Encryption Examples

 

ASTA Servers and Clients can be made more secure by using Encryption. ASTA supplies a simple Encryption Scheme of ASTA encryption but cannot supply stronger encryption because of US Export Law. You can implement CustomEncryption on ASTA servers and clients by using Delphi commercial and freeware Encryption Components. Below are some examples of just that.

 

For SSL Like Certficate based encryption ASTA Secure Socket can be purchased as an ASTA Add on.

 

 

 

ASTA Encryption Suggestions:

 

1. components from www.crypto-central.com

 

this is an example of using one of their blowfish components. Of course both

server and client must use the same encryption scheme and key. In the form create seed the Blowfish component

 

 

  BlowFish.InitialiseString('AstaSeedValue');

 

 

 

procedure TLoanDM.AstaClientSocket1Decrypt(Sender: TObject; var S: string);

var

  TheInput: string;

begin

  TheInput := S;

  blowFish.deCryptString(TheInput, s);

end;

 

 

procedure TLoanDM.AstaClientSocket1Encrypt(Sender: TObject; var S: string);

var

  TheInput: string;

begin

  TheInput := S;

  blowFish.EncryptString(theInput, s);

end;

 

 

----------------------------------------------------------------------------

 

2. TurboPower products: www.turbopower.com

 

This was submitted by an ASTA user as a fast, reliable way to compress and

encrypt in one routine.

 

Turn off compression in the asta sockets because the compression is

done in the encrypt/decrypt routines. If you don't want to compress

then just remove the 1 Abbrevia line in each event and the DataStream

variable.

 

 

 

Client stuff in which I have in a data module with ASTAClientSocket:

 

Two private variables in the data module:

    DataStream : TMemoryStream;

    FKey : TKey128;

 

 

OnCreate of the data module:

  DataStream := TMemoryStream.Create;

  {* LOCKBOX: LBCIPHER.PAS 1.07

  (var Key; KeySize : Integer; const Str : string);*}

  GenerateLMDKey( FKey, SizeOf( FKey ), MasterPassword );

 

OnDestroy of the data module:

  DataStream.Free;

 

 

Set your AstaClientSocket

          acs.Encryption := etUserDefined;

          acs.OnEncrypt := acsEncrypt;

          acs.OnDecrypt := acsDecrypt;

 

procedure TTablesDM.acsEncrypt( Sender : TObject; var S : string );

var st : TStringStream;

begin

  if S = '' then exit;

  st := TStringStream.Create( S );

  try

    DataStream.Clear;

    st.position := 0;

 

    {* ABBREVIA: ABZIPPRC.PAS 1.09

    (UncompressedStream, CompressedStream : TStream); *}

    DeflateStream( st, DataStream );

 

    st.Size := 0;

    DataStream.Position := 0;

 

    {* LOCKBOX: LBPROC.PAS 1.07

    (InStream, OutStream : TStream; Key : TKey128; Encrypt : Boolean); *}

    BFEncryptStream( DataStream, st, FKey, True );

 

    st.position := 0;

    S := st.DataString;

  finally

    st.free;

  end;

end;

 

procedure TTablesDM.acsDecrypt( Sender : TObject; var S : string );

var st : TStringStream;

begin

  if S = '' then exit;

  st := TStringStream.Create( S );

  try

    DataStream.Clear;

    st.position := 0;

 

    {* LOCKBOX: LBPROC.PAS 1.07

    (InStream, OutStream : TStream; Key : TKey128; Encrypt : Boolean); *}

    BFEncryptStream( st, DataStream, FKey, False );

 

    st.Size := 0;

    DataStream.Position := 0;

 

    {* ABBREVIA: ABUNZPRC.PAS 1.09

    (CompressedStream, UncompressedStream : TStream); *}

    InflateStream( DataStream, st );

 

    st.Position := 0;

    S := st.DataString;

  finally

    st.free;

  end;

end;

 

 

============================================================================

Server stuff:

 

Two private variables on the main form:

    DataStream : TMemoryStream;

    FKey : TKey128;

 

 

OnCreate of the data module:

  DataStream := TMemoryStream.Create;

  {* LOCKBOX: LBCIPHER.PAS 1.07

  (var Key; KeySize : Integer; const Str : string);*}

  GenerateLMDKey( FKey, SizeOf( FKey ), MasterPassword );

 

OnDestroy of the data module:

  DataStream.Free;

 

 

Set the ASTAServerSocket

    OnEncrypt := AstaServerSocket1Encrypt

    OnDecrypt := AstaServerSocket1Decrypt

 

 

procedure TfrmMainForm.AstaServerSocket1Decrypt( Sender : TObject; var S : string );

var st : TStringStream;

begin

  if S = '' then exit;

  st := TStringStream.Create( S );

  try

    DataStream.Clear;

    st.position := 0;

    BFEncryptStream( st, DataStream, FKey, False );

    st.Size := 0;

    DataStream.Position := 0;

    InflateStream( DataStream, st );

    st.Position := 0;

    S := st.DataString;

  finally

    st.free;

  end;

end;

 

procedure TfrmMainForm.AstaServerSocket1Encrypt( Sender : TObject; var S : string );

var st : TStringStream;

begin

  if S = '' then exit;

  st := TStringStream.Create( S );

  try

    DataStream.Clear;

    st.position := 0;

    DeflateStream( st, DataStream );

    st.Size := 0;

    DataStream.Position := 0;

    BFEncryptStream( DataStream, st, FKey, True );

    st.position := 0;

    S := st.DataString;

  finally

    st.free;

  end;

end;

 

 

 

You will have to come up with a MasterPassword of your own and make it good.

 

----------------------------------------------------------------------------

 

3. From another ASTA user.

 

If you are looking for some fast encryption I would suggest Delphi

Encryption Compendium part I. It is freeware, and when I evaluated

commercial packages I found this one faster, and it definitely has more

ciphers supported. Here is a snippet from the readme below. Notice

Blowfish's speed at > 8.0 Mb/sec. That is screaming! The secure random

routine is great for seeding your keys and the hashes are useful too!

 

You can download it from a whole slew of places, but here is a URL to get

you started:

 

http://homepages.borland.com/torry/vcl/security/strong/chipher.zip

 

For those of you looking for public key (asymmetrical) encryption solutions,

just hold on until September 21st when the patent for RSA expires. I will

have an RSA encryption component for Delphi for free that uses the

incredibly fast GInt (Gigantic Integer) library. It will support bit ranges

starting at 256 up to as much processor power you want to through at it.

:-) For those of you lucky enough to live in the Boise area I will demo it

tomorrow at the user's group.

 

-------------------

 

Status: Freeware, Version 3.0

 Description: Includes variuos basicly Algorithm:

 

    5 Checksum: CRC32, XOR32bit, XOR16bit, CRC16-CCITT, CRC16-Standard

 

   23 Hash: MD4, MD5, SHA (other Name SHS), SHA1,

                 RipeMD128, RipeMD160, RipeMD256, RipeMD320,

                 Haval (128, 160, 192, 224, 256) with Rounds,

                 Snefru, Square, Tiger

                 Sapphire II (128, 160, 192, 224, 256, 288, 320)

 

 

   40 Cipher: Gost, Cast128, Cast256, Blowfish, IDEA

                 Mars, Misty 1, RC2, RC4, RC5, RC6, FROG, Rijndael,

                 SAFER, SAFER-K40, SAFER-SK40,SAFER-K64, SAFER-SK64,

                 SAFER-K128, SAFER-SK128, TEA, TEAN, Skipjack, SCOP,

                 Q128, 3Way, Twofish, Shark, Square, Single DES, Double DES,

                 Triple DES, Double DES16, Triple DES16, TripleDES24,

                 DESX, NewDES, Diamond II, Diamond II Lite, Sapphire II

 

    2 RNG: Standard Random Generator, Linear Feedback Shift Register

RNG with

                 variable Period from 2^64-1 to 2^2032-1.

 

 6 Text Formats: Hexadecimal, MIME Base 64, Plain, RFC1760 Six Word, UU

Coding, XX Coding

 

 

   others: * Low Level API to access outside from Delphi and BCB

                 * Fast implementation (i.E. THash_MD4 > 27Mb/sec,

TCipher_Blowfish > 8.0 Mb/sec)

                 * Stringformat Management, includes:

                   HEX, MIME Base 64, RFC1760 Six Word, UU and XX Coding

String converting and Samples

                 * Designtime Manager Components for Hash's and Cipher's

                 * Full and easy objectorientated

                 * RNG's can be cryptographicaly secure

                 * Standard Cipher Modes:

                     CBC - Cipher Block Chaining

                     CTS - Cipher Text Stealing

                     CFB - Cipher Feedback

                     OFB - Output Feedback

                     ECB - Electronic Code Book

                     CBCMAC - CBC Message Authentication Code

                     CTSMAC - CTS Message Authentication Code

                     CFBMAC - CFB Message Authentication Code

                 * High optimized Assembler Core

                 * Progress Gauge Support in all Cipher's, Hash's,

CheckSums's

                 * Self Test Support for all Cipher's, Hash's, CheckSums's

to test of

                   any illegal or incorrect Modification's

                 * Detailed and full DEMO

                 * variable HMAC's - Hash Message Authentication Code

Support for all THash_XXX Classes,

                   supports RFC2104 Standard HMAC's

          * automatically Compression Support

                 * Chaining from all THash_XXX, TRandom_XXX, TCipher_XXXX

and TCompress_XXX Classes

                 * En/Decryption/Scrambling/Wipe with all TProtection

Classes,

                   this includes all Hash's, Cipher's, Random's and

Compress's Classes

                 * Internet RFC2289/RFC1760/RFC2444 One Time Password

Routines as Component

                 * many more...

 

 

 

 


ASTA Overview