encryption fields in EpiData
Greetings,
I am implementing an application that has to import .REC files, including encryption fields. EpiData documentation says the encryption used is AES/Rijndael, and nothing more. That information is not sufficient, unfortunately. Therefore I would like to ask:
(1) What is the keylength used?
(2) What is the cipher mode of operation used?
(3) If the cipher mode is ECB or CBC, what kind of padding is used?
(4) Is an initialization vector or salt used? (I guess none, since EpiData creates the same encrypted text in the first line of the .REC file, whenever the same password is used).
Probably these questions should be answered by a technical person, i.e. EpiData developer.
Thank you in advance,
Theodore Lytras
On 2011-11-05 19:13, epidata-list@lists.umanitoba.ca wrote:
Greetings,
I am implementing an application that has to import .REC files, including encryption fields. EpiData documentation says the encryption used is AES/Rijndael, and nothing more. That information is not sufficient, unfortunately. Therefore I would like to ask:
(1) What is the keylength used?
(2) What is the cipher mode of operation used?
(3) If the cipher mode is ECB or CBC, what kind of padding is used?
(4) Is an initialization vector or salt used? (I guess none, since EpiData creates the same encrypted text in the first line of the .REC file, whenever the same password is used).
Probably these questions should be answered by a technical person, i.e. EpiData developer.
Thank you in advance,
Theodore Lytras
Dear Theodore
The encryption in EpiData is done using the DCPCrypt library from: http://www.cityinthesky.co.uk/opensource/dcpcrypt We have used version 1.x which has a differnt IV than most AES implementations. I'll get back to this below.
In the header of the .rec file the password is stored between the "~KQ:" and ":KQ~" marks. This password is stored as base64 encoded string, encrypted using AES with a SHA1 of password. Cipher mode is CFB 8-bit blocks.
Perhaps the best way to illustrate is though the piece of code we use: S := Base64DecodeStr(EncryptedString); // First Base64 decode Decrypter := TDCP_rijndael.Create(nil); // Create rijndael decrypter DeCrypter.InitStr(Password, TDCP_sha1); // Initialize the rijndael algo. with a SHA1 hash of the password entered DeCrypter.DecryptCFB8bit(S[1], S[1], Length(S)); // Decrypt the read string using CFB mode. DeCrypter.Reset; // Reset the algo. Result := (CompareText(Password, S) = 0); // Compare entered text with read text.
Then decrypting the records is done using the same technique (maintaining the same IV): Base64 decode -> Decrypt CFB 8-bit -> Reset IV.
I hope this helps.
Kind regards, Torsten Bonde Christiansen. EpiData Association.
Στις Δευ 07 Νοε 2011, ο/η epidata-list@lists.umanitoba.ca έγραψε:
Dear Theodore
The encryption in EpiData is done using the DCPCrypt library from: http://www.cityinthesky.co.uk/opensource/dcpcrypt We have used version 1.x which has a differnt IV than most AES implementations. I'll get back to this below.
In the header of the .rec file the password is stored between the "~KQ:" and ":KQ~" marks. This password is stored as base64 encoded string, encrypted using AES with a SHA1 of password. Cipher mode is CFB 8-bit blocks.
[snip, snip]
I hope this helps.
Kind regards, Torsten Bonde Christiansen. EpiData Association.
Thank you Torsten, this is helpful indeed. Nevertheless, I am still not getting the same output as EpiData (using the openSSL library). Thus I have two further questions:
(1) What is the keylength used in EpiData for AES? 128, 192 or 256-bit? (2) SHA-1 has a length of 160-bit, different from the length of the key. What do you do with the extra (if 128-bit key) or missing (if 192- or 256-bit key) bits? Do you trim the key or pad it?
By the way, I guess you use a different (non-Pascal) library to implement encryption fields in the new EpiData manager. What would that be?
Regards, Theodore Lytras
participants (1)
-
epidata-list@lists.umanitoba.ca