Root > Reference > All Functions > TwofishEncrypt

Procedure TwofishEncrypt

Previous pageReturn to chapter overviewNext page   

Encrypts "clear text" data by using Twofish cipher.







Code (Delphi)

procedure TwofishEncrypt(

const AKey: TTwofishKey;

const AData: Pointer;

out AEncryptedData: Pointer;

var ADataSize: Cardinal;

const AInitVector: PTwofishInitVector = nil

); overload;


function TwofishEncrypt(

const AKey: TTwofishKey;

const AData: RawByteString;

const AInitVector: PTwofishInitVector = nil

): RawByteString; overload;



AKey [in]

A key for encryption. Comes from TwofishDeriveKey function or TwofishInitKey function.


AData [in]

A data to encrypt. Data will be padded with PKCS#5.


AEncryptedData [out]

An encrypted AData's data. Must be deleted with FreeMem function (but we recommend to use SecureFree function instead). Will have different size from AData. Data is returned in little-endian format.


ADataSize [in, out]

On input: size of AData.

On output: size of AEncryptedData (will be different).


AInitVector [in, opt]

An optional initialization vector (IV) from TwofishInitIV function.


Default is nil - which means using ECB encryption mode (not recommended).


Specified (non-nil) value means using CBC encryption mode.


AData [in]

String "clear text" data to encrypt. Data will be padded with PKCS#5.


Return value

Encrypted AData's data in a string form. Data is returned in little-endian format.



This function encrypts data passed in AData parameter with key of symmetric Twofish cipher and outputs encrypted data back to AEncryptedData parameter. AEncryptedData expected to have different size from original AData. In other words, symmetric encryption with Twofish does change the size of the data.


The overload variant with RawByteString encrypts AData parameter and outputs encrypted data as function's result.



Zero-filled IV is not the same as not specified IV. Not specified IV means using ECB mode. Specified IV means using CBC mode (even if IV is empty/zero filled).



TwofishEncrypt/TwofishDecrypt use PKCS#5 filling scheme for both ECB and CBC modes. That is: data size will be increased (during encryption) to closest block boundary (block size is 16 bytes/128 bit), the unused space (padding) will be filled with its own size (e.g. 1..16). If source data size is exactly N * 16 bytes, then one full block (16 bytes) will be added (and filled with byte = 16). On decryption data size will be simply decreased by a value specified in the last byte.


See also

Send feedback... Build date: 2022-03-28
Last edited: 2022-03-28
The documentation team uses the feedback submitted to improve the EurekaLog documentation. We do not use your e-mail address for any other purpose. We will remove your e-mail address from our system after the issue you are reporting has been resolved. While we are working to resolve this issue, we may send you an e-mail message to request more information about your feedback. After the issues have been addressed, we may send you an email message to let you know that your feedback has been addressed.

Permanent link to this article: