Xojo 2013 Release 4.1 added a variety of RSA encryption functions for handling public/private key encryption. Here’s how you use them.
Here is the problem: How can you send a small message to me so that only I can read it? A technique called Public Key Cryptography is commonly used for this.
RSA Public Key Encryption
With Public Key Cryptography there are two keys: a public key and a private key. Since I am the one receiving messages, I would generate both of these keys. This can be done in Xojo using the Crypto.RSAGenerateKeyPair function:
Dim privateKey As StringDim publicKey As String
If Crypto.RSAGenerateKeyPair( 1024, privateKey, publicKey ) Then // 1024-bit private and public keys were generated End If
I keep the private key to myself and do not share it with anyone. The public key is shared with you (or anyone, really). To make the public key more presentable, converting it to Base64 is a good idea:
viewablePublicKey = EncodeBase64(publicKey)
Here is a public key that I created (Base64 encoded):
The public key is used to encrypt the message. In Xojo, it is done like this:
Dim publicKey As String = DecodeBase64(PublicKeyArea.Text) Dim textMessage As String = "Top-secret message for Paul." Dim msg As MemoryBlockmsg = textMessage // Encrypt msg using the publicKey Dim encryptedData As MemoryBlock = Crypto.RSAEncrypt( msg, publicKey ) If encryptedData <> Nil Then MsgBox("Successfully encrypted.") End If
Now you have an encrypted message that you can Base64Encode and send to me:
Dim msgForPaul As String = EncodeBase64(encryptedData)
You can paste this message in an email or even put in a a public forum. No one else will be able to read it. To decrypt it, the private key is needed and only I have the private key.
Xojo code to decrypt the message looks like this:
encryptedData = DecodeBase64(encryptedMsgForPaul) Dim decryptedData As MemoryBlock = Crypto.RSADecrypt( encryptedData, privateKey ) Dim msg As String = decryptedData MsgBox(msg)
Try these examples to test sending and receiving secret messages:
RSADecryptor: Creates Public and Private Keys and decrypts messages encrypted with the Public Key
RSAEncyptor: Creates encrypted messages using a Public Key
To test this out, use RSAEncryptor with the above Public Key to leave me encrypted messages in the comments. I’ll decrypt it and post the decrypted version as a reply. Keep in mind that these “messages” that are being encrypted have to be pretty short (just a couple hundred characters to be safe). This is due to the complex mathematics involved in the generation of the data and it is way beyond anything I can understand, let alone explain. So typically this means that you do not use the above techniques for communicating lengthy messages. More typically these techniques are used to communicate another “secret key” of some kind that can be used to decrypt the actual message that was encrypted with some other technique.
For example, I could create a SQLite database that is encrypted in Xojo and then send you the database. This would be encrypted using AES-128. But how do you decrypt it to access its data since you’ll need the password to decrypt it? This is a perfect situation to use RSA to encrypt the password for the recipient to decrypt. Once they have decrypted the RSA message to get the password, it can be used to access the database. So the process for Julie to send an encrypted database to Paul is as follows:
1. Julie creates a SQLite database, adds data to it and encrypts it using a secret password.
2. Paul creates an RSA Public/Private key pair and gets the Public Key to Julie.
3. Julie encrypts the secret password using the Public Key from Paul to get an encrypted message that she sends to Paul.
4. Paul can decrypt the message from Julie using his Private Key to get the secret password.
5. Julie sends the encrypted database to Paul.
6. Paul accesses the database using the secret password he now has from step 4.
This is secure because the database cannot be accessed by anyone that does not have the secret password and only the person with the RSA Private Key pair for the Public Key used to encrypt the secret password will be able to decrypt it to open the database.
Related to all this is the concept of signatures. A signature is used so that you can validate who sent a message and that the message was not modified before it reached you.
To do this, I sign my message using my Private Key (as generated above) and provide you with both the message and the signature. You then verify everything using my Public Key.
This is how I would sign a message using Xojo:
Dim signature As MemoryBlock = Crypto.RSASign( msg, privateKey )
You would then verify the message and signature using my Public Key:
If Crypto.RSAVerifySignature( msg, signature, publicKey ) Then // msg is valid End If
The “message” can actually be any data. For example, this is essentially what you are doing when you “code-sign” an application for OS X.
Try these examples to sign and verify messages:
RSASign: Sign a message using a Private Key
RSAVerifySignature: Verify a message using a Public Key