Cryptoapi delphi
If the "encrypted" hash matches the hash of the original message, you know the message has not been altered, and was sent by the person with the private key. The following pseudo-code represents the signing algorithm:. Strictly speaking, when "signing" a message:. This same mechanism can be used to accomplish what you want. Except you don't care about hashes, you just want to encrypt some small amount of data:.
We are searching data for your request:
Upon completion, a link will appear to access the found materials.
Content:
Cryptlib coding samples written in Delphi®
Toggle navigation codeverge. Security of Delphi remoting frameworks. Someone asked this thread so let's start. Would you rely on them to transmit your customers' sensitive data? Could an expensive development tool deliver so little today from a security point of view, especially now data breaches can be very costly both in monetary and reputation terms? Why Delphi doesn't offer a good cryptographic library, preferably wrapping CryptoAPI on Windows because this way fixes and updates are automatically delivered, nor complex alorithms need to be reimplemented from scratch and OpenSSL or the like on other systems?
And why then don't build on it proper security into its frameworks? Real security is no longer optional. Systems becomes more and more interconnected, often remoted, and "gateways" are more and more difficult to control due to the mobile devices and wireless network available, often outside your control but where your customer data will transit.
Real end-to-end security is a first class requirement today. Could Delphi lag behind, and offer too little, especially at its premium price against competition? Should Embarcadero assign more resources to ensure Delphi applications can stand a real scrutiny from a security perspective? Do you feel you need them, or do you believe you can do without?
Or do you just use third party frameworks, and Delphi should just dump its ones and save resources to develop something else? See related articles to this posting. Let me preface this by saying I would pretty much never use DataSnap because I prefer server side scripting solutions.
SSL is industry standard. NET server side. In my view that is also a wise choice. I would advocate against a binary protocol unless it was already an industry standard.
HTTP also supports gzip compression which is industry standard and reduces the inefficiencies of using a text transport format. NET on the server side. Jail all of them, damned terrorists! And if Delphi used CryptoAPI it wasn't exporting any encryption at all, at most they could arrest Ballmer or Nadella, if that was the main concern. Also you mean that Interbase encryption is fake because "it almost impossible -- and extremely risky -- to ship encryption outside of US borders"?
And thereby Embarcadero is lying to its customer because there's no real encryption in Interbase? But you're right, today using NSA approved cryptographic technology is very risky for non US citizens and company, there's a big chance there are built-in backdoors to snoop data It forces you to use a web server. There are situation when this is not an option. You have a client calling a server. The server can't call the client. Callbacks needs to use hacks like leaving an HTTP request pending.
And to identify client, you also need client certificates. In an AD domain you can use it to deliver certificates and manage them, without, it's a manual management. A self-signed certificate is fake security - you'd need one clients could trust really. Sometimes is is, sometimes it is not.
JSON, like all the data exchange protocols that use a string format, is heavy and verbose. Just a little less than XML, but still heavy and verbose when you need to move a lot of binary data. If for some kind of applications, i. In a fast LAN endpoints may wish to quickly transfer large data while both using Datasnap. Being forced to transform data back and from an intermediate character based format looks very silly to me.
I understand someone believes the string is the ultimate format for every kind of data, but I'm old school, and when I transfer binary data, I prefer to transfer them in their native format, especially when both endpoints know it and don't need any conversion.
Even the designer of HTTP where not so stupid to make it transfer textual data only - HTTP can transfer pure binary data without requiring any special encoding.
Also I need true bidirectional capabilities for server-to-server communication. Mine are not "web applications".
It works perfectly on TCP directly. Sure, you can't rely on someone else webserver to implement it for you. Moving my python web server code to either node or go I'm also not using it for mobile because people still can't sign their apps weeks later for the store.
I'll continue to use delphi for what its good at. VCL desktop apps. I wish now that i hadn't upgraded to enterprise and instead spent that money on something more useful. I know there are alternatives. This thread is not abou them - and some people may be tired to pay for Delphi features that can't be used Several security pattern, to be exact.
Has proxy support been exposed in Datasnap? Does the implementation of filters still have a performance issue? Is there an industry standard binary protocol that could be implemented? I looked at some other middle ware implementations and they appeared to be using their own custom binary formats. However, binary data transfers can be accomplished out of band with in band message coordination which is what I would do with HTTPS Datasnap as well.
Love the sarcasm, BTW. It's so grown up. I believe you're missing much more. When those rules were in place, many application outside US - i. There's actually no difference if your database encrypts data or your application does it. Of course the Interne t made trying to limit it pretty useless, and Internet commerce does require strong encryption to work or nobody trust it and that's one of the stronger reason those limits were lifted. Moreover most algorithms are public, thereby there's very little to protect.
Sure, when you download you have to tell you're not in North Korea or Iran, but that's all. And about the NSA, it's not sarcasm. Our business skyrocketed since outside US a lot of people no longer trust US companies to protect their data, and found you don't only have to defend from your "historical" enemies, but from those you though were on your side too Easy there. I thought we were trying the no sniping thing, at least in this thread.
It's a fair question, but Nick also gave a fair answer. Export restrictions have been relaxed, but are still in place. I was wrong, I guess. They are, but they don't concern security any more. There are countries that impose limits on security, but I haven't found any up-to-date list of those.
NET provides bit security out-of-the-box, so I suppose using the security features of. I would also like to see Delphi to support crypto out of the box. Otherwise it's generally a higher level protocol incl.
We have been considering Delphi support for a long time. Embracing the existing C implementation will be the most probable solution, but I think the native Delphi one would be the most desirable. Current market situation has not enabled to start the development for Delphi, at least not yet.
The C stack is using openssl, so wrapping that would be the cross-platform solution, if done today. Anyway, Having a cross-platform crypto library out of the box, would indeed help, should we go for a native Delphi implementation. Thanks for the heads up. The current state of import and export restrictions is still a legal minefield.
I don't understand the problem with them wrapping another well known library. You yourself suggested they wrap Microsoft's. Please don't use hyperbole. It's an industry standard protocol which has the security mechanisms you were looking for. You need a sound, well tested library. Minefield is an hyperbole as well. It looks you may need to register via a webform sending a PDF I'm sure in the area around San Francisco should not be difficult to get a legal expert about how to do it We just send some appliance around the world which do include encryption No, wrapping a well known library is a good idea, reinventing the wheel in such a field require highly skilled personnel.
If they wrap the OS native library, even better, because you get automatic updates. As long as you use a correctly configured web server with a real certificate you get reasonable security especially if you don't need client authentication and impersonating the client on the server.
Otherwise you don't really get security.
Microsoft CryptoAPI
Or do I need a higher version of Delphi to make it work? Thanks very much in advance, Carmen. This doesn't give us any useful information. If CryptAcquireContext fails, you are supposed to call GetLastError to retrieve the error code, this might give you and us an indication why it fails. Danny, In hexadecimal it is 0x -- is this less strange? The error code returned after CryptAcquireContext is:
Subscribe to RSS
Mega Search Make a donation. News Group: borland. I found something called Wcrypt2. But the program failed right after calling CryptAcquireContext. Or do I need a higher version of Delphi to make it work? Thanks very much in advance, Carmen. Vote for best question. Thanks Danny, The.
Delphi & CryptoAPI - how to calculate HMAC-SHA512 hash?
View Thread The following is the text of the current message along with any replies. I have looked at "affordable" third-party encryption toolkits e. None is FIPS validated - allegedly due to high cost of obtaining such validation. Thus, using CryptoAPI is a logical choice.
расчет контрольной суммы файла функцией md5
Toggle navigation codeverge. Security of Delphi remoting frameworks. Someone asked this thread so let's start. Would you rely on them to transmit your customers' sensitive data? Could an expensive development tool deliver so little today from a security point of view, especially now data breaches can be very costly both in monetary and reputation terms? Why Delphi doesn't offer a good cryptographic library, preferably wrapping CryptoAPI on Windows because this way fixes and updates are automatically delivered, nor complex alorithms need to be reimplemented from scratch and OpenSSL or the like on other systems?
Компоненты для Delphi/C++Builder ~ Components for Delphi/C++Builder 6
Thanks in advance Robert Marquard Delphi Developer. I think the consensus is that the NSA key, although it may be a number of different things, is not a back door. From the document you referenced: "Microsoft has two keys, a primary and a spare. The Crypto-Gram article talked about attacks based on the fact that a crypto suite is considered signed if it is signed by EITHER key, and that there is no mechanism for transitioning from the primary key to the backup. It's stupid cryptography, but the sort of thing you'd expect out of Microsoft. One, that the backup key is just as Microsoft says, a backup key.
Questions tagged [cryptoapi]
It is a set of dynamically linked libraries that provides an abstraction layer which isolates programmers from the code used to encrypt the data. CryptoAPI supports both public-key and symmetric key cryptography, though persistent symmetric keys are not supported. It includes functionality for encrypting and decrypting data and for authentication using digital certificates.
An electronic signature is designed to generate and use unique, within the internal document of the Institute of Aviation Technology and Management, digital key pairs public and private to link this to a particular key owner student or employee of the signing and verification of electronic rights of authorship documents. Developed reference systems. Technical information. In all the possible alterations on the program, please contact the post office.
Hi there! This is my code in Outsystems: it's stated that enters should be included when generating the signature. But I'm getting a different one: Any idea what I'm doing wrong? Is he ignoring the 'enters' in my string? Greetings, Niels F. Using python with the below code I am able to replicate the first couple of signatures but not the last :. You'll need to use Chr 13 to separate the lines instead of the built-in editor new line.
I'd like to AES encrypt a string in Delphi with a password. I'd like to upload this to my server and be able to decrypt given the same password in C. How can I decrypt the resulting string in C? I can change the Delphi code.
the very good piece
I had a similar situation. I soared for a long time over how to get out of the water dry. A friend said one decision, only something I rushed so abruptly to change everything that was acquired by back-breaking labor. Decided to be patient for now, to take a closer look? how it turns. What can I say? water wears away the stone. That's really, really so. I advise the author not to be sad. How is it in the song? "whole life ahead".
What words ... Great, a magnificent thought