Recent

Author Topic: (SOLVED) LockBox 2 question  (Read 5932 times)

xinyiman

  • Hero Member
  • *****
  • Posts: 2256
    • Lazarus and Free Pascal italian community
(SOLVED) LockBox 2 question
« on: January 22, 2019, 11:57:54 am »
Hi guys, I have to use the RSA algorithm for my project. Now I found the LockBox 2 library at this url:

https://github.com/jarto/lockbox2

But at this url (https://stackoverflow.com/questions/2998885/delphi-asymmetric-encryption) I read that lockbox 2 is not secure:

"Until improved, LockBox implements only short keys and weak block ciphers. Last release in now seven years old, and in cryptography relying on old, not updated code may be dangerous. "


Can anyone tell me something about it? Thank you
« Last Edit: January 24, 2019, 10:04:34 am by xinyiman »
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

Xor-el

  • Sr. Member
  • ****
  • Posts: 404
Re: LockBox 2 question
« Reply #1 on: January 22, 2019, 12:14:54 pm »
I don't really know much about lockbox but I think there is a version 3 which supports longer keys.
By the way, are you restricted to RSA because ECC is another very good asymmetric cryptographic option much better than RSA.

xinyiman

  • Hero Member
  • *****
  • Posts: 2256
    • Lazarus and Free Pascal italian community
Re: LockBox 2 question
« Reply #2 on: January 22, 2019, 03:28:33 pm »
I'm not limited to RSA, can you tell me where to find examples for ECC that are cross-platform? Thank you
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

Xor-el

  • Sr. Member
  • ****
  • Posts: 404
Re: LockBox 2 question
« Reply #3 on: January 22, 2019, 03:59:14 pm »
I'm not limited to RSA, can you tell me where to find examples for ECC that are cross-platform? Thank you

Mormot SynCrypto contains ECC (secp256R1) and it's crossplatform https://github.com/synopse/mORMot/blob/master/SynCrypto.pas
CryptoLib4Pascal contains quite a large number of EC Curves and it is crossplatform  https://github.com/Xor-el/CryptoLib4Pascal

xinyiman

  • Hero Member
  • *****
  • Posts: 2256
    • Lazarus and Free Pascal italian community
Re: LockBox 2 question
« Reply #4 on: January 22, 2019, 06:21:41 pm »
When i install CryptoLib4Pascal return this error. Why?

ClpAsn1Objects.pas(30,3) Fatal: Impossibile trovare Generics.Collections usato da ClpAsn1Objects del pacchetto CryptoLib4PascalPackage.
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

Xor-el

  • Sr. Member
  • ****
  • Posts: 404
Re: LockBox 2 question
« Reply #5 on: January 22, 2019, 06:45:02 pm »
When i install CryptoLib4Pascal return this error. Why?

ClpAsn1Objects.pas(30,3) Fatal: Impossibile trovare Generics.Collections usato da ClpAsn1Objects del pacchetto CryptoLib4PascalPackage.

CryptoLib4Pascal has a few dependencies which was clearly stated in the README

HashLib4Pascal https://github.com/Xor-el/HashLib4Pascal

SimpleBaseLib4Pascal https://github.com/Xor-el/SimpleBaseLib4Pascal

For FreePascal v3.0.x Generics.Collections https://github.com/maciej-izak/generics.collections   (if you are using trunk or FPC 3.2.0 then you don't need this)

xinyiman

  • Hero Member
  • *****
  • Posts: 2256
    • Lazarus and Free Pascal italian community
Re: LockBox 2 question
« Reply #6 on: January 23, 2019, 09:13:30 am »
Ok, I installed correctly CryptoLib4Pascal. But now I don't know use the library. I look sample code. But for me is arabic language. Exists a little example with this simple step

1. Create public/private key

2. Encrypt simple text with public key

3. Decrypt simple text with private key

Thank you.
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

Xor-el

  • Sr. Member
  • ****
  • Posts: 404
Re: LockBox 2 question
« Reply #7 on: January 23, 2019, 12:43:07 pm »
Ok, I installed correctly CryptoLib4Pascal. But now I don't know use the library. I look sample code. But for me is arabic language. Exists a little example with this simple step

1. Create public/private key

2. Encrypt simple text with public key

3. Decrypt simple text with private key

Thank you.

There are a few things you need to understand first
1. asymmetric encryption are not suitable for encrypting large data. In practice they are used to exchange a private secret key between the two parties that will be used to symmetrically encrypt/decrypt the large data using algorithms like AES.

2. Such schemes that provides this feature are called hybrid cryptosystem https://en.wikipedia.org/wiki/Hybrid_cryptosystem. An example of such that works with ECC is ECIES.

3. Is this what you want? (ECIES)

xinyiman

  • Hero Member
  • *****
  • Posts: 2256
    • Lazarus and Free Pascal italian community
Re: LockBox 2 question
« Reply #8 on: January 23, 2019, 01:25:40 pm »
Yes, exactly what I want.
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

Xor-el

  • Sr. Member
  • ****
  • Posts: 404
Re: LockBox 2 question
« Reply #9 on: January 23, 2019, 06:48:54 pm »
Yes, exactly what I want.

Attached is a GUI Demo that does encrypts and decrypt strings using ECIES as specified.
It also has methods to export the public and private key pairs as bytearrays and to reconstruct them as Key Objects


Trenatos

  • Hero Member
  • *****
  • Posts: 535
    • MarcusFernstrom.com
Re: LockBox 2 question
« Reply #10 on: January 23, 2019, 08:35:42 pm »
I just want to throw out a recommendation for dcpcrypt, I've used it for all sorts of things both hashing and crypto, works very nicely and supports many formats.

Xor-el

  • Sr. Member
  • ****
  • Posts: 404
Re: LockBox 2 question
« Reply #11 on: January 23, 2019, 08:42:03 pm »
I just want to throw out a recommendation for dcpcrypt, I've used it for all sorts of things both hashing and crypto, works very nicely and supports many formats.

DCPCrypt does not provides options for asymmetric cryptography as specified by the original poster.

Trenatos

  • Hero Member
  • *****
  • Posts: 535
    • MarcusFernstrom.com
Re: LockBox 2 question
« Reply #12 on: January 23, 2019, 08:55:41 pm »
Crud, you're right, I should have paid more attention.

xinyiman

  • Hero Member
  • *****
  • Posts: 2256
    • Lazarus and Free Pascal italian community
Re: LockBox 2 question
« Reply #13 on: January 24, 2019, 10:04:13 am »
Xor-el you are Angel! Thank you  :)
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

Xor-el

  • Sr. Member
  • ****
  • Posts: 404
Re: LockBox 2 question
« Reply #14 on: January 24, 2019, 10:07:43 am »
Xor-el you are Angel! Thank you  :)

Glad I could help.  :)

 

TinyPortal © 2005-2018