I try lockbox3 with Delphi XE10. I want to encrypt a user's input string and compare it with a value for verification. but every time the same input string gives different encrypted result. What is my fault, please ?
here the sample code that gives this error
<UNIT CODE START>
unit Unit21;
interface
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, TPLB3.Codec, TPLB3.BaseNonVisualComponent, TPLB3.CryptographicLibrary,
Vcl.StdCtrls;
type
TForm21 = class(TForm)
Button1: TButton;
CryptographicLibrary1: TCryptographicLibrary;
Codec1: TCodec;
Label1: TLabel;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form21: TForm21;
implementation
{$R *.dfm}
procedure TForm21.Button1Click(Sender: TObject);
var s0,s1 : string;
begin
codec1.Password := 'ou[asdl[kn';
s0 := 'asdfghjkl';
codec1.EncryptString(s0,s1);
label1.caption := s1;
end;
end.
<UNIT CODE END>
<FORM CODE START>
object Form21: TForm21
Left = 0
Top = 0
Caption = 'Form21'
ClientHeight = 299
ClientWidth = 635
Color = clBtnFace
Font.Charset = DEFAULT_CHARSET
Font.Color = clWindowText
Font.Height = -11
Font.Name = 'Tahoma'
Font.Style = []
OldCreateOrder = False
PixelsPerInch = 96
TextHeight = 13
object Label1: TLabel
Left = 168
Top = 72
Width = 31
Height = 13
Caption = 'Label1'
end
object Button1: TButton
Left = 32
Top = 72
Width = 75
Height = 25
Caption = 'Button1'
TabOrder = 0
OnClick = Button1Click
end
object CryptographicLibrary1: TCryptographicLibrary
Left = 192
Top = 136
end
object Codec1: TCodec
AsymetricKeySizeInBits = 512
AdvancedOptions2 = []
CryptoLibrary = CryptographicLibrary1
Left = 200
Top = 192
StreamCipherId = 'native.StreamToBlock'
BlockCipherId = 'native.AES-256'
ChainId = 'native.CBC'
end
end
<FORM CODE END>
At first glance the problem seems that you are using CBC (Cipher block chaining) mode of AES.
It's actually not a problem, but the way CBC mode has been designed to work.
Check out this wikipedia article for more details on Block cipher mode of operation
In cryptography, a mode of operation is an algorithm that uses a block cipher to provide an information service such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation (encryption or decryption) of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.
...
In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an initialization vector must be used in the first block.
If you want to always receive the same cipher text for some plain text, you can switch to the basic ECB (Electronic Codebook) mode instead (eg. change ChainId = 'native.CBC'
to ChainId = 'native.ECB'
).
But this is not recommended, as it makes your cipher text vulnerable to some attacks. A symmetric cipher should not be used to encrypt the same plain text with the same key more than once.
That is why chaining modes of operation were introduced. They are used to "generate" a sequence of derived keys (based on the key you provided - which in your case is itself based on the password) that are used instead of the base key.
Make sure to also read this question:
If you are designing a real-world system (that will be used by other people than yourself), and you need to provide security to any part of it, invest some time in learning more about cryptography.
A good start is to take a similar course on cryptography: Cryptography I (free)