Which version of LockBox3 works under Delphi2010?

Question

As I am looking for AES-128 encryption, I'd like to get Lockbox3 running on Delphi2010.

The first problem here: What/where are the official sources?

The sources from https://sourceforge.net/projects/tplockbox/ don't hold packages for Delphi2010 and also simply don't compile (loads of errors).

https://code.google.com/archive/p/tplockbox/ is not maintained anymore and points to https://github.com/SeanBDurkin/tplockbox.

I downloaded the sources from github, I think in V3.6.3 (version is nowhere mentioned in the sources, right?). The packages can be installed, but e.g. the MakeSampleKey example doesn't compile, as EncryptString doesn't work with AnsiStrings (umfmMakeSampleKey.pas, line 216).

I have then created a project and used the source from the OP of How to AES-128 encrypt a string using a password in Delphi and decrypt in C#?

I changed CipherText from AnsiString to String. The code compiles, but when I run it, it crashes with "Integer overflow" in TPLB3.SHA1.pas, line 264.

Is LockBox3 still maintained and is it usable for Delphi2010? If yes, then how? What do I do wrong? Thx!

Edit: There's another GitHub project hosting LockBox3, namely https://github.com/TurboPack/LockBox3 The recent sources from there do NOT compile under Delphi2010. (see comments under OP for a short list of problems)

Edit: Here's some code I try to use (and fail) - i post it here as I don't manage to post it formatted into a comment:

function LockBox3_EncryptText_AES_128(input: string; password: string): string;
var
  Codec: TCodec;
  CipherText: String;
begin
  Codec := TCodec.Create(nil);
  try
    Codec.CryptoLibrary := TCryptographicLibrary.Create(Codec);
    Codec.StreamCipherId := BlockCipher_ProgID;
    Codec.BlockCipherId := Format(AES_ProgId, [128]);
    Codec.ChainModeId := CBC_ProgId;
    Codec.Password := Password;
    Codec.EncryptString(input, CipherText);
    Result := string(CipherText);
  finally
    Codec.Free;
  end;
end;

The source from Github builds under all supported versions of Delphi, and as it's the current repo for the code (as you can see, since it was last updated about a month ago), you should look there. There are no separate packages for each version of the IDE any longer, and haven't been for ages. The version on Github works fine in Seattle and Berlin, which means it works fine with Unicode strings. — Ken White, Aug 19 '16 at 12:24
Just checked Github, and the installation instructions are right on the page at https://github.com/TurboPack/LockBox3 - scroll down on that page to read the contents of *readme.txt*. — Ken White, Aug 19 '16 at 12:32
Ken, you are pointing to a different Github-repository. (/TurboPack/LockBox3 vs. /SeanBDurkin/tplockbox) I tried that repository before I posted my original request, Now I tested again. I checked out sources from https://github.com/TurboPack/LockBox3.git/trunk I added the required search paths, and tried to compile LockBox3VCLDD.dpk. It fails with "[MSBuild Fehler] 0 ist ein ungültiger Wert für den DebugInformation-Parameter der DCC-Aufgabe. Der DebugInformation-Parameter gehört zum System.Boolean-Typ." Again: I'm using Delphi2010. What Version of Delphi did you try? — ralfiii, Aug 24 '16 at 08:44
Btw: When I delete all binary stuff that might keep the package from compiling, it stops with "Unknown identifier "TEncoding.ANSI" in unit uTPLb_StrUtils.pas" — ralfiii, Aug 24 '16 at 08:50
Yes, I know I'm pointing to a different repository. I've got that version installed in D2007, XE, XE8, 10 Seattle and 10.1 Berlin. If it's working with all of those (which are both ANSI and Unicode), I see no reason it wouldn't work with 2010. (I'm not fluent in German, but it appears the error message you've cited says something about an invalid parameter and that it was expecting a Boolean. It's usually helpful (since this is an English language site) to provide a translation of the error when you can.) — Ken White, Aug 24 '16 at 12:31
Ken: After deleting the .dproj files, the MSBuild-bug disappeared. It said "0 is an invalid value for Debuginfo-parameter of the dcc output. The debuginfo-parameter belongs to the system.boolean type". You compiled under D2007??? There are a number of occurences where TEncoding.ANSI is required. And not all of them can be fixed as as suggested in http://stackoverflow.com/questions/26000177/how-do-i-install-lockbox-3-into-delphi-7 Additionally in many places the {$IF Compilierversion...} directive is not closed with {$IFEND] but with {$ENDIF}. For me that works under 10.1Berlin, not for D2010 — ralfiii, Aug 24 '16 at 14:44
I am really desparate about that problem. I've set up a fresh virtual machine and installed Delphi2010 and copied the LockBox sources there. I started TeamViewer on that VM. Ken or anyone else: Could you have a look and see if you find a reason for all that? ID/Pin: 973 132 244/8195. You'd be my hero... — ralfiii, Aug 24 '16 at 14:52
We don't do personal consulting from here; that's actually not how this site works. All activity has to be done here, so that it's of benefit to future users. — Ken White, Aug 24 '16 at 16:27
That's logical! I would naturally post all findings here afterwards - for the benefit of future users. I just think it's easier for you (or someone else) to locate a problem or give me a hint which way to go, if I provide you with a possibility to personally check what's going on on my machine. That's the thought behind the VM. — ralfiii, Aug 25 '16 at 08:00

Sean B. Durkin · Accepted Answer · 2016-09-07T01:21:18.143

I maintain LockBox 3 at http://lockbox.seanbdurkin.id.au/HomePage .

The repo is at https://github.com/SeanBDurkin/tplockbox .

Yes, it works for D2010.

Update

This works for me, with Delphi 2010 and TPLB3 version 3.6.3

program LB3Demo_D2010;

{$APPTYPE CONSOLE}

uses
  SysUtils,
  TPLB3.Codec in '..\ExternalLibraries\TPLB3\run\TPLB3.Codec.pas',
  TPLB3.CryptographicLibrary in '..\ExternalLibraries\TPLB3\run\TPLB3.CryptographicLibrary.pas',
  TPLB3.BlockCipher in '..\ExternalLibraries\TPLB3\run\TPLB3.BlockCipher.pas',
  TPLB3.StreamToBlock in '..\ExternalLibraries\TPLB3\run\TPLB3.StreamToBlock.pas',
  TPLB3.Decorators in '..\ExternalLibraries\TPLB3\run\TPLB3.Decorators.pas',
  TPLB3.StreamCipher in '..\ExternalLibraries\TPLB3\run\TPLB3.StreamCipher.pas',
  TPLB3.StreamUtils in '..\ExternalLibraries\TPLB3\run\TPLB3.StreamUtils.pas',
  TPLB3.Random in '..\ExternalLibraries\TPLB3\run\TPLB3.Random.pas',
  TPLB3.IntegerUtils in '..\ExternalLibraries\TPLB3\run\TPLB3.IntegerUtils.pas',
  TPLB3.Compatibility in '..\ExternalLibraries\TPLB3\run\TPLB3.Compatibility.pas',
  TPLB3.Asymetric in '..\ExternalLibraries\TPLB3\run\TPLB3.Asymetric.pas',
  TPLB3.CodecIntf in '..\ExternalLibraries\TPLB3\run\TPLB3.CodecIntf.pas',
  TPLB3.BaseNonVisualComponent in '..\ExternalLibraries\TPLB3\run\TPLB3.BaseNonVisualComponent.pas',
  TPLB3.Hash in '..\ExternalLibraries\TPLB3\run\TPLB3.Hash.pas',
  TPLB3.HashDsc in '..\ExternalLibraries\TPLB3\run\TPLB3.HashDsc.pas',
  TPLB3.AES in '..\ExternalLibraries\TPLB3\run\TPLB3.AES.pas',
  TPLB3.Base64 in '..\ExternalLibraries\TPLB3\run\TPLB3.Base64.pas',
  TPLB3.CBC in '..\ExternalLibraries\TPLB3\run\TPLB3.CBC.pas',
  TPLB3.Constants in '..\ExternalLibraries\TPLB3\run\TPLB3.Constants.pas',
  TPLB3.ECB in '..\ExternalLibraries\TPLB3\run\TPLB3.ECB.pas',
  TPLB3.MD5 in '..\ExternalLibraries\TPLB3\run\TPLB3.MD5.pas',
  TPLB3.SimpleBlockCipher in '..\ExternalLibraries\TPLB3\run\TPLB3.SimpleBlockCipher.pas',
  TPLB3.I18n in '..\ExternalLibraries\TPLB3\run\TPLB3.I18n.pas',
  TPLB3.CFB_8Bit in '..\ExternalLibraries\TPLB3\run\TPLB3.CFB_8Bit.pas',
  TPLB3.CFB_Block in '..\ExternalLibraries\TPLB3\run\TPLB3.CFB_Block.pas',
  TPLB3.CTR in '..\ExternalLibraries\TPLB3\run\TPLB3.CTR.pas',
  TPLB3.OFB in '..\ExternalLibraries\TPLB3\run\TPLB3.OFB.pas',
  TPLB3.PCBC in '..\ExternalLibraries\TPLB3\run\TPLB3.PCBC.pas',
  TPLB3.SHA1 in '..\ExternalLibraries\TPLB3\run\TPLB3.SHA1.pas',
  TPLB3.SHA2 in '..\ExternalLibraries\TPLB3\run\TPLB3.SHA2.pas',
  TPLB3.SVN_Keywords in '..\ExternalLibraries\TPLB3\run\TPLB3.SVN_Keywords.pas',
  TPLB3.BinaryUtils in '..\ExternalLibraries\TPLB3\run\TPLB3.BinaryUtils.pas',
  TPLB3.PointerArithmetic in '..\ExternalLibraries\TPLB3\run\TPLB3.PointerArithmetic.pas',
  TPLB3.CipherUtils in '..\ExternalLibraries\TPLB3\run\TPLB3.CipherUtils.pas',
  TPLB3.RSA_Engine in '..\ExternalLibraries\TPLB3\run\TPLB3.RSA_Engine.pas',
  TPLB3.RSA_Primitives in '..\ExternalLibraries\TPLB3\run\TPLB3.RSA_Primitives.pas',
  TPLB3.HugeCardinal in '..\ExternalLibraries\TPLB3\run\TPLB3.HugeCardinal.pas',
  TPLB3.HugeCardinalUtils in '..\ExternalLibraries\TPLB3\run\TPLB3.HugeCardinalUtils.pas',
  TPLB3.MemoryStreamPool in '..\ExternalLibraries\TPLB3\run\TPLB3.MemoryStreamPool.pas',
  TPLB3.DES in '..\ExternalLibraries\TPLB3\run\TPLB3.DES.pas',
  TPLB3.BlowFish in '..\ExternalLibraries\TPLB3\run\TPLB3.BlowFish.pas',
  TPLB3.TDES in '..\ExternalLibraries\TPLB3\run\TPLB3.TDES.pas',
  TPLB3.TwoFish in '..\ExternalLibraries\TPLB3\run\TPLB3.TwoFish.pas',
  TPLB3.XXTEA in '..\ExternalLibraries\TPLB3\run\TPLB3.XXTEA.pas',
  TPLB3.DCP.twofish_Modified in '..\ExternalLibraries\TPLB3\run\TPLB3.DCP.twofish_Modified.pas';

const
  /// <remarks>Set isProduction to True for a production environment.
  ///  For a production environment, we want to randomize the PRNG at start-up,
  ///  for security reasons. For a test environment, we may way to set the seed
  ///  to be a fixed known value, for purposes of reproducibility and possibly
  ///  KAT alignment.
  /// </remarks>
  isProduction: boolean = False;
  Seed_ForNonProduction: int64 = 1;

function LockBox3_EncryptText_AES_128( input: string; password: string): string;
var
  Codec: TCodec;
begin
  Codec := TCodec.Create( nil);
  try
    Codec.CryptoLibrary  := TCryptographicLibrary.Create(Codec);
    Codec.StreamCipherId := BlockCipher_ProgID;
    Codec.BlockCipherId  := Format(AES_ProgId, [128]);
    Codec.ChainModeId    := CBC_ProgId;
    Codec.Password       := Password;
    Codec.EncryptString( input, result);
    Codec.Burn
  finally
    Codec.Free
  end
end;

var
  input, output: string;
  password: string;
begin
  try
    if isProduction then
        TRandomStream.Instance.Randomize
      else
        TRandomStream.Instance.Seed := Seed_ForNonProduction;
    input    := 'Hello world';
    WriteLn( 'Compiler = ', Format( '%.1f', [CompilerVersion]));
    WriteLn( 'Plaintext = "' + input + '"');
    password := 'my-secret';
    WriteLn( 'Password (' + {$IFDEF UNICODE} 'UTF-16' {$ELSE} 'UTF-8' {$ENDIF} + ') = "' + password + '"');
    WriteLn( 'Seed = ', TRandomStream.Instance.Seed);
    output   := LockBox3_EncryptText_AES_128( input, password);
    Writeln( 'Ciphertext (encoded as base64) = "' + output + '"');
    WriteLn( 'Press enter to terminate.');
    Readln;
  except
    on E: Exception do
      Writeln(E.ClassName, ': ', E.Message);
  end;
end.

Output

When run, the output yields ...

Compiler = 21.0
Plaintext = "Hello world"
Password (UTF-16) = "my-secret"
Seed = 1
Ciphertext (encoded as base64) = "AQAAAAAAAADCpkdd/g8fyEuojQ=="

Thanks for helping. I know that repository and I have installed it. However, I do not manage to get it working. I tried to encrypt some text using the code from http://www.delphipraxis.net/185039-lockbox-3-string-verschluesseln.html But in the line Codec.Password:=... I get an EIntOverflow exception in TSHA1_Hasher.Update (file TPLB3.SHA1.pas). As suggested in your forum, I disabled overflow-checking in this unit. The code now crashes with an ERangeError upon Codec.EncryptString in Stream_to_Base64 (unit TPLB3.StreamUtils.pas line 310) Is switching off range checking really a good idea? — ralfiii, Sep 01 '16 at 09:24
Please post some sample code that is not working. There is not enough information in your comment to work on. — Sean B. Durkin, Sep 01 '16 at 10:02
I've added the code in the original post. The code is from the delphipraxis-link in my previous comment. Simply calling the method with "someText" and "somePassword" generates the crash. — ralfiii, Sep 01 '16 at 13:31
Thanks, that works now. A few adoptions have to be made to the source ( {$R-}{$Q-} in SHA1.pas and StreamUtils.pas) to avoid range check and overflow errors, then it seems to work — ralfiii, Sep 26 '16 at 09:52
Update: I have now released LockBox 3.7.0 . It has all those fixes, supports client-supplied IV's and has project heads for D10.1 Berlin and XE8. Go to https://github.com/SeanBDurkin/tplockbox — Sean B. Durkin, Nov 17 '16 at 12:43

Which version of LockBox3 works under Delphi2010?

1 Answers1

Update

Output