问题
I am currently in the process of converting a project (that uses encryption) from Delphi 6 to XE. This project uses the old Delphi Encryption Compendium which does not work in XE. So I figured that I would swap from that component set to LockBox. There are two versions of LockBox - 2 and 3. I have no problems with using the LockBox2 in Delphi 6. I though that I would use LockBox3 in XE, but the problem that I have is that I cannot get the same results when used with ExFile demo program (from LockBox2).
In that demo I select the Blowfish algorithm set the password to 'testkey' without the quotes and the program will encrypt the file.
In Delphi XE, I dropped onto the form
Codec1: TCodec;
CryptographicLibrary1: TCryptographicLibrary;
and linked Codec1 to CryptographicLibrary1 and when clicking a button the following code is executed (found similar code on LockBox3 site for decrypting strings)....
codec1.StreamCipherId := BlockCipher_ProgId;
codec1.BlockCipherId := Blowfish_ProgId;
codec1.ChainModeId := ECB_ProgId;
codec1.Password := 'testkey';
codec1.encryptFile('d:\tools\mingw\bin\md5.exe',
'd:\tools\mingw\bin\md5_xe_2.exe');
But the end result is that the output file has a different size to that from the LockBox2 ExFile demo.
So my questions are....
What have I done wrong in the XE code above such that I gives a different result to ExFile demo from LockBox2?
Should I just use LockBox2 within XE?
Related to 2, is there someone looking after the code LockBox2 (for XE)?
Any assistance would be greatly appreciated.
Regards,
回答1:
- The user "mj2008" hit the nail on the head. Delphi 6 uses ansistring as string. Delphi XE uses UTF-16LE. The same password, as rendered on a screen or typed in from keyboard, is a completely different datum, so naturally, results will be different.
About expected file sizes. Blowfish is an 8 byte (64 bit) block mode cipher. Although it will be different for other chaining modes, ECB uses block padding to pad out the last block. TPLB3 uses the RFC1321 padding scheme for ECB, which is to say it pads the message out with one $80 byte followed by enough zeroes to get a whole block size. TPLB2 uses a different scheme: It pads with zeroes until the last byte, which it sets to the number of pre-padded bytes in the pack block.
So if your plaintext file is Size X bytes, and if you encrypt with Blowfish/ECB, then the ciphertext size Y, should be:
Y = X + 8 - (X mod 8)
(Refer to forum thread for more detail: http://lockbox.seanbdurkin.id.au/tiki-view_forum_thread.php?comments_parentId=154&topics_offset=2&topics_sort_mode=lastPost_desc&forumId=2)
*2. With the caveat that I know nothing about the purpose and context of your program, and that specific circumstances may impact on this question, I would say use TurboPower LockBox 3 for your Delphi XE program. If you have a need to interoperate with old LB2 ciphertext, then write and execute once-off, a conversion program to convert LB2 ciphertext to LB3 ciphertext. Then discard LB2.
*3. I continue to maintain LB2, but I will only fix reported major defects in LB2, and I will not fix the RSA component in LB2.
来源:https://stackoverflow.com/questions/7493408/converting-turbopower-lockbox-2-to-lockbox-3