2

I have a Delphi 2010 application, that uses the Lockbox component for encrypt data. The program is calling the Triple DES Encrypt String CBCEx function with Key128. The key is generated by function:

GenerateLMDKey(Key128, SizeOf(Key128), 'Leadmec');

I'm developing a web service in Java to access database data and feed an Android Application. I need to decrypt the password that was encrypted by the Delphi function. How do I do this? Is that really possible?

This is how the encrypted password looks like: ho+RZpDW8z7hxH2cyjaBDg==

Arioch 'The
  • 15,799
  • 35
  • 62
Lucas Resende Tavares
  • 21
  • 6
  • 2
    Sure it's possible. As long as the you are using the same and representation for the key, the language doesn't matter. – Code-Apprentice Apr 01 '13 at 23:37
  • 2
    http://stackoverflow.com/q/20227/62576 – Ken White Apr 02 '13 at 00:00
  • 2
    Please [edit] your question to make it more specific. "Is it possible" is not an actual question. I can answer "Yes, it is possible." and be absolutely correct, even if I provide no more information. Please ask a specific question that can be meaningfully answered. Thanks. – Ken White Apr 02 '13 at 00:02
  • 2
    "==" padding at the end is typical for base64 encoding, check if it is - or part of it - is used. Also, both LockBox2 and LockBox3 are opensource - so you can trace how the code is generated inside GenerateLMDKey = particularly u need to understand how binary key data is converted to textual form (maybe something around base64). BTW, maybe password is exactly 'Leadmec' forever and ever ? That seems to be same problem discussed: http://www.delphigroups.info/2/12/135167.html – Arioch 'The Apr 02 '13 at 09:25
  • Ok, thanks for the corrections... I'm novice here on StackOverflow... Well, base 64 so...I only get "wrong key size" error when I use "Leadmec" string for a key. so, I made a 64 length string, and encrypt another word on Delphi with the same key. Now I get this error message: "Given final block not properly padded" And now, I'm using this algorithm posted here: stackoverflow.com/questions/20227/…, as @Ken White posted before. I dont really need a random password on my application. For now it can keep the same forever. – Lucas Resende Tavares Apr 02 '13 at 14:43
  • Let's strart from scratch. What do you call a "password" and where u gonna use it ? If you just want to encrypt connection with host, why not use HTTPS encrypted protocol ? Or encrypted XMPP protocol ? – Arioch 'The Apr 02 '13 at 15:35
  • Well... The encrypted data is the User's Logon Password, and this is loaded from a Varchar Database field. So, I must decrypt it on my Android App. The encryption Key is "Leadmec". The Varchar Database Field Value is "ho+RZpDW8z7hxH2cyjaBDg==". Encrypted by Delphi. I must Decrypt by Android. Got it? =) – Lucas Resende Tavares Apr 02 '13 at 16:44
  • No :-) okay, you decrypt it - so what would you do wit ha password on the application ? why do you need to obtain it ? It is typical thing to encrypt passwords (or rather to hash them: MD5, SHA1) but decrypting them is exotic and rarely needed thing. So what is the grand scheme of things? Also in this condition i'd still suggest you to encrypt the traffic using HTTPS or XMPP. BTW, along with the encryption that would provide you with zip'ping the traffic, which may make it faster and cheaper for mobile device. Also, did you asked this on tpLockbox forum ? usually author is rather responsive. – Arioch 'The Apr 03 '13 at 05:56
  • Also, you tagged the question with [tag:LockBox-3] - that is false. I downloaded SVN of Lockbox3 - and there is no GenereateLMDKey routine AT ALL. Look at http://lockbox.seanbdurkin.id.au/tiki-view_forum_thread.php?comments_parentId=410 For all i see in this question, it seems that GemerateLMDKey is some pervertion, with no clear sense nor any reason d'etre. And The same is said by Lockbox developer. *There is nothing to replace GenerateLMDKey(). You just don't need it* PS. You may also look at `Spring4Delphi` library that also has encryption classes. PPS. Still think encrypt whole traffic – Arioch 'The Apr 03 '13 at 06:02
  • Thats really weird. Because I use LbCipher & LbString Delphi Units that have as Header: "The Original Code is TurboPower LockBox - LBCIPHER.PAS 2.08 Copyright (c) 2002 TurboPower Software Co". But, Spring4Delphi encryption is decryptable by Java? How does that work? Encrypt whole traffic u say, it to encrypt my XML communication? Thats a good idea. – Lucas Resende Tavares Apr 03 '13 at 17:10
  • I need the password to Login. Well, I would need to generate exacly the same encrypted code to login without decrypt it, what is very hard with this delphi algorithm. I tried once, but no success, because the encrypy result refreshes anytime I encrypt the same word with the same key. Then I decrypt it to check. I think that it was an stupid solution, but I could not make better when I did it some years ago... Now I'm rebuilding it... I'll follow your tips! – Lucas Resende Tavares Apr 03 '13 at 17:12

0 Answers0