Encryption of a string

kbmMW Professional and Enterprise edition contains multiple cipher and hash algorithms. This short blog post shows how to use them to encrypt a string or binary data.

kbmMW bundles AES/Rijndael, Twofish, Blowfish, Misty, RC2, RC4, RC5, RC6, Tea, Serpent, Mars, IDEA, ICE, DES, 3DES, CAST128 and CAST256 encryption algorithms.

The currently most widely used algorithm around is AES so lets use that to encrypt a string.

function EncryptValue(const AValue:string; 
  const AKey:string):string;
var
   aes:TkbmMWCipherAES;
begin
   aes:=TkbmMWCipherAES.Create(nil);
   try
     aes.InitString(AKey,TkbmMWHashSHA256);
     Result:=aes.EncryptString(AValue);
   finally
    aes.Free;
 end;
end;

It is as simple as that.

However there are many options one can choose for how the encryption shall take place, amongst others, how the string key should be converted to something that can be used for encryption, and because all encryption algorithms works on blocks of bytes, how UTF16 (unicode) strings should be converted to bytes upon encryption.

The InitString method defineds what key to use (in this case a Unicode string that is automatically converted to UTF8 before use, and that is then hashed using the SHA256 hashing algorithm, which is the defacto standard way to prepare keys for general AES encryption.

However to make things harder to break, you could use a different hashing algorithm, because most encryption breakers assume that your key is hashed using SHA256. Just make sure to use another hashing method that also outputs 256 bit keys and that is considered a strong hash.

However a better way to confuse encryption breaking, is to add a salt to your key.

The salt is a bit of information that is only known by you and the other end. It can be a machine ID, a pin code or something else that both sides knows about.

So if your key would be THIS IS MY WEAK KEY, you could salt it which would add some technical stuff to the start of it, making it more difficult to break, because now two things needs to be known to be able to guess your key.

A salt is typically an application and installation specific thing, so one instance of an installed server application will have its own unique salt, that all its clients also needs to know about. You could even give each client his own personal salt, as long as you are able to manage that on the server.

A stupid example could be to salt with the external IP address a client is approaching the server with.

Then when the user logs in via one client, the data will be encrypted differently to when the client logs in via another client.

kbmMW supports adding salt to a key via the InitString/InitBytes methods.

Kim/C4D

2 thoughts on “Encryption of a string”

    1. Hi, It is safe to use the cipher and hashing classes within threads. However only one thread at a time can use the instance. So if you have multiple threads running, give each thread its own instance of the cipher component and it will be able to use it without problems..

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s