Soji 1 Posted October 21, 2020 Hi, I am looking for a Delphi AES encryption/decryption library to decrypt a text which is encrypted using power-shell script. Another application encrypts a text using power-shell and put it into a file. My Delphi application has to read the file and decrypt the string. This is the power-shell script to encrypt ( Powershell encrypt and decrypt ). I want to mimic the function fAESDecrypt() in Delphi. Anyone knows any libraries which can do this? If there is nothing out there which can do it, I am thinking about executing the power-shell from Delphi to decrypt it. I think that should be possible. Thanks in advance, Soji. Share this post Link to post
Kryvich 139 Posted October 21, 2020 mORMot has AES encryption/decryption. 1 Share this post Link to post
Kas Ob. 227 Posted October 21, 2020 DEC library will not work, as that script uses Rfc2898DeriveBytes https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rfc2898derivebytes?view=netcore-3.1 So you need PBKDF2 with HMACSHA1, both i believe supported and available in mOrMot library as Kryvich suggested. 1 Share this post Link to post
stijnsanders 22 Posted October 21, 2020 If you're interested in another alternative, I've started from the root document to make a pure-Delphi version under a permissive license: https://github.com/stijnsanders/tools/blob/master/crypto/aes.pas I also did HMAC and PKDF2 here 3 2 Share this post Link to post
Ondrej Kelle 47 Posted October 21, 2020 Also, CryptoLib4Pascal (MIT license) 3 1 Share this post Link to post
Wil van Antwerpen 8 Posted October 21, 2020 (edited) Another solution is to use LockBox / LockBox3 Note that you can install LockBox via the GetIt manager in the delphi Studio. Edited October 21, 2020 by Wil van Antwerpen 1 Share this post Link to post
Kas Ob. 227 Posted October 22, 2020 @stijnsanders That is beauty, one small step though is missing though, and it will not help the OP in his question, no IV or block modes, and i don't think Soji can add those on his own, the most beautiful thing in your library is the clean code and uses clause. @Ondrej Kelle I know CryptoLib4Pascal for long time but never used it, it is great, now i was browsing the code one thing caught my eye, i think the PKCS7 padding is wrong, as it does accept 0 byte padding and it should not, in other words you should never end up with a byte value 0 at the end, if the length of data is multiple of k then you go and add full block, i think the relation between these should be redesigned: TPaddedBufferedBlockCipher.DoFinal // does call AddPadding without handling the return value that is not a big deal, but FbufOff should be [1..k] and should never be 0, from https://tools.ietf.org/html/rfc5652#section-6.3 TPkcs7Padding.AddPadding // don't check if inOff is 0 Also i tried to run the tests and play with it, but that package is missing a file HlpIhash, either that or i am missing something. Share this post Link to post
Soji 1 Posted October 22, 2020 4 minutes ago, Kas Ob. said: no IV or block modes @Kas Ob.: I spotted the same. Thanks for pointing it out. 5 minutes ago, Kas Ob. said: that package is missing a file HlpIhash Yes. You have to use another package HashLib4Pascal from same authors. I use that package for PKDF2. 1 Share this post Link to post
Jacek Laskowski 53 Posted October 22, 2020 15 hours ago, stijnsanders said: If you're interested in another alternative, I've started from the root document to make a pure-Delphi version under a permissive license: https://github.com/stijnsanders/tools/blob/master/crypto/aes.pas I also did HMAC and PKDF2 here Maybe it is worthwhile to move the 'crypto' library to a new, separate repository? In a common, large repo it is difficult for anyone to find it 2 Share this post Link to post
ertank 16 Posted October 23, 2020 (edited) 23 hours ago, Kas Ob. said: @stijnsanders That is beauty, one small step though is missing though, and it will not help the OP in his question, no IV or block modes, and i don't think Soji can add those on his own, the most beautiful thing in your library is the clean code and uses clause. @Ondrej Kelle I know CryptoLib4Pascal for long time but never used it, it is great, now i was browsing the code one thing caught my eye, i think the PKCS7 padding is wrong, as it does accept 0 byte padding and it should not, in other words you should never end up with a byte value 0 at the end, if the length of data is multiple of k then you go and add full block, i think the relation between these should be redesigned: TPaddedBufferedBlockCipher.DoFinal // does call AddPadding without handling the return value that is not a big deal, but FbufOff should be [1..k] and should never be 0, from https://tools.ietf.org/html/rfc5652#section-6.3 TPkcs7Padding.AddPadding // don't check if inOff is 0 Also i tried to run the tests and play with it, but that package is missing a file HlpIhash, either that or i am missing something. I hope @Ugochukwu Mmaduekwe can make some comments about PKCS7 padding here. I have all below repositories and do not have problem with compilation etc. HlpIhash is part of HashLib4Pascal https://github.com/Xor-el/CryptoLib4Pascal https://github.com/Xor-el/HashLib4Pascal https://github.com/Xor-el/SimpleBaseLib4Pascal Edited October 23, 2020 by ertank Share this post Link to post
Soji 1 Posted October 23, 2020 Thanks for all the inputs. CryptoLib4Pascal worked for me. Share this post Link to post
TurboMagic 26 Posted 10 hours ago On 10/21/2020 at 7:13 PM, Kas Ob. said: DEC library will not work, as that script uses Rfc2898DeriveBytes https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rfc2898derivebytes?view=netcore-3.1 So you need PBKDF2 with HMACSHA1, both i believe supported and available in mOrMot library as Kryvich suggested. Not sure, but the hash classes support KDF2. After fixing bugs even KDF1 and 3. Share this post Link to post
Kas Ob. 227 Posted 34 minutes ago 9 hours ago, TurboMagic said: Not sure, but the hash classes support KDF2. After fixing bugs even KDF1 and 3. KDF2 implementation might be right, but i don't see the HMACSHA1 implementation, according to "Rfc2898DeriveBytes Class" https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rfc2898derivebytes?view=net-5.0 Quote Implements password-based key derivation functionality, PBKDF2, by using a pseudo-random number generator based on HMACSHA1. Does DEC library support HMAC ? i might be missing something but i don't see HMAC implementation in the library. https://en.wikipedia.org/wiki/HMAC does have the implementation explained with one test vector for HMACSHA1. Share this post Link to post