Re: encryption question

Rael wrote:
Encryption:
Input: Password P, Text T
1. S := Random (128 bits from a secure PRBG)
2. KE := HMAC(P,S + 'E')
3. KA := HMAC(P,S + 'A')
4. C := E(KE,T)
5. M := HMAC(KA,C)
6. Output CT := S + C + M

Decryption:
Input: Password P, Cipher Text CT
1. Parse CT into S,C,M
2. KE := HMAC(P,S + 'E')
3. KA := HMAC(P,S + 'A')
4. if M <> HMAC(KA,C) return Error
5. T := D(KE,C)
6. Output T

Can you provide a "key" please :)

Presuming you use StreamSec Tools 2.1, drop a TSsAES component and a TSsHash component on a form. Assign the latter to the MAC property of the former. Set the BufferSize property of the former to e.g. 65536 if you are going to process large files.

To encrypt, use this (untested):

uses
SecUtils;

var
lPW: ISecretKey;
lNonce, lMAC: OctetString;
begin
try
lPW := TSecretKey.CreateStr(PAnsiChar(aPassword),Length(aPassword));
SsAES1.SetKeyPassword(lPW,16);
lNonce := SsAES1.Param;
aDest.WriteBuffer(Pointer(lNonce)^,Length(lNonce));
SsAES1.DestinationStream := aDest;
SsAES1.EncryptStreamToDst(aSource,0);
if not SsAES1.DoneToDst then raise Exception.Create('');
lMAC := SsHash.Digest;
aDest.WriteBuffer(Pointer(lMAC)^,16);
finally
SsAES1.CleanUp;
end;
end;

To decrypt, use this (untested):
uses
SecUtils;

var
lPW: ISecretKey;
lNonce, lMAC: OctetString;
begin
try
SetLength(lNonce,16);
aSource.ReadBuffer(Pointer(lNonce)^,16);
SsAES1.Param := lNonce;
lPW := TSecretKey.CreateStr(PAnsiChar(aPassword),Length(aPassword));
SsAES1.SetKeyPassword(lPW,16);
SsAES1.DestinationStream := aDest;
SsAES1.DecryptStreamToDst(aSource,aSource.Size - 32);
if not SsAES1.DoneToDst then raise Exception.Create('');
SetLength(lMAC,16);
aSource.ReadBuffer(Pointer(lMAC)^,16);
if not SsHash.Digest = lMAC then
raise Exception.Create('Failed!!!');
finally
SsAES1.CleanUp;
end;
end;
.