How do you detect decryption failure? I have the following test code:
procedure TForm1.Button1Click(Sender: TObject);
var
plainms, cipherms: TMemoryStream;
tempstr: string;
begin
plainms := TMemoryStream.Create;
cipherms := TMemoryStream.Create;
try
cipherms.LoadFromFile('rwcx.ini');
Codec1.Password := '122rkdkdk';
try
Codec1.DecryptStream(plainms, cipherms);
except on E: Exception do
showmessage(e.Message);
end;
plainms.Position := 0;
SetLength(tempstr, plainms.Size * 2);
BinToHex(plainms.Memory, PChar(tempstr), plainms.Size);
showmessage(tempstr);
finally
plainms.Free;
cipherms.Free;
end;
end;
The file "rwcx.ini" is just a plain text file that does not contain encrypted data. I am using AES 256 with CBC and version 3.5 of Lockbox installed with "GetIt." I expected the plainms memory stream to be empty or an exception to be raised as decryption is guaranteed to fail. Instead I get garbage in plainms and no exception.
How do you detect decryption has failed? I must be able to detect bad passwords or corrupted input data. What am I missing?
Encryption is just a transform, in itself it has no concept of correct decryption.
One method is to create HMAC of the encrypted data and prepend that to the encrypted data and on decryption HMAC the encrypted data and compare the HMACs. Be careful to use a HMAC compare function that takes the same amount of time for matching and non-matching values.