Root > Reference > All Functions > RSAEncrypt

Procedure RSAEncrypt

Previous pageReturn to chapter overviewNext page   

Encrypts "clear text" data by using RSA cipher.

 

Unit

EEncrypt

 

Syntax

 

Code (Delphi)

procedure RSAEncrypt(

const AKey: TRSAKey;

const AData: Pointer;

out AEncryptedData: Pointer;

var ADataSize: Cardinal

); overload;

 

function RSAEncrypt(

const AKey: TRSAKey;

const AData: RawByteString

): RawByteString; overload;

 

procedure RSAEncrypt(

const AKey: TRSAKey;

var AInPlaceData: TEncryptBuffer

); overload;

 

Parameters

AKey [in]

A key for encryption. Comes from RSAGenKey function or RSALoadPublicKey function.

 

AData [in]

A data to encrypt.

 

AEncryptedData [out]

An encrypted AData's data. Must be deleted with FreeMem function (but we recommend to use SecureFree function instead). Will have different size from AData.

 

ADataSize [in, out]

On input: size of AData.

On output: size of AEncryptedData (will be different).

 

AData [in]

String "clear text" data to encrypt.

 

AInPlaceData [in, out]

On input: "clear text" buffer to encrypt.

On output: encrypted buffer (same size).

 

Return value

Encrypted AData's data in a string form.

 

Remarks

This function encrypts data passed in AData parameter with public key of asymmetric RSA cipher and outputs encrypted data back to AEncryptedData parameter. AEncryptedData expected to have different size from original AData. In other words, asymmetric encryption with RSA does change the size of the data.

 

The overload variant with RawByteString encrypts AData parameter and outputs encrypted data as function's result.

 

The overload variant with AInPlaceData encrypts data "in place".

 

Important!

Asymmetric chipers are slow. Therefore, they are not designed to encrypt/decrypt large amount of data. The usual approach is to use asymmetric chiper to encrypt/decrypt another key - a key for some symmetric cipher, and then use (fast) symmetric cipher to encrypt/decrypt large amounts of data.

 

Tip

You always use public key for encryption and private key for decryption with asymmetric cipher - and not the other way around. You should use digital signing and verification for reversed order. I.e. you sign data by using your private key and verify signature by using your public key.

 

Examples

 

Code (Delphi)

var

// (Random) symmetric key to encrypt file

TEAKey: TTEAKey;

// Asymmetric key to encrypt symmetric key

RSAKey: TRSAKey;

// Encrypted symmetric key

EncryptedKey: Pointer; DataSize: Cardinal;

// File/data to encrypt

Data: TMemoryStream;

// Wrapper for "in place" encryption

DataToEncrypt: TEncryptBuffer;

// Stream to save final result

FS: TFileStream;

begin

// Create strong random session key

// It is best to use cryptographic-quality random generator

// This key will be used to encrypt file

TEAKey := TEAInitSessionKey;

try

 

// First, encrypt symmetric key with asymmetric key

 

// FS is used twice:

// 1). To write encrypted symmetric key

// 2). To write encrypted file/data itself

FS := nil;

try

 

// Load public key from file

RSAKey := RSALoadPublicKey('C:\Test\Public.pem', rsText);

try

 // Encrypt the TEAKey key into EncryptedKey buffer

 DataSize := SizeOf(TEAKey);

 EEncrypt.RSAEncrypt(RSAKey, @TEAKey, EncryptedKey, DataSize);

 try

 // Once symmetric key is encrypted - we no longer need asymmetric key

 RSADestroyKey(RSAKey);

 

 // Now EncryptedKey of DataSize bytes holds the encrypted symmetric key

 

 // Simply store encrypted key in the encrypted file itself

 FS := TFileStream.Create('C:\Text.bin', fmCreate or fmShareExclusive);

 FS.WriteBuffer(DataSize, SizeOf(DataSize));

 FS.WriteBuffer(EncryptedKey^, DataSize);

 

 // We did not finished writing into FS yet...

 

 finally

 SecureFree(EncryptedKey, DataSize);

 end;

finally

 RSADestroyKey(RSAKey);

end;

 

// Next, encrypt the file itself

 

Data := TMemoryStream.Create;

try

 

 // Load C:\Text.txt file into Data

 Data.LoadFromFile('C:\Text.txt');

 

 // Encrypt Data in place

 DataToEncrypt.pbData := Data.Memory;

 DataToEncrypt.cbData := Data.Size;

 

 // This does not alter Data.Memory and Data.Size

 // It simply changes content of Data.Memory^

 TEAEncrypt(TEAKey, DataToEncrypt);

 

 // Data is encrypted, so save it to C:\Text.bin

 FS.CopyFrom(Data, Data.Size);

 

finally

 // Wipe memory and release stream object

 SecureFree(Data);

end;

 

finally

FreeAndNil(FS);

end;

 

// Now C:\Text.bin is ready

// It contains encrypted (random) symmetric key and encrypted data itself

// It can only be decrypted by the one having private RSA key

// See code example for RSADecrypt

 

finally

TEADestroyKey(TEAKey); // - same as SecureFree(TEAKey);

end;

end;

 

See also




Send feedback... Build date: 2018-11-26
Last edited: 2018-11-26
PRIVACY STATEMENT
The documentation team uses the feedback submitted to improve the EurekaLog documentation. We do not use your e-mail address for any other purpose. We will remove your e-mail address from our system after the issue you are reporting has been resolved. While we are working to resolve this issue, we may send you an e-mail message to request more information about your feedback. After the issues have been addressed, we may send you an email message to let you know that your feedback has been addressed.


Permanent link to this article: https://www.eurekalog.com/help/eurekalog/topic_function_eencrypt_rsaencrypt.php