Encrypting and decrypting data

Using the cryptography functions, you can hash and/or encrypt your text for security purposes.

Hashing methods

These methods support the following algorithms are supported via the the Crypto.HashAlgorithms enumeration:

Algorithm

Hash

HMAC

PBKDF2

CRC32

MD5

SHA1

SHA256

SHA512

SHA2_256

SHA2_512

SHA3_256

SH3_512

Note

There are also MD5, SHA1, SHA2_256, SHA2_512, SHA3_256, SHA3_512 functions methods but these methods produce different results than using the Hash, HMAC or PBKDF2 with the algorithms of the same names.

Encryption and decryption methods

There are also methods for public/private key encryption:

DER

Used for interoperability with other libraries:

Tip

There is also a GenerateRandomBytes method that generates a random number of bytes in a way that is even more random than traditional means.

Usage

This code calculates the hash of the supplied text using SHA256:

Var value As String
value = Crypto.SHA256("DataToEncrypt")

RSA Public key encryption

With Public Key Cryptography there are two keys: a public key and a private key. The person who wants to receive an encrypted message generate both of these keys. This can be done in Xojo using the Crypto.RSAGenerateKeyPair function:

Var privateKey As String
Var publicKey As String
If Crypto.RSAGenerateKeyPair( 1024, privateKey, publicKey ) Then
  // 1024-bit private and public keys
  // were generated
End If

The private key is not shared with anyone. The public key can be shared with anyone. To make the public key more presentable, converting it to Base64 is a good idea:

viewablePublicKey = EncodeBase64(publicKey)

So if you created both a private and public key and shared the public key, others can now create encrypted messages that only you will be able to decrypt. These people create the encrypted message for you by encrypting it using the public key:

Var publicKey As String = DecodeBase64(PublicKeyArea.Text)
Var textMessage As String = "Top-secret message."
Var msg As MemoryBlock
msg = textMessage
// Encrypt msg using the publicKey
Var encryptedData As MemoryBlock = Crypto.RSAEncrypt( msg, publicKey )
If encryptedData <> Nil Then
  MessageBox("Successfully encrypted.")
End If

This encrypted message can be sent to you, although again converting it to Base64 can make it simpler to send:

Var msgToSend As String = EncodeBase64(encryptedData)

When you receive the message, you can decrypt it using your private key:

encryptedData = DecodeBase64(encryptedMsg)
Var decryptedData As MemoryBlock = Crypto.RSADecrypt( encryptedData, privateKey )
Var msg As String = decryptedData
MessageBox(msg)

Keep in mind that these “messages” that are being encrypted have to be pretty short (usually just a couple hundred characters, but it depends on the number of bits you use to create the keys).

So typically you use the messages to communicate a “secret key” of some kind that can be used to decrypt an actual message that was encrypted using some other technique (such as AES).

As an example, here is how two people might send a large amount of encrypted data using an encrypted database: 1. Julie creates a SQLite database, adds data to it and encrypts it using a secret password.

  1. Paul creates an RSA Public/Private key pair and gets the Public key to Julie.

  2. Julie encrypts the secret password using the Public Key from Paul to get an encrypted message that she sends to Paul.

  3. Paul can decrypt the message from Julie using his Private Key to get the secret password.

  4. Julie sends the encrypted database to Paul.

  5. Paul accesses the database using the secret password he previously decrypted.

This is secure because the database cannot be accessed by anyone that does not have the secret password and only the person with the RSA Private Key pair for the Public Key used to encrypt the secret password will be able to decrypt it to access the database.

There is more to RSA encryption, including padding techniques that further improve security. You can learn more about RSA from its Wikipedia topics.

See also

Crypto module