On 2011-11-05 19:13, epidata-list@lists.umanitoba.ca wrote:
Greetings,
I am implementing an application that has to import .REC files, including encryption fields. EpiData documentation says the encryption used is AES/Rijndael, and nothing more. That information is not sufficient, unfortunately. Therefore I would like to ask:
(1) What is the keylength used?
(2) What is the cipher mode of operation used?
(3) If the cipher mode is ECB or CBC, what kind of padding is used?
(4) Is an initialization vector or salt used? (I guess none, since EpiData creates the same encrypted text in the first line of the .REC file, whenever the same password is used).
Probably these questions should be answered by a technical person, i.e. EpiData developer.
Thank you in advance,
Theodore Lytras
Dear Theodore
The encryption in EpiData is done using the DCPCrypt library from: http://www.cityinthesky.co.uk/opensource/dcpcrypt We have used version 1.x which has a differnt IV than most AES implementations. I'll get back to this below.
In the header of the .rec file the password is stored between the "~KQ:" and ":KQ~" marks. This password is stored as base64 encoded string, encrypted using AES with a SHA1 of password. Cipher mode is CFB 8-bit blocks.
Perhaps the best way to illustrate is though the piece of code we use: S := Base64DecodeStr(EncryptedString); // First Base64 decode Decrypter := TDCP_rijndael.Create(nil); // Create rijndael decrypter DeCrypter.InitStr(Password, TDCP_sha1); // Initialize the rijndael algo. with a SHA1 hash of the password entered DeCrypter.DecryptCFB8bit(S[1], S[1], Length(S)); // Decrypt the read string using CFB mode. DeCrypter.Reset; // Reset the algo. Result := (CompareText(Password, S) = 0); // Compare entered text with read text.
Then decrypting the records is done using the same technique (maintaining the same IV): Base64 decode -> Decrypt CFB 8-bit -> Reset IV.
I hope this helps.
Kind regards, Torsten Bonde Christiansen. EpiData Association.