[EpiData-list] encryption fields in EpiData

epidata-list at lists.umanitoba.ca epidata-list at lists.umanitoba.ca
Mon Nov 7 02:16:46 CST 2011

On 2011-11-05 19:13, epidata-list at lists.umanitoba.ca wrote:
> Greetings,
> I am implementing an application that has to import .REC files, including
> encryption fields.
> EpiData documentation says the encryption used is AES/Rijndael, and nothing
> more. That information is not sufficient, unfortunately.
> Therefore I would like to ask:
> (1) What is the keylength used?
> (2) What is the cipher mode of operation used?
> (3) If the cipher mode is ECB or CBC, what kind of padding is used?
> (4) Is an initialization vector or salt used?
> (I guess none, since EpiData creates the same encrypted text in the first line
> of the .REC file, whenever the same password is used).
> Probably these questions should be answered by a technical person, i.e.
> EpiData developer.
> Thank you in advance,
> Theodore Lytras
Dear Theodore

The encryption in EpiData is done using the DCPCrypt library from: 
We have used version 1.x which has a differnt IV than most AES 
implementations. I'll get back to this below.

In the header of the .rec file the password is stored between the "~KQ:" 
and ":KQ~" marks.
This password is stored as base64 encoded string, encrypted using AES 
with a SHA1 of password. Cipher mode is CFB 8-bit blocks.

Perhaps the best way to illustrate is though the piece of code we use:
       S := Base64DecodeStr(EncryptedString);             // First 
Base64 decode
       Decrypter := TDCP_rijndael.Create(nil);            // Create 
rijndael decrypter
       DeCrypter.InitStr(Password, TDCP_sha1);            // Initialize 
the rijndael algo. with a SHA1 hash of the password entered
       DeCrypter.DecryptCFB8bit(S[1], S[1], Length(S));   // Decrypt the 
read string using CFB mode.
       DeCrypter.Reset;                                   // Reset the 
       Result := (CompareText(Password, S) = 0);          // Compare 
entered text with read text.

Then decrypting the records is done using the same technique 
(maintaining the same IV):
Base64 decode -> Decrypt CFB 8-bit -> Reset IV.

I hope this helps.

Kind regards,
Torsten Bonde Christiansen.
EpiData Association.

More information about the EpiData-list mailing list