Fullscreen
Loading...
 
3d browser

HomePage

Mission Statement

TurboPower LockBox 3 is a FOSS Delphi Cryptographic Library, providing efficient private key encryption, public key encryption and hashing functions.

Main Features

The main features of TPLB3 shall be:

  • The user interface shall be clean and simple. For Ciphers and Hashes, two styles shall be provided: A component and an interface pointer.
  • IV, salting of ciphers and signalling of IV's shall be managed and hidden from the developer-client.
  • The main encryption functions shall be implemented in 100% native Delphi code. (TOpenSSL_Signatory component is the exception to the rule).

That is to say it shall not rely on links to third party libraries (at least as far as the core functionality is concerned).

  • Supports Delphi/Pascal version:
    • Delphi XE6; (platforms: Win 32-bit and Win 64-bit).
    • Delphi 2010;
  • Easy traceability to standards. Developers should be able to open cipher standards and open the respective implementing source code; put them side-by-side, and very quickly observer that one implements the other. The implementing source should borrow the style and symbols and the specifiying cipher standard.
  • It shall be as easy as it can be to extend the library with new hashes and block ciphers.
  • The selection, implementation and usage of ciphers shall be divorced from the chaining mode.

Important note about TurboPower LockBox 2

TurboPower LockBox 3 IS NOT TurboPower LockBox 2 and the API is different.
TurboPower LockBox 2 was and is issued under MPL1.1. That has not changed.

TurboPower LockBox 3, from 3.0.0 to 3.1.0 was issued under LGPL3. LGPL is different to GPL. Please don't confuse it.
I have released LockBox 3.1.3 and onwards under a dual licensing scheme, much like SoftGems VirtualTrees. Users can choose to distribute it according to either the conditions of LGPL3 (*not* GPL, remember) or MPL1.1 .

LockBox 3 has no code in common with LockBox 2 and is a different library. The TurboPower LockBox 2 license has been fully respected. You are free to continue to use LockBox 2 as you have always done. It's MPL licensing has not and will never be changed.

LockBox 3 has the same core mission as LockBox 2. All of the main functions and features of Lockbox 2 are furnished in LockBox 3, but without copying a single line of code. The spirit of LockBox is its intended offering of features (AES, DES, 3DES, various chaining modes, MD5, SHA-1 and RSA). Because of this, it is right and proper that LockBox 3 is entitled "TurboPower LockBox 3". For various reasons relating to cryptographic integrity, if your project is in Delphi 2010 or later, I would recommend that you choose LB3 over LB2. However upgraders should be advised that the API is a lot different.

I also maintain Lockbox 2. Lockbox 2 continues to be offered and available on an MPL1.1 basis.

The LockBox forums are available for either Lockbox 2 or Lockbox 3 questions. The forums are activly managed.


Main functions and features of the two libraries.

The main functions are:
Function/Feature TurboPower LockBox 2 TurboPower LockBox 3
Blowfish yes yes
DES yes yes
3DES yes yes (both KO1 & KO2)
AES Rijdnael, probably conforms yes
MD5 yes yes
SHA-1 yes yes
ELF yes no
Mix-128 yes no
RSA yes yes
RSA key sizes 128, 256, 512, 768, 1024 range 512 .. 4096
ASN.1 support yes no
Chaining modes ECB, CBC ECB, CBC, CFB8, CFB, CTR, ECB, OFB, PCBC
RSA sign & verify (native code) yes yes
RSA sign & verify (OpenSSL wrapper) no yes for Win32 but marked experimental at this stage
TwoFish no yes
XXTEA no yes
SHA-2 family no yes, including the new SHA-512/224 & SHA-512/256
Win64 platform no, but probably not too much work to adapt it. yes
Bundled unit tests no yes, extensive set of test cases provided


Grokk Your Cryptography Here!

Caveat Emptor - For those upgrading from LB 3.4.1 or prior to LB 3.4.2 or post, please read the Caveat on the Grok page, linked below.

What's new in 3.6.0 ?

With 3.5.0 as the baseline, the 3.6.0 version delivers:
  • Support for all compilers from Delphi 7 and up (although only package heads for D2010 and XE6 written at the moment).
  • Support for Win32, Win64, Android, iOS, and OS X.
  • A new include, TPLB3.Common.Inc, is included from all source files and defines conditionals used throughout the code base.
  • Renamed uTPLb_D7Compatibility.pas to TPLB3.Compatibility.pas and added code needed by other compilers.
  • Replaced legacy and platform-specific types (e.g. AnsiString, UTF8String, DWORD, etc.) with cross-platform types required by the next-generation mobile compilers.
  • Implemented TStringHelper for platform-agnostic string manipulation, which resolves differences between 1-based strings in the legacy compilers and 0-based strings in the next-generation compilers.
  • Functions that operate on strings now accept an Encoding parameter. I've kept this optional for backwards compatibility, but it should be made mandatory at some point in the future.
  • Marked the following as deprecated in favor of new encoding-agnostic functions: TCodec.EncryptAnsistring, TCodec.DecryptAnsistring, TCodec.EncryptUtf8string, TCodec.DecryptUtf8string, THash.Hashutf8string, TStreamUtils.Stream_to_utf8string, TStreamUtils.utf8string_to_stream.
  • Removed the ComponentPlatformsAttribute declaration from components (all except TOpenSSL), since they now work on all platforms.
  • Added non-assembler fallback Pascal code to TRandom for use on mobile platforms.
  • TNoncibleDecryptor now supports the OnSetIV event, like its encryptor counterpart.

What's new in 3.5.0 ?

With 3.4.0 as the baseline, the 3.5.0 version delivers:
  • Migrated code repository from SourceForge to GoogleCode
  • Renamed unit suffix from uTPlb_ to TPLB3.
  • Replaced most references to AnsiString, to Utf8String
  • Added support for XE6, Win32 and Win62
  • Removed support for all other compilers (other than XE6 and D2010). The return of support for other compilers will be coming soon.
  • Removed the automated installer.

What's new in 3.4.0 ?

With 3.3.0 as the baseline, the 3.4.0 version delivers:
  • An OpenSSL wrapper for RSA functions, which include:
    • Generate key pair
    • Load/Save public/private keys in PEM format
    • Sign and Verify
    • Only works with a fairly recent version of libeay32.dll, namely, at least version 1.0.0.0 is required.
    • Demo program enhanced to include demo of the OpenSSL wrapper.
  • Optional UTF-8 password for TCodec with UNICODE enabled compilers.
  • Delphi XE, XE2 support
  • Win 64 platform support
  • Installer support extended for Delphi XE, XE2
  • Fixed bug in TRandomStream.Initialize() for the Delphi 7 compiler.

Limitations and known defects in 3.4.0 include
  • DUnit test cases not yet covering the OpenSSL wrapper
  • DUnit test cases not yet covering the 3DES Keying Option 2
  • The installer not yet tested for Delphi XE nor Delphi XE2
  • The Delphi XE project head may be versioned 3.3.0.X instead of 3.4.0
  • Saving/Loading private keys from the TOpenSSL_Signatory component in encrypted format, not yet working. For now, save your private keys in the clear, and add your own encryption if required.
  • Help wiki pages not yet updated for the OpenSSL wrapper component.

What is in the pipeline ?

  • Support for OSX and Android
  • Support for XE2 and XE4.
  • An automated installer. The previous installer was based on dcc32.exe. This next one will be based on MS Build.


TurboPower LockBox 3 Help

Image
The LockBox 3 help home page can be found here. Please be patient as the online help is still under construction.

Thank you for installing Tiki.

Help Need help?

For more information:

Donate [toggle]


Show php error messages