Getting Started with IP*Works! Encrypt

Requirements: IP*Works! Encrypt

Introduction

IP*Works! Encrypt is a comprehensive suite of components for encrypting, signing, decrypting, and verifying across a multitude of standard symmetric and asymmetric algorithms.

This guide will cover the basics of each component provided in IP*Works! Encrypt. In addition, a few basic concepts involved in symmetric and asymmetric cryptography are included at the bottom of this article.

Before continuing, it is recommended to download IP*Works! Encrypt in order to follow along with this tutorial.

Contents

Symmetric Algorithms (AES, CAST, DES, 3DES, etc.)

IP*Works! Encrypt supports a variety of symmetric encryption algorithms. The simplest way to use any symmetric algorithm is through the EzCrypt component. This component provides a standard interface for all symmetric algorithms. Alternatively the toolkit contains individual components for each of the supported algorithms. The list of components supporting symmetric encryption is:

EzCrypt

The EzCrypt component provides a simple interface for using various symmetric algorithms to encrypt and decrypt. The encryption/decryption algorithm can be specified by setting the Algorithm property. By default, EzCrypt will use AES cryptography, which is functionally identical to using the AES component.

Encrypting and decrypting with EzCrypt requires specifying an input source, an output destination, and a KeyPassword.

Input

EzCrypt supports inputs from a file and from a string in memory. Setting the InputFile property to a path on disk will cause the component to read the contents of that file as input. If InputFile is not set, the component will expect the InputMessage property to contain the input data in string format.

In the .NET and Java Editions, EzCrypt also supports reading input from a stream. Calling SetInputStream will override both InputFile and InputMessage as the input source.

Output

Similar to input, EzCrypt can output to a file or to a string in memory. If the OutputFile property is non-empty, the output from encryption/decryption will be written to that file. Otherwise, the output will be availble in the OutputMessage string property. If a file already exists at the path indicated by OutputFile, you can specify whether to overwrite the existing file with the Overwrite property.

The .NET and Java Editions also support outputting to a stream via the SetOutputStream method.

KeyPassword (or Key and IV)

In order to encrypt or decrypt data the component must know the key. The easiest way to manage the key is by setting the KeyPassword property. This automatically calculates the Key and IV values using the PKCS5 password digest algorithm.

Alternativelly Key and IV may be set directly if desired. If IV is left empty, one will be automatically created when Encrypt or Decrypt is called.

Encrypting/Decrypting

Once these properties are set, simply call the Encrypt or Decrypt method.

Below is an example of encrypting and decrypting a file in C#:
Ezcrypt ezcrypt = new Ezcrypt();
ezcrypt.Algorithm = EzcryptAlgorithms.ezAES; //default

//encrypt a file
ezcrypt.InputFile = workingDirectory + "input.txt";
ezcrypt.OutputFile = workingDirectory + "encrypted.txt";
ezcrypt.Overwrite = true;
ezcrypt.KeyPassword = "encryption password";
ezcrypt.Encrypt();

//decrypt a file
ezcrypt.Reset();
ezcrypt.InputFile = workingDirectory + "encrypted.txt";
ezcrypt.OutputFile = workingDirectory + "output.txt";
ezcrypt.Overwrite = true;
ezcrypt.KeyPassword = "encryption password";
ezcrypt.Decrypt();

AES

The AES component supports symmetric encryption and decryption through Advanced Encryption Standard cryptography.

Like all symmetric encryption components, the AES component requires an input source, an output destination, and a Key and IV. For details, please refer to the EzCrypt section.

The following is an example encrypting and then decrypting a string in C#:
Aes aes = new Aes();

//encrypt a string
aes.InputMessage = "Hello World!";
aes.KeyPassword = "encryption password";
aes.Encrypt();
string encrypted = aes.OutputMessage;

//decrypt the same string
aes.Reset();
aes.InputMessage = encrypted;
aes.KeyPassword = "encryption password";
aes.Decrypt();

//Hello World!
Console.WriteLine(aes.OutputMessage);

Blowfish

The Blowfish component supports symmetric encryption and decryption with the Blowfish block cipher.

Like all symmetric encryption components, the Blowfish component requires an input source, an output destination, and a Key and IV. For details, please refer to the EzCrypt section.

The following is an example encrypting and then decrypting a string in C#:
Blowfish blowfish = new Blowfish();

//encrypt a string
blowfish.InputMessage = "Hello World!";
blowfish.KeyPassword = "encryption password";
blowfish.Encrypt();
string encrypted = blowfish.OutputMessage;

//decrypt the string
blowfish.Reset();
blowfish.InputMessage = encrypted;
blowfish.KeyPassword = "encryption password";
blowfish.Decrypt();

//Hello World!
Console.WriteLine(blowfish.OutputMessage);

CAST

The CAST component supports symmetric encryption and decryption with the CAST-128/CAST5 block cipher.

Like all symmetric encryption components, the CAST component requires an input source, an output destination, and a Key and IV. For details, please refer to the EzCrypt section.

The following is an example encrypting and then decrypting a string in C#:
Cast cast = new Cast();

//encrypt a string
cast.InputMessage = "Hello World!";
cast.KeyPassword = "encryption password";
cast.Encrypt();
string encrypted = cast.OutputMessage;

//decrypt the string
cast.Reset();
cast.InputMessage = encrypted;
cast.KeyPassword = "encryption password";
cast.Decrypt();

//Hello World!
Console.WriteLine(cast.OutputMessage);

DES

The DES component supports symmetric encryption and decryption through Data Encryption Standard cryptography.

Like all symmetric encryption components, the DES component requires an input source, an output destination, and a Key and IV. For details, please refer to the EzCrypt section.

The following is an example encrypting and then decrypting a string in C#:
Des des = new Des();

//encrypt a string
des.InputMessage = "Hello World!";
des.KeyPassword = "encryption password";
des.Encrypt();
string encrypted = des.OutputMessage;

//decrypt the string
des.Reset();
des.InputMessage = encrypted;
des.KeyPassword = "encryption password";
des.Decrypt();

//Hello World!
Console.WriteLine(des.OutputMessage);

IDEA

The IDEA component supports symmetric encryption and decryption with the International Data Encryption Algorithm block cipher.

Like all symmetric encryption components, the IDEA component requires an input source, an output destination, and a Key and IV. For details, please refer to the EzCrypt section.

The following is an example encrypting and then decrypting a string in C#:
Idea idea = new Idea();

//encrypt a string
idea.InputMessage = "Hello World!";
idea.KeyPassword = "encryption password";
idea.Encrypt();
string encrypted = idea.OutputMessage;

//decrypt the string
idea.Reset();
idea.InputMessage = encrypted;
idea.KeyPassword = "encryption password";
idea.Decrypt();

//Hello World!
Console.WriteLine(idea.OutputMessage);

RC2

The RC2 component supports symmetric encryption and decryption with the RC2 (ARC2) 64-bit block cipher.

Like all symmetric encryption components, the RC2 component requires an input source, an output destination, and a Key and IV. For details, please refer to the EzCrypt section.

The following is an example encrypting and then decrypting a string in C#:
Rc2 rc2 = new Rc2();

//encrypt a string
rc2.InputMessage = "Hello World!";
rc2.KeyPassword = "encryption password";
rc2.Encrypt();
string encrypted = rc2.OutputMessage;

//decrypt the string
rc2.Reset();
rc2.InputMessage = encrypted;
rc2.KeyPassword = "encryption password";
rc2.Decrypt();

//Hello World!
Console.WriteLine(rc2.OutputMessage);

RC4

The RC4 component supports symmetric encryption and decryption with the RC4 (ARC4) stream cipher.

Like all symmetric encryption components, the RC4 component requires an input source, an output destination, and a Key and IV. For details, please refer to the EzCrypt section.

The following is an example encrypting and then decrypting a string in C#:
Rc4 rc4 = new Rc4();

//encrypt a string
rc4.InputMessage = "Hello World!";
rc4.KeyPassword = "encryption password";
rc4.Encrypt();
string encrypted = rc4.OutputMessage;

//decrypt the string
rc4.Reset();
rc4.InputMessage = encrypted;
rc4.KeyPassword = "encryption password";
rc4.Decrypt();

//Hello World!
Console.WriteLine(rc4.OutputMessage);

TEA

The TEA component supports symmetric encryption and decryption with the Tiny Encryption Algorithm block cipher.

Like all symmetric encryption components, the TEA component requires an input source, an output destination, and a Key and IV. For details, please refer to the EzCrypt section.

The following is an example encrypting and then decrypting a string in C#:
Tea tea = new Tea();

//encrypt a string
tea.InputMessage = "Hello World!";
tea.KeyPassword = "encryption password";
tea.Encrypt();
string encrypted = tea.OutputMessage;

//decrypt the string
tea.Reset();
tea.InputMessage = encrypted;
tea.KeyPassword = "encryption password";
tea.Decrypt();

//Hello World!
Console.WriteLine(tea.OutputMessage);

TripleDES

The TripleDES component supports symmetric encryption and decryption with TripleDES, successor to the DES encryption algorithm.

Like all symmetric encryption components, the TripleDES component requires an input source, an output destination, and a Key and IV. For details, please refer to the EzCrypt section.

The following is an example encrypting and then decrypting a string in C#:
Tripledes tripledes = new Tripledes();

//encrypt a string
tripledes.InputMessage = "Hello World!";
tripledes.KeyPassword = "encryption password";
tripledes.Encrypt();
string encrypted = tripledes.OutputMessage;

//decrypt the string
tripledes.Reset();
tripledes.InputMessage = encrypted;
tripledes.KeyPassword = "encryption password";
tripledes.Decrypt();

//Hello World!
Console.WriteLine(tripledes.OutputMessage);

Twofish

The Twofish component supports symmetric encryption and decryption with Twofish, successor to the Blowfish block cipher.

Like all symmetric encryption components, the Twofish component requires an input source, an output destination, and a Key and IV. For details, please refer to the EzCrypt section.

The following is an example encrypting and then decrypting a string in C#:
Twofish twofish = new Twofish();

//encrypt a string
twofish.InputMessage = "Hello World!";
twofish.KeyPassword = "encryption password";
twofish.Encrypt();
string encrypted = twofish.OutputMessage;

//decrypt the string
twofish.Reset();
twofish.InputMessage = encrypted;
twofish.KeyPassword = "encryption password";
twofish.Decrypt();

//Hello World!
Console.WriteLine(twofish.OutputMessage);

Asymmetric Algorithms

IP*Works! Encrypt includes components for a variety of asymmetric algorithms. Each component is specifically designed with a particular asymmetric algorithm in mind. The available properties, methods, and events differ based on the applicability to the specific algorithm. Please see details about each component listed below:

RSA

The RSA component implements RSA public-key cryptography to encrypt, decrypt, sign and verify messages.

Encryption

Encryption requires an input source, an output destination, and a public key.

For input, simply set the InputFile property to encrypt the contents of a file, or the InputMessage property to encrypt a string. For output, set the OutputFile property to output to a file, otherwise the output will be available as a string via OutputMessage. The .NET and Java editions also support inputting from and outputting to a stream; simply call SetInputStream and/or SetOutputStream with the appropriate stream. The RecipientCert property should be set to a certificate containing the appropriate public key.

Once the input, output, and public key are set, simply call the Encrypt method.

The following is an example of encrypting a string in C#:
Rsa rsa = new Rsa();
Certificate cert = new Certificate(CertStoreTypes.cstPFXFile, certificateFilePath, "test", "*");
rsa.RecipientCert = cert;
rsa.InputMessage = "Encrypt me please!";
rsa.Encrypt();
String encryptedMessage = rsa.OutputMessage;

Decryption

Similar to encryption, decryption requires an input source and an output destination; however, while encryption requires a public key, decryption requires the corresponding private key.

The Certificate property should be set to a certificate with the appropriate private key for decryption. Input and output work identically to encryption; please see the encyption section for details.

Once the input, output, and private key are set, simply call the Decrypt method.

The following is an example of decrypt a string in C#:
Rsa rsa = new Rsa();
Certificate cert = new Certificate(CertStoreTypes.cstPFXFile, certificateFilePath, "test", "*");
rsa.Certificate = cert;
rsa.InputMessage = encryptedMessage;
rsa.Decrypt();
Console.WriteLine(rsa.OutputMessage);

Signing

Signing requires an input source and a private key. The InputFile or InputMessage properties should be set to the file or string containing the message. The Certificate property should be set to a certificate with the desired private key.

After specifying the input source and private key, simply call the Sign method. The HashSignature property is automatically populated with the result.

The following is an example of signing a string in C#:
Rsa rsa = new Rsa();
Certificate cert = new Certificate(CertStoreTypes.cstPFXFile, certificateFilePath, "test", "*");
rsa.Certificate = cert;
rsa.InputMessage = "sign me please!";
rsa.Sign();
string signature = rsa.HashSignature;

Verifying

Verifying a signature requires the message that was signed, the signature, and the public key that corresponds to the private key used to create the signature. The InputFile or InputMessage properties should be set to the file or string containing the signed message. The HashSignature property should be set to the signature. Then, the SignerCert property should be set to the certificate containing the appropriate public key.

After setting the input, signature, and public key, simply call the VerifySignature method. This method will return true if the verification succeeds.

The following is an example of verifying a signature in C#:
rsa.Reset();
rsa.SignerCert = cert;
rsa.InputMessage = dataToSign;
rsa.HashSignature = signature;
bool validSignature = rsa.VerifySignature();

DSA

The DSA component implements DSA public-key cryptography to encrypt, decrypt, sign and verify messages.

Signing

Signing requires an input source and a private key. The InputFile and InputMessage properties should be used to set the input to a file or string respectively. The Certificate property should be set to a certificate with the desired private key. After calling Sign, the signature will be available through HashSignature

Verifying

Verifying a signature requires the message that was signed, the signature, and the public key that corresponds to the private key used to create the signature. The InputFile or InputMessage properties should be set to the file or string containing the message. The HashSignature property should be set to the signature. Then, the SignerCert property should be set to the certificate containing the appropriate public key. After this is set, the VerifySignature method will return true if the signature is successfully verified.

Example

The following is an example signing and then verifying a signature in C#:
Dsa dsa = new Dsa();

//sign a message
Certificate cert = new Certificate(CertStoreTypes.cstPFXFile, privateCertificatePath, "test", "*");
dsa.Certificate = cert;
string dataToSign = "sign me please!";
dsa.InputMessage = dataToSign;
dsa.Sign();
string signature = dsa.HashSignature;

//verify the signed message
dsa.Reset();
dsa.SignerCert = cert;
dsa.InputMessage = dataToSign;
dsa.HashSignature = signature;
bool validSignature = dsa.VerifySignature();
Console.WriteLine(validSignature);

OpenPGP

The OpenPGP component provides an easy way to encrypt, decrypt, sign, and verify OpenPGP messages. Key management features are also supported through the use of the KeyMgr component.

Please see the Getting Started with OpenPGP guide for a complete walkthrough of OpenPGP.

SMIME

The SMIME component provides encryption, decryption, signing, and verifying functionality for MIME data.

Ecrypting

Encryption requires a public key and MIME input data. The RecipientCerts property should be populated with the certificates containing the public key for each recipient. These can be easily added with the AddRecipientCert method. Then, the Message property should be set to the input data before calling Encrypt.

The following is an example of encrypting some MIME data in C#:
Smime smime = new Smime();
Certificate cert = new Certificate(CertStoreTypes.cstPFXFile, certificateFilePath, "test", "*");
smime.RecipientCerts.Add(cert);
smime.Message = "Content-Type: text/plain \r\n here is some data \r\n --XXXXboundary text ";
smime.Encrypt();
string encrypted = smime.Message;

Decrypting

Decryption requires the private key associated with the public key used to encrypt. The Certificate property should be set to the certificate containing the appropriate private key, and the Message property should be set to the data to decrypt. Then, simply call the Decrypt method.

The following is an example of encrypting some MIME data in C#:
smime.Reset();
smime.Message = encrypted;
smime.Certificate = cert;
smime.Decrypt();
Console.WriteLine(smime.Message);

Signing

Signing requires a valid private key. The Certificate property should be set to a certificate containing a private key, and the Message property should be set to the data to sign. The preferred method of building signed messages involves including a digital certificate in the message signature. This can be accomplished by setting the IncludeCertificate property to true.

The SMIME component can sign and encrypt a message in the same step. To do this, set all of the properties required for both signing and encrypting and then call SignAndEncrypt.

Verifying

To verify a message, simply set the Message property and call VerifySignature. If a certificate is attached to the message, the component will attempt to verify the signature using the attached certificate. Otherwise, the component will attempt to verify the signature with the certificate supplied in SignerCert. If the signature cannot be succesfully verified, VerifySignature will throw an exception. If VerifySignature returns succesfully, the signature was verified.

The SMIME component can decrypt and verify a message in the same step. To accomplish this, set all of the properties requried for both decrypting and verifying and call DecryptAndVerifySignature.

Elgamal

The Elgamal component provides functionality for encryption and decryption via the Elgamal asymmetric encryption algorithm. The behavior of this component closely resembles the encryption and decryption behavior of the RSA component. However, the Elgamal component does not support certificates through the Certificate and RecipientCert properties; instead, the Key and RecipientKey properties must be used.

You can load your own keys, or simply call CreateKey to generate a new key pair. Note that CreateKey will populate the Key property, and to encrypt the RecipientKey property will need to be set to the public key.

If the data is stored in a file, set InputFile to the appropriate file path. Otherwise, set the InputMessage property to the string containing the data. The .NET and Java editions also support inputting from and outputting to a stream; simply call SetInputStream with the appropriate stream.

The following is an example encrypting and then decrypting a string in C#:
Elgamal elgamal = new Elgamal();

//encrypt a string
elgamal.CreateKey();
elgamal.InputMessage = "Encrypt me please!";
string pubKey = elgamal.Key.PublicKey;
elgamal.RecipientKey.PublicKey = pubKey;
elgamal.Encrypt();
string encryptedMessage = elgamal.OutputMessage;
string privKey = elgamal.Key.PrivateKey;

//decrypt the string
elgamal.Reset();
elgamal.InputMessage = encryptedMessage;
elgamal.Key.PrivateKey = privKey;
elgamal.Decrypt();
Console.WriteLine(elgamal.OutputMessage);

XML Signing and Encrypting

The toolkit includes two components for XML signing and encryption. XMLSig supports signing XML and verifying signatures. The XMLEncrypt component supports encrypting and decrypting XML. Both may be used together to encrypt and sign a document, or decrypt and verify a document. Please see the sections below for details:

XMLSig

The XMLSig component provides the ability to sign and verify XML.

Signing

Signing requires an input source, a set of XML elements to sign, and a certificate with a private key. If the data to sign is stored in a file, InputFile should be set to the file path. Otherwise, the InputXML property should be set to the XML data in string format. The References property should include a reference for each XML element to sign. The Certificate property should be set to a certificate with a private key.

Once these properties are set, simply call Sign. The output will be available in the file specified by OutputFile, or if no file is specified, in OutputXML.

Verifying

Verifying a signature requires an input source, calling VerifySignature, and handling the SignatureInfo event. If the data to sign is stored in a file, InputFile should be set to the file path. Otherwise, the InputXML property should be set to the XML data in string format.

Once VerifySignature is called, the SignatureInfo event will fire once for every signature that is found in the input XML, and the References property will automatically be populated. Inside the SignatureInfo event, the XMLElement property of the current reference should be set to the XML element to which the signature applies. The easiest way to do this is to use the name of the element. If there are multiple elements with the same name, you will need to use the XPath to identify the element.

The component will automatically parse the signer's certificate if it is included with the signed XML. Otherwise, the SignerCert property should be set to the certificate containing the signer's public key.

Example

The following is an example of signing and verifying a simple XML string in C#:
Xmlsig xmlsig = new Xmlsig();

Certificate cert = new Certificate(CertStoreTypes.cstPFXFile, certificateFilePath, "test", "*");
xmlsig.Certificate = cert;
xmlsig.InputXML = "<myTag>data</myTag>";
XMLSigReference reference = new XMLSigReference();
reference.XMLElement = "myTag";
xmlsig.References.Add(reference);
xmlsig.Sign();
string signed = xmlsig.OutputXML;

xmlsig.Reset();
xmlsig.InputXML = signed;

xmlsig.OnSignatureInfo += (obj, ev) =>
{
  xmlsig.References[0].XMLElement = "myTag";
};

xmlsig.VerifySignature();

XMLEncrypt

The XMLEncrypt component provides the ability to encrypt and decrypt XML using symmetric encryption. The component also allows for asymmetric encryption to encrypt the shared symmetric key.

Encrypting

Encrypting requires an input source and a symmetric key. If the data to encrypt is stored in a file, InputFile should be set to the file path. Otherwise, the InputXML property should be set to the XML data in string format. The SymmetricKey property should be set to the symmetric key used for encryption (also known as a session key). Optionally, the EncryptingAlgorithm property can be set to specify which symmetric algorithm to use. Note that the SymmetricKey must be of appropriate length according to the chosen algorithm; 128 bits for AES and 3DES, and 64 bits for DES.

To encrypt the symmetric key and send it along with the encrypted data, set the RecipientCert property to the certificate containing the recipient's public key. If RecipientCert is not set, the recipient must have prior knowledge of the symmetric key in order to decrypt the data.

Once these properties are set, simply call Encrypt. The output will be available in the file specified by OutputFile, or if no file is specified, in OutputXML.

The following is an example of encrypting an XML tag in C#:
Xmlencrypt xmlencrypt = new Xmlencrypt();

Certificate cert = new Certificate(CertStoreTypes.cstPFXFile, certificateFilePath, "test", "*");
xmlencrypt.RecipientCert = cert;
xmlencrypt.InputXML = "<myTag>data</myTag>";
xmlencrypt.EncryptingAlgorithm = "AES128";
xmlencrypt.SymmetricKey = "1234567890123456";
xmlencrypt.Encrypt();
string encrypted = xmlencrypt.OutputXML;

Decrypting

Decrypting requires an input source and either a symmetric key or a certificate with a private key. If the data to decrypt is stored in a file, InputFile should be set to the file path. Otherwise, the InputXML property should be set to the XML data in string format. If the symmetric key (or session key) was encrypted and sent along with the data, the Certificate property should be set to the certificate with the appropriate private key. Otherwise, the SymmetricKey property should be set to the shared symmetric key.

Note that the SymmetricKey property can be set in the EncryptedDataInfo event as well as in the main flow of the program. If there are multiple encrypted elements that use different symmetric keys, the SymmetricKey property will need to be updated in the EncryptedDataInfo event, which fires once for each encrypted element.

Once these properties are set, simply call Decrypt. The output will be available in the file specified by OutputFile, or if no file is specified, in OutputXML.

The following is an example of encrypting an XML tag in C#:
xmlencrypt.Reset();
xmlencrypt.InputXML = encrypted;
xmlencrypt.Certificate = cert;
xmlencrypt.Decrypt();

Console.WriteLine(xmlencrypt.OutputXML);

ECC

The ECC component supports signing and verifying through ECDSA (Elliptic Curve Digital Signature Algorithm) and computing a shared secret through the ECDH (Elliptic Curve Diffie Hellman) operation.

Signing and verifying

Signing requires a valid private key, and verifying requires the corresponding public key. For signing, the Key property should be set to an ECC key containing a private key, and for verifying the SignerKey property should be set to an ECC key containing a public key. Calling CreateKey will create a new ECC key with both public and private keys and will store it in Key. After setting Key or SignerKey, the data to be signed or verified must be specified. If the data is stored in a file, set InputFile to the appropriate file path. Otherwise, set the InputMessage property to the string containing the data. The .NET and Java editions also support inputting from and outputting to a stream; simply call SetInputStream with the appropriate stream. For signing, this is all that is required; for verifying, the HashSignature property should be set to the signature to be verified.

Once this is all set, simply call the Sign or VerifySignature methods. If signing, the public key and hash signature should be sent to the recipient. If verifying, the VerifySignature method will return true if the signature was succesfully verified and false otherwise.

The following is an example of signing a string and verifying the signature in C#:
Ecc ecc = new Ecc();

//sign a message
ecc.CreateKey();
string dataToSign = "sign me please!";
ecc.InputMessage = dataToSign;
ecc.Sign();
string signature = ecc.HashSignature;
string pubKey = ecc.Key.PublicKey;

//verify the signed message
ecc.Reset();
ecc.InputMessage = dataToSign;
ecc.SignerKey.PublicKey = pubKey;
ecc.HashSignature = signature;
bool validSignature = ecc.VerifySignature();
Console.WriteLine(validSignature);

Shared Secret

Computing a shared secret requires a public key. Set the RecipientKey property to the other party's public key, then call the ComputeKey method. The SharedSecret property will be populated with the computed secret.

DPAPI

The DPAPI component provides an easy interface for protecting data using the Microsoft Windows Data Protection API. Protected data is secured by the operating system and may be unprotected at a later time.

The data to protect should be specified by InputFile if it is stored in a file, otherwise it should be passed as a string to InputMessage. Optionally, you can set a password with the Password property. Once the input is set, simply call Protect. Once the data no longer needs to be protected, simply call Unprotect.

EzRand

The EzRand component provides multiple algorithms by which to generate random numbers or bytes.

Random Numbers

To generate a random number, simply specify the Algorithm and Min and Max properties. Then, calling GetNextInt will populate RandInt with a random number.

Random Bytes

To generate a random sequence of bytes, simply set the RandBytesLength property to the desired length and call GetNextBytes. The result will be available in the RandBytes property.

Hash

The Hash component provides an easy way to compute a hash using various algorithms.

Computing a hash requires an input source and a hash algorithm. If the InputFile component is set, the component will read the input from that file. Otherwise, the InputMessage property should contain the input in string format. Once the input is set, simply specify an algorithm with the Algorithm property and call ComputeHash. The result is available in the HashValue property.

Some of the supported algorithms are:

  • SHA-256
  • SHA-1
  • SHA-224
  • SHA-384
  • SHA-512
  • MD-5
  • HMAC-SHA1
  • HMAC-SHA256
  • RIPEMD-160
  • SHA-3-256
  • And more!

OneTimePassword (HOTP and TOTP)

The OneTimePassword component provides an easy way to generate and validate HMAC-based (HOTP) or Time-based (TOTP) One-Time Passwords.

Time-based (TOTP)

To generate a time-based one-time password, first set the PasswordAlgorithm property to paTOTP (0). Then, set the Secret property to the shared secret. Finally, specify the time interval (in seconds) by setting TimeStep and then call CreatePassword. The result will be available in the Password property.

HMAC-based (HOTP)

To generate an HMAC-based one-time password, set the PasswordAlgorithm property to paHOTP (1). Then, set the Secret property to the shared secret. Finally, specify the counter by setting the Counter property and call CreatePassword.

Password Validation

To validate a one-time password, the following properties should be specified: Password, PasswordAlgorithm, Secret, and either Counter or TimeStep, depending on the password algorithm. Then, simply call ValidatePassword which will return true if the password is successfully validated.

PBKDF

The PBKDF component provides the ability to derive a key from a password using the PBDKF password digest algorithms.

To begin, set the Password and Salt properties as inputs for the digest. Optionally, specify the KeyLength and Iterations properties for finer control over security and performance. Then, simply call CreateKey and access the new key through the Key property.

Some of the supported algorithms are:
  • HMAC-SHA1
  • HMAC-SHA256
  • HMAC-SHA224
  • HMAC-SHA284
  • HMAC-SHA512
  • HMAC-MD5
  • HMAC-RIPEMD160
  • And more!


We appreciate your feedback.  If you have any questions, comments, or suggestions about this article please contact our support team at kb@nsoftware.com.

 
 
Downloads