DCPcrypt/de

From Lazarus wiki
Revision as of 03:03, 14 May 2017 by Jc99 (talk | contribs) (Page partly translatet into German)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Deutsch (de) English (en) español (es) suomi (fi) français (fr)

About

  • DCPcrypt ist eine Sammlung cryptographischer Komponenten für Lazarus.
  • Die Idee hinter DCPcrypt ist, daß es möglich sein muß, per "drop in" jegliche Algorithmen und deren Implementierung einfach gegeneinander auszutauschen, mit nur einem Minimum an Codeänderung.

Diese Ziel vor Augen sind alle kryptographischen Komponenten von einer, aus einer Reihe von mehreren, Basisklassen abgeleitet, TDCP_cipher für Verschlüsselungsalgorithmen und TDCP_hash für Hash-algorithmen.

  • Seit der v2.0.4-Release, unterstützt DCPcrypt auch 64-Bit-Systeme.


Status: Production/Stable
Letzte Version: v2.0.4.1

Screenshot

  • Dcp1.png
  • Dcp2.png

Autor

Beitragende

Lizenz (eng.)

The MIT License

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Download

Die letzte 'stable release' kann auf Lazarus-CCR Files heruntergeladen werden.

Abhängigkeiten / Systemerfordernisse

Seit v2.0.4 lässt es sich mit FPC 2.4.1 (und höher) kompilieren und ist unter 32-bit & 64-bit Linux und 32-bit Windows getestet.

Quelltext

Seit März 2010, wird der DCPCrypt-Quellcode als Teil des Lazarus-CCR Projekt auf SourceForge.net gehostet.

DCPCrypt steht in einem Git-Repository bereit. Um den letzten Stand des Quelltexts aus dem Archiv zu die folgenden Befehle in der Kommandozeile ausführen. Für weitergehende Informationen über Git siehe auch Git Mirrors.

 git clone git://lazarus-ccr.git.sourceforge.net/gitroot/lazarus-ccr/dcpcrypt
 git clone http://git.code.sf.net/p/lazarus-ccr/dcpcrypt lazarus-ccr-dcpcrypt


Dannach führt man weitere Updates durch mit:

 git pull

Installation

Seit dem v2.0.4-Release ist DCPCrypt in zwei Pakete aufgeteilt:

dcpcrypt.lpk 
Dies ist ein Nur-Laufzeit-Paket und nur den GUI-unbelasteten Kern-Code. Man kann diese Packet für Konsolen-Programme und andere nicht-LCL Projekte (z.B: für fpGUI oder MSEgui basierende Projekte).
dcpcrypt_laz.lpk 
Dies ist das Design-Packet das die diversen Komponenten in der Lazarus IDE registriert und in der entsprechenden Palette zur Verfügung stellt.

Um DCPCrypt mit der Lazarus IDE zum ersten zu Mal benutzen:

  • In 'Package > Package-Datei (.lpk) öffnen', dcpcrypt.lpk öffnen und Kompilieren drücken.
  • If you want to register the DCPCrypt components with the Lazarus IDE component palette, open the dcpcrypt_laz.lpk and click Compile and then Install. Lazarus IDE will now rebuild itself.
  • Restart Lazarus IDE and you are ready to use DCPCrypt.

Usage

Please note that an appreciation of the basic principles of encryption/decryption and key management is needed to ensure the correct usage of the ciphers implemented within this package. A good introduction on this subject is provided by Bruce Schneier's "Applied Cryptography" (ISBN: 0-471-11709-9) also see the NIST publication SP800-38A for information on the block cipher chaining modes.

  • Ciphers - the basic building block of DCPcrypt, the TDCP_cipher component.
  • Block Ciphers - the base of all block ciphers, the TDCP_blockcipher component.
  • Hashes - the base of all hash algorithms, the TDCP_hash component.

See included documentation.

Encrypting using plain key

Normally, for encryption, dpcpcrypt expects keys that are hashed when they are supplied through .InitStr.

You can pass a plain string key by using .Init, e.g. like this:

var s:string;
begin
  s:='1234567890ABCDEF1234567890ABCDEF';
  DCP_3des1.Init(s[1],length(s)*8,nil);

Source: forum thread.

Bugs

If you are using DCPrijndael, be advised that key sizes that are not in the AES standard are known to produce key schedules that are not inter-operable with other Rijndael implementations. Few implementations provide the non-standard key (or block) sizes. Brian Gladman and Jeffrey Clement provide implementations (C and Python) that are known to be incompatible with DCPrijndael for non-standard key sizes. Test program provided below with comments showing the expect results:

program ctst;
{$mode objfpc}{$H+}
uses
  {$IFDEF UNIX}{$IFDEF UseCThreads}
  cthreads,
  {$ENDIF}{$ENDIF}
  Sysutils, DCPrijndael;
const
  InData: array[0..15] of byte =
    ($32,$43,$f6,$a8,$88,$5a,$30,$8d,$31,$31,$98,$a2,$e0,$37,$07,$34);
  Key1: array[0..19] of byte =
    ($2b,$7e,$15,$16,$28,$ae,$d2,$a6,$ab,$f7,$15,$88,$09,$cf,$4f,$3c,$76,$2e,$71,$60);
  Key2: array[0..31] of byte =
    ($2b,$7e,$15,$16,$28,$ae,$d2,$a6,$ab,$f7,$15,$88,$09,$cf,$4f,$3c,$76,$2e,$71,$60,
     $f3,$8b,$4d,$a5,$6a,$78,$4d,$90,$45,$19,$0c,$fe);
  OutData1: array[0..15] of byte =
    ($23,$1d,$84,$46,$39,$b3,$1b,$41,$22,$11,$cf,$e9,$37,$12,$b8,$80);
  OutData2: array[0..15] of byte =
    ($1a,$6e,$6c,$2c,$66,$2e,$7d,$a6,$50,$1f,$fb,$62,$bc,$9e,$93,$f3);
var
  Cipher: TDCP_rijndael;
  Block: array[0..15] of byte;
begin
// lengths:  block = 16 bytes, key = 20 bytes
// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160
// input   = 3243f6a8885a308d313198a2e0370734
// encrypt = 231d844639b31b412211cfe93712b880
// decrypt = 3243f6a8885a308d313198a2e0370734
  Cipher := TDCP_rijndael.Create(nil);
  Cipher.Init(Key1, Sizeof(Key1) * 8, nil);
  Cipher.EncryptECB(InData, Block);
  writeln('128-bit block & 160-bit key results:');
  writeln(boolean(CompareMem(@Block, @OutData1, 16)));
  Cipher.DecryptECB(Block, Block);
  writeln(boolean(CompareMem(@Block, @InData, 16)));
  Cipher.Free;
// lengths:  block = 16 bytes, key = 32 bytes
// key     = 2b7e151628aed2a6abf7158809cf4f3c762e7160f38b4da56a784d9045190cfe
// input   = 3243f6a8885a308d313198a2e0370734
// encrypt = 1a6e6c2c662e7da6501ffb62bc9e93f3
// decrypt = 3243f6a8885a308d313198a2e0370734
  Cipher := TDCP_rijndael.Create(nil);
  Cipher.Init(Key2, Sizeof(Key2) * 8, nil);
  Cipher.EncryptECB(InData, Block);
  writeln('128-bit block & 256-bit key results:');
  writeln(boolean(CompareMem(@Block, @OutData2, 16)));
  Cipher.DecryptECB(Block, Block);
  writeln(boolean(CompareMem(@Block, @InData, 16)));
  Cipher.Free;
end.

The output that freepascal 2.2.0 produces is:

 128-bit block & 160-bit key results:
 FALSE
 TRUE
 128-bit block & 256-bit key results:
 TRUE
 TRUE

What this meas is that using 160-bit keys you can only decrypt the output with DCPrijndael, but it won't work with other implementations. On the other hand, 256-bit keys are interoperable. The 160-bit case is important because SHA-1 outputs 160-bit hashes, which makes it a convenient way to generate a key from a password, so it's used by some (hardware) systems.

External links