How can I encrypt data in Delphi and in C# so that they are compatible?

Question

I'd like to encrypt some data on the client in my Delphi application in a way that is compatible with the encryption on my server. On my server, I encrypt the data using this C# code:

public class AesCryptUtils
{

    private static byte[] _salt = Encoding.ASCII.GetBytes("o6806642kbM7c5");

    /// <summary> 
    /// Encrypt the given string using AES.  The string can be decrypted using  
    /// DecryptStringAES().  The sharedSecret parameters must match. 
    /// </summary> 
    /// <param name="plainText">The text to encrypt.</param> 
    /// <param name="sharedSecret">A password used to generate a key for encryption.</param> 
    public static string EncryptStringAES(string plainText, string sharedSecret)
    {
        if (string.IsNullOrEmpty(plainText))
            throw new ArgumentNullException("plainText");
        if (string.IsNullOrEmpty(sharedSecret))
            throw new ArgumentNullException("sharedSecret");

        string outStr = null;                       // Encrypted string to return 
        AesManaged aesAlg = null;              // AesManaged object used to encrypt the data. 

        try
        {
            // generate the key from the shared secret and the salt 
            Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(sharedSecret, _salt);

            // Create a AesManaged object 
            // with the specified key and IV. 
            aesAlg = new AesManaged();
            aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8);
            aesAlg.IV = key.GetBytes(aesAlg.BlockSize / 8);

            // Create a decrytor to perform the stream transform. 
            ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);

            // Create the streams used for encryption. 
            using (MemoryStream msEncrypt = new MemoryStream())
            {
                using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
                {
                    using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
                    {

                        //Write all data to the stream. 
                        swEncrypt.Write(plainText);
                    }
                }
                outStr = Convert.ToBase64String(msEncrypt.ToArray());
            }
        }
        finally
        {
            // Clear the AesManaged object. 
            if (aesAlg != null)
                aesAlg.Clear();
        }

        // Return the encrypted bytes from the memory stream. 
        return outStr;
    }
}

How could this encryption algorithm be implemented in Delphi? The resulting encrypted data must be the same given the same inputs.

This is poor usage of AES - the IV should be randomized, whereas yours is the same every time the same "sharedSecret" is used. — Iridium, Feb 08 '12 at 17:11
So would the solution to this specific issue be that the salt is randomized? — Troy, Feb 08 '12 at 17:24
[Duplicate](http://stackoverflow.com/questions/9188045/how-to-aes-128-encrypt-a-string-using-a-password-in-delphi-and-decrypt-in-c), no? — OnTheFly, Feb 08 '12 at 18:10
Why are you asking a new question when you could have edited your previous one ( http://stackoverflow.com/q/9188045/11225 ) that is about the same problem but has the Delphi code instead of the C#? Stack Overflow is not like newsgroups. You do not (need to) keep asking the same question to get an answer or stay "on top". If necessary you can always set a bounty to encourage someone to take a deeper look (spend more time). — Marjan Venema, Feb 08 '12 at 18:11
The example in my other question got people stuck with the details of how I might implement it in Delphi. You might notice that no one really answers my question, but rather shot holes in my example code. So I decided to take another run at it. It's not a duplicate despite it's superficial similarity with my previous question. — Troy, Feb 08 '12 at 18:51
Why not just write the encryption ONCE in delphi and import it into your .Net app (load a dLL and call it.). I voted to close as duplicate because I wish you had edited and fixed your old question instead of asking a nearly identical one. — Warren P, Feb 09 '12 at 00:09
I haven't upgraded to XE2 yet. My Delphi app is 32-bit, and my C# app is 64-bit. You can't load a 32-bit dll into a 64-bit process. — Troy, Feb 09 '12 at 03:38
The lack of standardization of encryption libraries between the two platforms is making me think it's near impossible to pull this off without alot of coding and research. I'm starting to reconsider installing Delphi XE2 and building a 64-bit dll w/ my 2 functions to encrypt/decrypt given a password. — Troy, Feb 09 '12 at 15:55
So I'm totally reconsiding my original approach. I'd like to ask the community if there's an existing dll that has these 2 functions encrypt/decrypt given a password, is of a good quality, and comes in both x86 and x64 flavors. But should I ask this as a brand new question, since it's no longer Delphi or C# specific? Or would that be considered a duplicate? — Troy, Feb 09 '12 at 15:57
Found a solution! (http://stackoverflow.com/questions/9188045/how-to-aes-128-encrypt-a-string-using-a-password-in-delphi-and-decrypt-in-c) — Troy, Feb 15 '12 at 18:14

score 2 · Answer 1 · edited May 23 '17 at 11:56

2

The related questions list for your question contains this link which mentions some AES implementation for Delphi. I'm sure you can find some more and you can always use something like OpenSSL or CryptoAPI but you may need to write Delphi bindings for them yourself.

Note that as you don't pass the key directly you will need to implement the key derivation too.

edited May 23 '17 at 11:56

Community

1
1

answered Feb 08 '12 at 17:09

wRAR

25,009
4
84
97

That's a very good point, wRAR. I think the key to this question is how to implement the C# Rfc2898DeriveBytes in Delphi that takes a password and salt and results in the same key and IV bytes. – Troy Feb 08 '12 at 17:23
Found an example that's compatible with the CryptoAPI in Windows: https://gist.github.com/1833986 I'll post my working code in Delphi and C# here: http://stackoverflow.com/questions/9188045/how-to-aes-128-encrypt-a-string-using-a-password-in-delphi-and-decrypt-in-c – Troy Feb 15 '12 at 17:55

How can I encrypt data in Delphi and in C# so that they are compatible?

1 Answers1