Introducing asymmetric encryption, also known as public-key cryptography, with the SynEcc Open Source unit for Delphi 5 up to Delphi 10.1 Berlin!
Introducing asymmetric encryption, also known as public-key cryptography, with the SynEcc Open Source unit for Delphi 5 up to Delphi 10.1 Berlin!
Feature set complete public/private keys generation, ECDSA certificates and digital signature, and ECIES encryption. Also works under Linux with FPC.
http://blog.synopse.info/post/2016/09/24/Public-key-Asymmetric-Cryptography-via-SynECC
Feature set complete public/private keys generation, ECDSA certificates and digital signature, and ECIES encryption. Also works under Linux with FPC.
http://blog.synopse.info/post/2016/09/24/Public-key-Asymmetric-Cryptography-via-SynECC
awesome. been waiting for something like this for a while.
ReplyDeletethanks a.b.
side question
is RSA supported by Mormot?
How well has that been tested/mitigated against things like side-channel attacks?
ReplyDeleteYou surely know about literally thousands of patents, related to ECC, don't you? And no, Wikipedia doesn't cover this topic in full.
ReplyDeleteJeroen Wiert Pluimers We implemented ECIES in a paranoid way, to ensure that Eve won't read Alice message! 😀
ReplyDeleteUgochukwu Mmaduekwe RSA is not supported since it has not perfect forward secrecy. See e.g http://www.ietf.org/mail-archive/web/tls/current/msg12266.html But we may add it if it is worth it, not for key exchange but for asymmetric encryption as with TLS 1.3.
ReplyDeleteI vote for RSA. RSA is still needed for communication with other servers, but within Delphi still lacks good implementation.
ReplyDeleteHow many eyeballs have worked on this and what's their publicly available security related track record like?
ReplyDeleteCan't find `download` link to have a look at.
ReplyDeleteSergey Kasandrov In the documentation page, "Download" link is topmost right on the page. Direct download of the unit is https://github.com/synopse/mORMot/blob/master/SynEcc.pas
ReplyDeleteFeedback is welcome, especially for code or documentation review.
If you have any doubt about the current implementation, please provide some ideas to enhance it!
Jeroen Wiert Pluimers Only a few yet, but the algorithms, patterns and the implementation have been reviewed by some security experts of the (very big) company I currently work for - this review can be only unofficial, since the company is so big it won't afford making any warranty. SynEcc only implements a few algorithm, and has its own KISS storage layout so the risk assessment is much reduced than if more complex standard system was implemented. In short, it is fully featured (it has built-in PKI), but with a "one way to do it" approach. Jacek Laskowski This is why it didn't implement RSA, which is less secure than ECC (no perfect forward secrecy), slower and uses bigger keys. Anyway, we are willing to have as many reviewers as possible - this is why I posted the link in G+!
ReplyDeleteA. Bouchez Sorry, cannot review soon - spending my time now studying quantum informatics from MIT - https://courses.edx.org/courses/course-v1:MITx+8.371x+3T2016/ . Really mind-blowing. :)
ReplyDeleteSergey Kasandrov Don't worry, I guess that SynEcc code would be a piece of cake for you - plain informatics here. ;)
ReplyDelete/sub
ReplyDelete/sub
ReplyDeleteVery nice!
ReplyDeletewrt security, the most vulnerable part in practice will likely be the certificate chain management (like for all asymmetric cryptographic), which is in the hands of users. mORMot being kinda "niche" should shield it from automated tools and exploits, but hey, if it's used by a very big company for something critical, who knows, it might draw some interest ;)