Secure keypair encryption solution in Delphi & PHP?

我怕爱的太早我们不能终老 提交于 2019-12-19 03:20:49

问题


My application sends encrypted files over the internet, I need to be able to do the following:

  1. (Client side Delphi 2010): Encrypt files using public key shipped with my application & upload it to server
  2. (Server side PHP): Decrypt the uploaded file using my private key stored on server
  3. (Work on the uploaded file...)

Sounds simple but I can't find any reliable code/component, I found these components:

  1. DCPcrypt. This is what I'm using right now in development but doesn't seem to support keypair-based encryption (RSA?)

  2. GnuPgp (GPL) so I can't use it on my commercial app.

  3. TurboPower LockBox 3: does support keypair encryption but very cryptic (no documentation AFAIK) and doesn't seem to support file encryption.

My question is: is there a secure / reliable encryption component that:

  1. Achieve what I described above (ie. keypair encryption)
  2. Can be decrypted using PHP
  3. Works on large files/streams
  4. (Dreaming here!) Has a simple delphi/php demo that shows how to do this? :)
  5. FOSS solutions only please, I'm already wayyy over budget :)

回答1:


I would go with OpenSSL.
PHP seems to have plenty of support for it, though I haven't actually tried it: For example the manual and an example here.

Delphi can be made to work well with OpenSSL with a little work, using stuff I've mentioned on here numerous times: http://www.disi.unige.it/person/FerranteM/delphiopenssl/. Some good examples on that page too. And take a look at the Indy OpenSSL imports.

Not specific components but definitely free, flexible and with full possibilities for shooting yourself, security-wise, in the foot :-)

EDIT:

For Delphi I would consider using the EVP_Seal* functions and you can find my version of a cut down libeay32.pas file in this SO answer. You ned this as Indy doesn't surface or implement much/any of the actual EVP_ functions so you need to import the function declarations and a few other routines.

For PHP this link seems the right counterpart.

As a bonus, this should give you an idea of how to use the EVP_Seal* stuff (non-tested):

function EVPSeal(ASource: TBytes; const APublicKey: PEVP_PKEY; out Key: TBytes; out IV: TBytes): TBytes; 
var
  cipher: PEVP_CIPHER;
  ctx: EVP_CIPHER_CTX;
  buf: TBytes;
  block_size, buf_start, out_len, keysize: integer;
  ek: array[0..0] of PByte;
  ekl: array[0..0] of integer;
  pubk: array[0..0] of PEVP_PKEY;
begin
  keysize := EVP_PKEY_size(APublicKey);
  cipher := EVP_aes_256_cbc;
  SetLength(IV, EVP_MAX_IV_LENGTH);
  SetLength(Key, keysize);
  ek[0] := @Key[0];
  pubk[0] := APublicKey;
  buf_start := 0;
  EVP_CIPHER_CTX_init(@ctx);
  try
    EVP_SealInit(@ctx, cipher, @ek[0], @ekl, @IV[0], @pubk[0], 1);
    block_size := EVP_CIPHER_CTX_block_size(@ctx);
    SetLength(buf, Length(ASource) + block_size);
    SetLength(Key, ekl[0]);
    EVP_SealUpdate(@ctx, @buf[buf_start], out_len, @ASource[0], Length(ASource));
    Inc(buf_start, out_len);
    EVP_SealFinal(@ctx, @buf[buf_start], out_len);
    Inc(buf_start, out_len);
    SetLength(buf, buf_start);
    result := buf;
  finally
    EVP_CIPHER_CTX_cleanup(@ctx);
  end;
end;



回答2:


Ah, crypto. There is a saying about a programmer that knows little crypto being far more dangerous than one that knows none.

On a really similar vein, I spent quite some time trying to find a way to do digital XML signatures using open source. I only managed to get so far before buckling up and getting a rock solid third party library. It is not cheap in the pure monetary sense, but one of my best investments so far.

(True story: I actually got into a little flamewar with the author of this library that even got deleted from the comments. Alas, I ended up buying from him. Go figure.)



来源:https://stackoverflow.com/questions/10706320/secure-keypair-encryption-solution-in-delphi-php

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!