kbmMW Professional and Enterprise edition contains multiple cipher and hash algorithms. This short blog post shows how to use them to encrypt a string or binary data.
kbmMW bundles AES/Rijndael, Twofish, Blowfish, Misty, RC2, RC4, RC5, RC6, Tea, Serpent, Mars, IDEA, ICE, DES, 3DES, CAST128 and CAST256 encryption algorithms.
The currently most widely used algorithm around is AES so lets use that to encrypt a string.
function EncryptValue(const AValue:string; const AKey:string):string; var aes:TkbmMWCipherAES; begin aes:=TkbmMWCipherAES.Create(nil); try aes.InitString(AKey,TkbmMWHashSHA256); Result:=aes.EncryptString(AValue); finally aes.Free; end; end;
It is as simple as that.
However there are many options one can choose for how the encryption shall take place, amongst others, how the string key should be converted to something that can be used for encryption, and because all encryption algorithms works on blocks of bytes, how UTF16 (unicode) strings should be converted to bytes upon encryption.
The InitString method defineds what key to use (in this case a Unicode string that is automatically converted to UTF8 before use, and that is then hashed using the SHA256 hashing algorithm, which is the defacto standard way to prepare keys for general AES encryption.
However to make things harder to break, you could use a different hashing algorithm, because most encryption breakers assume that your key is hashed using SHA256. Just make sure to use another hashing method that also outputs 256 bit keys and that is considered a strong hash.
However a better way to confuse encryption breaking, is to add a salt to your key.
The salt is a bit of information that is only known by you and the other end. It can be a machine ID, a pin code or something else that both sides knows about.
So if your key would be THIS IS MY WEAK KEY, you could salt it which would add some technical stuff to the start of it, making it more difficult to break, because now two things needs to be known to be able to guess your key.
A salt is typically an application and installation specific thing, so one instance of an installed server application will have its own unique salt, that all its clients also needs to know about. You could even give each client his own personal salt, as long as you are able to manage that on the server.
A stupid example could be to salt with the external IP address a client is approaching the server with.
Then when the user logs in via one client, the data will be encrypted differently to when the client logs in via another client.
kbmMW supports adding salt to a key via the InitString/InitBytes methods.