Need to share some data with another company's app and need it to be encrypted. They are looking to us to define the encryption algorithm and the shared key.
Need to share some data with another company's app and need it to be encrypted. They are looking to us to define the encryption algorithm and the shared key.
Anyone have recommendations on the encryption algorithm to use, and how to use it in Delphi? For this we are using D2010.
Thanks!
Anyone have recommendations on the encryption algorithm to use, and how to use it in Delphi? For this we are using D2010.
Thanks!
Use AES standard, you can find an implementation in SynCrypto (part of mORMot), fast and well tested. The encryption is strong and the weak link will be how you share/store the key.
ReplyDeleteI would suggest the following:
ReplyDelete- Create your key
- Hash it using SHA1
- Armor it (using Armored ASCII, like BASE64 encoding)
- Use it for encryption via AES
Same for decription.
That should give you a pretty decent protection without sacrificing practicality.
Kind Regards,
A
Random thought but why don't you leverage SSL? E.g. Implement a simple REST server over SSL and rely on the SSL encryption instead of rolling your own?
ReplyDeleteWalter Prins If you want SSL to be secure, you need to have a properly signed certificate on the server side (easy), but also a certificate-validating client, and that is very easy to get wrong (cf f.i. https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html), and if you do it wrong you're susceptible to completely automated generic exploits.
ReplyDelete