Free Encryption library for Delphi

Question

I'm looking for a free and up to date encryption library for Delphi 2010 that implements RSA and AES (Rijndael).

I want a free library because I plan to write and publish some sample code that will use it.

A Delphi 2010 version of TurboPower LockBox has been posted to the SongBeamer site, that implements both of these, but I'm concerned that it's getting a little old. For example, small RSA key sizes and no new security features for many years.

Update: Is the perception that LockBox is out of date or lacks important features incorrect? Is it still relevant for production development? (Particularly the RSA key sizes)

How does encryption go "long in the tooth"? It still works, right? An algorithm is an algorithm. :-) — Nick Hodges, Sep 09 '09 at 23:40
Lockbox is simple enough that it should still work fine, the ports that SongBeamer did were to support Unicode. The 2010 changes would be insignificant, most likely adding a compiler version check. — skamradt, Sep 10 '09 at 00:11
@Nick. In a comment thread on one of your blog posts, Luigi suggested that LockBox's RSA key sizes were now too small for some applications and that it lacks some newer encryption features. This made me wonder what other free libraries were available. — Bruce McGee, Sep 10 '09 at 10:08
@skamradt. The LockBox update on the SongBeamer site is already for Delphi 2010. — Bruce McGee, Sep 10 '09 at 10:09
Lockbox don't have asimetric encryption algorithms and is not valid for actual certificates and PKI infraestructures. The best library for delphi which I have tested is secureblackbox from eldos. It's VCL and work with X.509 and PKI. Of course it's not free. — Francis Lee, Sep 11 '09 at 12:14
I wasted days trying to use LockBox - the "original" version has bugs*, and the 3.0 version has a funky API. A guy in the office coded up something in C# that just worked, which we use via COM from Delhi. Ugly as, but reliable. * bug 1: padding calc was incorrect so you can only Decrypt using lockbox (not another lib), bug 2: I noticed a small prime function returns an even number (hard to trust a library after that!). — robocat, Aug 01 '16 at 02:09

score 16 · Answer 1 · answered Oct 25 '10 at 23:48

TurboPower LockBox 3.1.0 is now released. It supports:

Delphi 2007 and Delphi 2010
Unicodestrings for Delphi 2010
AES, DES, 3DES, Blowfish and Twofish ciphers
A long list of block chaining modes
MD5 and SHA1 hashes
RSA encryption, decryption, signature and verification
Variable length RSA keys - Almost no contraints on the range.
D-Unit test code
Automatic salting
Proper mangement of IV's (in contrast to DCPcrypt)
White Box, Free and Open Source
100% visible native source code (no DLL's)

http://sourceforge.net/projects/tplockbox/ and http://lockbox.seanbdurkin.id.au/

score 13 · Accepted Answer · edited Sep 25 '09 at 07:16

The RSA algorithm is not necessarily out of date, but the key size is important. It is still used regularly all over the place. An RSA key length of 3072 bits should be used if security is required beyond 2030. This is just a function of the improvements in computing power and not a weakness in the algorithm.

I was looking at the LockBox prior to SongBeamer starting to maintain it (Delphi 2007) I found the RSA unstable - just crashing or producing wrong results from time to time. It may have been fixed since then though. If you are going to use it, make sure it supports the key lengths you need, and then create some automated tests with known inputs and outputs. Make sure it runs stable. If it does, then use it by all means.

You can also use the Microsoft Crypto API to do your RSA encryption. I wrote a wrapper for Delphi 2007, but have not updated it for Unicode (I know, shame on me). Someone else might be able to update it to work with Unicode easily.

Another option would be to use the .NET Framework cryptography functions via COM interoperability or something.

I notice reading the [Crypto API wrapper Microsoft docs](http://msdn.microsoft.com/en-us/library/aa375549.aspx) that algorithms like SHA-256 and SHA-512 are not supported below Windows XP SP3. Might be an issue if you are producing apps that need to run in faraway places, where they still might be running XP SP2. — rossmcm, Nov 08 '13 at 04:18
Another MS Crypto API wrapper - http://cc.embarcadero.com/item/17598 — naXa stands with Ukraine, Mar 12 '14 at 19:41

RRUZ · Answer 3 · 2009-09-10T04:20:43.813

Hi Bruce i use this library since Delphi 5,

Delphi Encryption Compedium Part I v.5.2

Complete Rewrite of the former DEC 3, Update to the DEC 5.1 (released back in 2006)
Many Ciphers (Blowfish, Twofish, 3DES, Rijndael...)
Many Hashs (MD2/4/5, SHA1-512, RipeMD128-320...)
Checksum Functions (CRC32, CRC16...)
Text conversion Functions (MIME Base 64, XX/UU Coding...)
Secure Random Number Functions
with Ciphers encryption in Modes (CTS/CBC/CFB/OFB/ECB...)
Full and easy object oriented
Highly optimized, fast core
Supports ANSI and Unicode in D2009 (and below by using WideStrings)...

Is Freeeware and With Sorce Code, unfortunately does not implement RSA.

It has moved to google code: http://code.google.com/p/delphidec/ A minor thing I like about DEC is, you only need to include 1 dir vs. 3 dirs with DCPCrypt. — Ray Hulha, Jan 26 '12 at 13:23

Francesca · Answer 4 · 2009-09-10T01:18:57.213

9

Looks like the D2010 work is done:

TurboPower LockBox . Data Encryption . Sep 04 2009 . Download

Status: Should be working fine.
This library has been extended so that it supports encryption of Ansi and UnicodeStrings.
09/04/2009
* Delphi 2010 packages
* should compile without hints and warnings

edited Sep 10 '09 at 01:18

answered Sep 10 '09 at 00:35

Francesca

21,452
4
49
90

score 5 · Answer 5 · answered Sep 10 '09 at 01:04

As mentioned by Argalatyr, DCPCrypt works with Delphi 2009 but it doesn't do RSA;
ChillKat does support RSA and AES for Delphi, but it's not free;
Sergey Kirichenko made a free Rijndael implementation that you can download here: http://rcolonel.tripod.com/dwnload/rc_rnd.zip. The files are dated november 2000, so I don't know if it'll work directly in the newer Delphi's.
There used to be a zipfile with Delphi code for download here: http://ace.ulyssis.student.kuleuven.ac.be/~triade/GInt/bin/RSA.zip, but the developer probably finished his study and the university removed his homepage. On this chinese webpage I could see the contents of the file (search for RSA.pas on the page and click the link).

I don't know exactly what you mean with "long in the tooth" (old?), but I'd just go for Lockbox, because it provides everything you need. Except for the 2009 update, the last official changes were made in 2003. But hey, if it works it works.

score 3 · Answer 6 · answered Sep 10 '09 at 15:08

For sample code LockBox may be ok, but I would not use it in production any longer. Encryption does go "long in the tooth". Algorithms become old. Previously undiscoverd flaws, improved cryptoanalysis techniques, mathematical advancements, increasing processor power make once secure algorithms and key sizes no longer enough secure. 3DES, MD5, SHA-1 are already considered not enough. Attacks against AES have been recently published (http://eprint.iacr.org/2009/374). The minum recommended RSA key size is now 1024 bits, while 2048 and 3072 keys are recommended if data needs to be protected for years. Lockbox offers only keys of 1024 bits or less. The right block cipher mode has to be selected too. And LockBox TLbRijndael (AES) class by default uses ECB which has known flaws, and don't offer anything more than CBC. Due to the importance electronic security gained in these years, and the consequent researches both by good and bad guys, a seven years old library is really old - just recompiling it and adding support for UTF-16 strings is not enough. Be aware that false security is worse than no security at all. If a system administrator is told "we don't have any security in place" he will work to implement security himself (say IPSec, VPNs or the like). If he's told "yes, we have RSA and AES!" he will feel ok, even if your implementation of AES and RSA is outdated and no longer secure.

The one who downvoted could explain why? Show me where I am wrong, please... — , Feb 27 '11 at 19:45

score 1 · Answer 7 · answered Sep 09 '09 at 22:45

1

I have not tried it in D2010, but DCPcrypt supposedly works in D2009.

answered Sep 09 '09 at 22:45

Argalatyr

4,639
3
36
62

I saw this. Moving from Delphi 2009 to Delphi 2010 should be trivial. Unfortunately, it doesn't implement RSA. At least not that I could see. – Bruce McGee Sep 09 '09 at 22:50
I think you're right - I was focused on AES. – Argalatyr Sep 10 '09 at 00:06

Shannon Matthews · Answer 8 · 2014-07-10T01:18:31.360

1

Fundamentals Cody Library has implementations for both AES and RSA encryption. I haven't used the library however so can't comment on it's quality.

edited Jul 10 '14 at 01:18

answered Jul 09 '14 at 04:20

Shannon Matthews

9,649
7
44
75

score 0 · Answer 9 · answered Sep 18 '09 at 13:37

It seems like there are lots of free Delphi AES implementations. Feel free to add your favourites here.

There don't seem to be as many free RSA implementations, and very few libraries that offer both.

It looks like LockBox is still a pretty reasonable option. Especially since I don't need encryption that will take literally years to crack.

I think using Microsoft's Crypto API directly might be the most practical option.

score 0 · Answer 10 · answered Oct 02 '09 at 13:20

Daniele Teti has released a collection of DataSnap filters for Delphi 2010, which includes hash, cipher and compression. He mentions that he may also implement asymmetric ciphers in the future.

http://www.danieleteti.it/

This is open source, so please feel free to contribute.

Free Encryption library for Delphi

10 Answers10

Linked

Related