问题
My application sends encrypted files over the internet, I need to be able to do the following:
- (Client side Delphi 2010): Encrypt files using public key shipped with my application & upload it to server
- (Server side PHP): Decrypt the uploaded file using my private key stored on server
- (Work on the uploaded file...)
Sounds simple but I can't find any reliable code/component, I found these components:
- DCPcrypt. This is what I'm using right now in development but doesn't seem to support keypair-based encryption (RSA?) 
- GnuPgp (GPL) so I can't use it on my commercial app. 
- TurboPower LockBox 3: does support keypair encryption but very cryptic (no documentation AFAIK) and doesn't seem to support file encryption. 
My question is: is there a secure / reliable encryption component that:
- Achieve what I described above (ie. keypair encryption)
- Can be decrypted using PHP
- Works on large files/streams
- (Dreaming here!) Has a simple delphi/php demo that shows how to do this? :)
- FOSS solutions only please, I'm already wayyy over budget :)
回答1:
I would go with OpenSSL.
PHP seems to have plenty of support for it, though I haven't actually tried it:
For example the manual and an example here.
Delphi can be made to work well with OpenSSL with a little work, using stuff I've mentioned on here numerous times: http://www.disi.unige.it/person/FerranteM/delphiopenssl/. Some good examples on that page too. And take a look at the Indy OpenSSL imports.
Not specific components but definitely free, flexible and with full possibilities for shooting yourself, security-wise, in the foot :-)
EDIT:
For Delphi I would consider using the EVP_Seal* functions and you can find my version of a cut down libeay32.pas file in this SO answer. You ned this as Indy doesn't surface or implement much/any of the actual EVP_ functions so you need to import the function declarations and a few other routines.
For PHP this link seems the right counterpart.
As a bonus, this should give you an idea of how to use the EVP_Seal* stuff (non-tested):
function EVPSeal(ASource: TBytes; const APublicKey: PEVP_PKEY; out Key: TBytes; out IV: TBytes): TBytes; 
var
  cipher: PEVP_CIPHER;
  ctx: EVP_CIPHER_CTX;
  buf: TBytes;
  block_size, buf_start, out_len, keysize: integer;
  ek: array[0..0] of PByte;
  ekl: array[0..0] of integer;
  pubk: array[0..0] of PEVP_PKEY;
begin
  keysize := EVP_PKEY_size(APublicKey);
  cipher := EVP_aes_256_cbc;
  SetLength(IV, EVP_MAX_IV_LENGTH);
  SetLength(Key, keysize);
  ek[0] := @Key[0];
  pubk[0] := APublicKey;
  buf_start := 0;
  EVP_CIPHER_CTX_init(@ctx);
  try
    EVP_SealInit(@ctx, cipher, @ek[0], @ekl, @IV[0], @pubk[0], 1);
    block_size := EVP_CIPHER_CTX_block_size(@ctx);
    SetLength(buf, Length(ASource) + block_size);
    SetLength(Key, ekl[0]);
    EVP_SealUpdate(@ctx, @buf[buf_start], out_len, @ASource[0], Length(ASource));
    Inc(buf_start, out_len);
    EVP_SealFinal(@ctx, @buf[buf_start], out_len);
    Inc(buf_start, out_len);
    SetLength(buf, buf_start);
    result := buf;
  finally
    EVP_CIPHER_CTX_cleanup(@ctx);
  end;
end;
回答2:
Ah, crypto. There is a saying about a programmer that knows little crypto being far more dangerous than one that knows none.
On a really similar vein, I spent quite some time trying to find a way to do digital XML signatures using open source. I only managed to get so far before buckling up and getting a rock solid third party library. It is not cheap in the pure monetary sense, but one of my best investments so far.
(True story: I actually got into a little flamewar with the author of this library that even got deleted from the comments. Alas, I ended up buying from him. Go figure.)
来源:https://stackoverflow.com/questions/10706320/secure-keypair-encryption-solution-in-delphi-php