问题
My application sends encrypted files over the internet, I need to be able to do the following:
- (Client side Delphi 2010): Encrypt files using public key shipped with my application & upload it to server
- (Server side PHP): Decrypt the uploaded file using my private key stored on server
- (Work on the uploaded file...)
Sounds simple but I can't find any reliable code/component, I found these components:
DCPcrypt. This is what I'm using right now in development but doesn't seem to support keypair-based encryption (RSA?)
GnuPgp (GPL) so I can't use it on my commercial app.
TurboPower LockBox 3: does support keypair encryption but very cryptic (no documentation AFAIK) and doesn't seem to support file encryption.
My question is: is there a secure / reliable encryption component that:
- Achieve what I described above (ie. keypair encryption)
- Can be decrypted using PHP
- Works on large files/streams
- (Dreaming here!) Has a simple delphi/php demo that shows how to do this? :)
- FOSS solutions only please, I'm already wayyy over budget :)
回答1:
I would go with OpenSSL.
PHP seems to have plenty of support for it, though I haven't actually tried it:
For example the manual and an example here.
Delphi can be made to work well with OpenSSL with a little work, using stuff I've mentioned on here numerous times: http://www.disi.unige.it/person/FerranteM/delphiopenssl/. Some good examples on that page too. And take a look at the Indy OpenSSL imports.
Not specific components but definitely free, flexible and with full possibilities for shooting yourself, security-wise, in the foot :-)
EDIT:
For Delphi I would consider using the EVP_Seal* functions and you can find my version of a cut down libeay32.pas file in this SO answer. You ned this as Indy doesn't surface or implement much/any of the actual EVP_ functions so you need to import the function declarations and a few other routines.
For PHP this link seems the right counterpart.
As a bonus, this should give you an idea of how to use the EVP_Seal* stuff (non-tested):
function EVPSeal(ASource: TBytes; const APublicKey: PEVP_PKEY; out Key: TBytes; out IV: TBytes): TBytes;
var
cipher: PEVP_CIPHER;
ctx: EVP_CIPHER_CTX;
buf: TBytes;
block_size, buf_start, out_len, keysize: integer;
ek: array[0..0] of PByte;
ekl: array[0..0] of integer;
pubk: array[0..0] of PEVP_PKEY;
begin
keysize := EVP_PKEY_size(APublicKey);
cipher := EVP_aes_256_cbc;
SetLength(IV, EVP_MAX_IV_LENGTH);
SetLength(Key, keysize);
ek[0] := @Key[0];
pubk[0] := APublicKey;
buf_start := 0;
EVP_CIPHER_CTX_init(@ctx);
try
EVP_SealInit(@ctx, cipher, @ek[0], @ekl, @IV[0], @pubk[0], 1);
block_size := EVP_CIPHER_CTX_block_size(@ctx);
SetLength(buf, Length(ASource) + block_size);
SetLength(Key, ekl[0]);
EVP_SealUpdate(@ctx, @buf[buf_start], out_len, @ASource[0], Length(ASource));
Inc(buf_start, out_len);
EVP_SealFinal(@ctx, @buf[buf_start], out_len);
Inc(buf_start, out_len);
SetLength(buf, buf_start);
result := buf;
finally
EVP_CIPHER_CTX_cleanup(@ctx);
end;
end;
回答2:
Ah, crypto. There is a saying about a programmer that knows little crypto being far more dangerous than one that knows none.
On a really similar vein, I spent quite some time trying to find a way to do digital XML signatures using open source. I only managed to get so far before buckling up and getting a rock solid third party library. It is not cheap in the pure monetary sense, but one of my best investments so far.
(True story: I actually got into a little flamewar with the author of this library that even got deleted from the comments. Alas, I ended up buying from him. Go figure.)
来源:https://stackoverflow.com/questions/10706320/secure-keypair-encryption-solution-in-delphi-php