 09:15:53
by Vsevolod Ievgiienko (EldoS Corp.)

What about IV? Is it the same on both server and your code? Is password on server used as-is or transformed into an encryption key somehow?
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 3628 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!