Encryption Kit DX
Posted: Mon Nov 24, 2025 3:20 am
Encryption Kit DX
Design Notes
Algorithm Suite Overview
This comprehensive encryption suite provides implementations of the most widely-used encryption algorithms, organized by category:
Symmetric Block Ciphers
**AES (Advanced Encryption Standard)** - `EncryptionKitDX.AES`
- **Block Size**: 16 bytes (128 bits)
- **Key Sizes**: 128, 192, or 256 bits
- **Speed**: Very Fast (hardware acceleration available on modern CPUs)
- **Security**: Excellent - Current industry standard
- **Use When**: You need strong, fast encryption for any application
- **Considerations**: Always outputs multiples of 16 bytes due to padding
**DES/3DES** - `EncryptionKitDX.DES`
- **Block Size**: 8 bytes (64 bits)
- **Key Sizes**: DES=56 bits, 3DES=168 bits effective
- **Speed**: Slow (especially 3DES which is 3x slower than DES)
- **Security**: DES is weak/obsolete, 3DES acceptable but deprecated
- **Use When**: Legacy system compatibility required
- **Considerations**: Outputs multiples of 8 bytes; DES should not be used for new applications
**Blowfish** - `EncryptionKitDX.Blowfish`
- **Block Size**: 8 bytes (64 bits)
- **Key Sizes**: Variable (32-448 bits, default 448)
- **Speed**: Fast
- **Security**: Good but dated (64-bit block size limitation)
- **Use When**: You need fast encryption with variable key sizes
- **Considerations**: 64-bit blocks mean birthday attacks possible after ~32GB encrypted data
Stream Ciphers
**RC4** - `EncryptionKitDX.RC4`
- **Block Size**: 1 byte (stream cipher)
- **Key Sizes**: Variable (40-2048 bits)
- **Speed**: Extremely Fast
- **Security**: Weak - Multiple known vulnerabilities
- **Use When**: Only for legacy compatibility; DO NOT use for new applications
- **Considerations**: No padding needed; output same size as input; considered broken
**ChaCha20** - `EncryptionKitDX.ChaCha20`
- **Block Size**: 64 bytes (internal state)
- **Key Size**: 256 bits (32 bytes)
- **Speed**: Very Fast (faster than AES without hardware acceleration)
- **Security**: Excellent - Modern, well-analyzed
- **Use When**: You need high-performance encryption without AES hardware support
- **Considerations**: No padding needed; requires 12-byte nonce; output same size as input
Asymmetric (Public Key) Ciphers
**RSA** - `EncryptionKitDX.RSA`
- **Block Size**: Depends on key size (key bits / 8)
- **Key Sizes**: Typically 1024, 2048, or 4096 bits
- **Speed**: Very Slow (1000x+ slower than symmetric)
- **Security**: Good with proper key sizes (2048+ bits recommended)
- **Use When**: Key exchange, digital signatures, encrypting symmetric keys
- **Considerations**: Can only encrypt data smaller than key size; use for key exchange, not bulk data; this implementation is simplified - production code needs proper padding (OAEP)
Hash Functions (One-Way)
**MD5** - `EncryptionKitDX.MD5`
- **Output Size**: 16 bytes (128 bits) as 32-character hex string
- **Block Size**: 64 bytes (internal)
- **Speed**: Very Fast
- **Security**: Broken - Collision attacks practical
- **Use When**: Non-security checksums, legacy compatibility only
- **Considerations**: NOT suitable for passwords or security; one-way function (no decryption)
**SHA-256** - `EncryptionKitDX.SHA256`
- **Output Size**: 32 bytes (256 bits) as 64-character hex string
- **Block Size**: 64 bytes (internal)
- **Speed**: Fast
- **Security**: Excellent - Current standard
- **Use When**: Integrity verification, password hashing (with salt), digital signatures
- **Considerations**: One-way function (no decryption); always produces same output for same input
Classic Ciphers
**XOR Cipher** - `EncryptionKitDX.XOR`
- **Block Size**: 1 byte
- **Key Size**: Variable
- **Speed**: Extremely Fast
- **Security**: Very Weak - Only for obfuscation
- **Use When**: Simple data obfuscation, educational purposes
- **Considerations**: Not secure encryption; easy to break; no padding needed
Performance Comparison (Relative Speed)
From Fastest to Slowest:
1. **XOR** - Baseline (simplest possible)
2. **RC4** - ~95% (very fast but insecure)
3. **ChaCha20** - ~85% (excellent security-to-speed ratio)
4. **AES-128** - ~80% (with hardware: ~95%)
5. **Blowfish** - ~75%
6. **SHA-256** - ~70% (hash function)
7. **AES-256** - ~70%
8. **MD5** - ~65% (hash function)
9. **3DES** - ~25% (very slow due to triple encryption)
10. **RSA** - <1% (extremely slow, asymmetric)
Security Recommendations
**Recommended for New Applications:**
- **AES-256** - Best overall choice for symmetric encryption
- **ChaCha20** - Excellent alternative, especially on mobile
- **SHA-256** - Standard for hashing and integrity
**Acceptable with Caveats:**
- **AES-128** - Still secure, faster than AES-256
- **Blowfish** - Good but prefer AES
- **3DES** - Only for legacy systems, being phased out
- **RSA-2048+** - For asymmetric needs, but use established libraries
**Not Recommended (Legacy/Weak):**
- **DES** - Broken, obsolete
- **RC4** - Multiple vulnerabilities
- **MD5** - Collision attacks practical
- **XOR** - Not real encryption
Block Size Considerations
**Why Block Size Matters:**
- Algorithms work on fixed-size blocks
- Input data must be padded to block size multiples
- Padding adds overhead (up to one block of extra data)
**Block Sizes:**
- **16 bytes**: AES (most common modern choice)
- **8 bytes**: DES, 3DES, Blowfish (older standard)
- **1 byte**: RC4, XOR, stream ciphers (no padding needed)
- **64 bytes**: ChaCha20 (internal, but acts as stream cipher)
**Example:**
- Encrypting 100 bytes with AES (16-byte blocks):
- Need 7 blocks = 112 bytes output
- 12 bytes overhead (12% increase)
- Encrypting 100 bytes with DES (8-byte blocks):
- Need 13 blocks = 104 bytes output
- 4 bytes overhead (4% increase)
- Encrypting 100 bytes with ChaCha20:
- Output = 100 bytes (no padding)
Usage Guidelines
**Initialization Process:**
1. Create component instance
2. Set `Key` property (and `Nonce` for ChaCha20)
3. Call `Initialize` method
4. Call `Encrypt` or `Decrypt`
**Key Management:**
- Never hardcode keys in source code
- Use proper key derivation functions (PBKDF2, Argon2)
- Store keys securely (OS key storage, HSM)
- Rotate keys periodically
**Padding Modes:**
- **PKCS7**: Standard, adds bytes equal to padding length (default)
- **Zero**: Pads with zeros (problems with data ending in zeros)
- **ANSIX923**: Zeros with length byte at end
- **None**: No padding (must provide block-aligned data)
Encryption Kit DX v3.0.0 Demo
===========================
This demo showcases:
1. AES symmetric encryption with CBC mode
2. Secure key storage with encryption
3. PGP message creation and processing
=== AES Encryption Demo ===
Plain Text: Hello, this is a test message for AES encryption!
Cipher Text (Hex): [hex string]
Decrypted Text: Hello, this is a test message for AES encryption!
Encryption successful: TRUE
=== Key Storage Demo ===
Stored keys:
AES-Key-1
AES-Key-2
RSA-Key-1
Retrieved AES-Key-1: 1234567890123456
=== PGP/GPG Demo ===
Generated PGP key pair for demo@example.com
Created PGP message:
-----BEGIN PGP MESSAGE-----
Version: Encryption Kit DX v3.0.0
[encrypted data]
-----END PGP MESSAGE-----
Processed message: This is a secret message!
Demo completed successfully!
Press Enter to exit...
### **Delphi 7 Compatibility:**
- No generics used (Delphi 7 predates generics)
- Brace-style comments `{ }` throughout
- Traditional unit naming without namespaces
- TComponent descendants for IDE integration
- Compatible with Delphi 7 through modern versions
### **Threading:**
- Components are NOT thread-safe by default
- Create separate instances per thread
- Or add synchronization (critical sections)
### **Error Handling:**
- Always call `Initialize` before Encrypt/Decrypt
- Check key length requirements per algorithm
- Validate ciphertext length for block ciphers
- Handle exceptions for hash decrypt attempts
## Version History
- **v1.0.0** (2024-01-15) - Initial release
- Core symmetric ciphers: AES, DES, 3DES, Blowfish
- Stream ciphers: RC4, ChaCha20
- Asymmetric: RSA (simplified)
- Hash functions: MD5, SHA-256
- Classic: XOR cipher
- Base component architecture with padding support
- v2.0.0 - (2024-09-14) - Production-grade improvements: Complete algorithm implementations, CBC mode support, IV handling, enhanced security features, performance optimizations
- v3.0.0 - (2024-11-11) - Added key storage components and PGP/GPG support for secure key management and public message encryption
Design Notes
Algorithm Suite Overview
This comprehensive encryption suite provides implementations of the most widely-used encryption algorithms, organized by category:
Symmetric Block Ciphers
**AES (Advanced Encryption Standard)** - `EncryptionKitDX.AES`
- **Block Size**: 16 bytes (128 bits)
- **Key Sizes**: 128, 192, or 256 bits
- **Speed**: Very Fast (hardware acceleration available on modern CPUs)
- **Security**: Excellent - Current industry standard
- **Use When**: You need strong, fast encryption for any application
- **Considerations**: Always outputs multiples of 16 bytes due to padding
**DES/3DES** - `EncryptionKitDX.DES`
- **Block Size**: 8 bytes (64 bits)
- **Key Sizes**: DES=56 bits, 3DES=168 bits effective
- **Speed**: Slow (especially 3DES which is 3x slower than DES)
- **Security**: DES is weak/obsolete, 3DES acceptable but deprecated
- **Use When**: Legacy system compatibility required
- **Considerations**: Outputs multiples of 8 bytes; DES should not be used for new applications
**Blowfish** - `EncryptionKitDX.Blowfish`
- **Block Size**: 8 bytes (64 bits)
- **Key Sizes**: Variable (32-448 bits, default 448)
- **Speed**: Fast
- **Security**: Good but dated (64-bit block size limitation)
- **Use When**: You need fast encryption with variable key sizes
- **Considerations**: 64-bit blocks mean birthday attacks possible after ~32GB encrypted data
Stream Ciphers
**RC4** - `EncryptionKitDX.RC4`
- **Block Size**: 1 byte (stream cipher)
- **Key Sizes**: Variable (40-2048 bits)
- **Speed**: Extremely Fast
- **Security**: Weak - Multiple known vulnerabilities
- **Use When**: Only for legacy compatibility; DO NOT use for new applications
- **Considerations**: No padding needed; output same size as input; considered broken
**ChaCha20** - `EncryptionKitDX.ChaCha20`
- **Block Size**: 64 bytes (internal state)
- **Key Size**: 256 bits (32 bytes)
- **Speed**: Very Fast (faster than AES without hardware acceleration)
- **Security**: Excellent - Modern, well-analyzed
- **Use When**: You need high-performance encryption without AES hardware support
- **Considerations**: No padding needed; requires 12-byte nonce; output same size as input
Asymmetric (Public Key) Ciphers
**RSA** - `EncryptionKitDX.RSA`
- **Block Size**: Depends on key size (key bits / 8)
- **Key Sizes**: Typically 1024, 2048, or 4096 bits
- **Speed**: Very Slow (1000x+ slower than symmetric)
- **Security**: Good with proper key sizes (2048+ bits recommended)
- **Use When**: Key exchange, digital signatures, encrypting symmetric keys
- **Considerations**: Can only encrypt data smaller than key size; use for key exchange, not bulk data; this implementation is simplified - production code needs proper padding (OAEP)
Hash Functions (One-Way)
**MD5** - `EncryptionKitDX.MD5`
- **Output Size**: 16 bytes (128 bits) as 32-character hex string
- **Block Size**: 64 bytes (internal)
- **Speed**: Very Fast
- **Security**: Broken - Collision attacks practical
- **Use When**: Non-security checksums, legacy compatibility only
- **Considerations**: NOT suitable for passwords or security; one-way function (no decryption)
**SHA-256** - `EncryptionKitDX.SHA256`
- **Output Size**: 32 bytes (256 bits) as 64-character hex string
- **Block Size**: 64 bytes (internal)
- **Speed**: Fast
- **Security**: Excellent - Current standard
- **Use When**: Integrity verification, password hashing (with salt), digital signatures
- **Considerations**: One-way function (no decryption); always produces same output for same input
Classic Ciphers
**XOR Cipher** - `EncryptionKitDX.XOR`
- **Block Size**: 1 byte
- **Key Size**: Variable
- **Speed**: Extremely Fast
- **Security**: Very Weak - Only for obfuscation
- **Use When**: Simple data obfuscation, educational purposes
- **Considerations**: Not secure encryption; easy to break; no padding needed
Performance Comparison (Relative Speed)
From Fastest to Slowest:
1. **XOR** - Baseline (simplest possible)
2. **RC4** - ~95% (very fast but insecure)
3. **ChaCha20** - ~85% (excellent security-to-speed ratio)
4. **AES-128** - ~80% (with hardware: ~95%)
5. **Blowfish** - ~75%
6. **SHA-256** - ~70% (hash function)
7. **AES-256** - ~70%
8. **MD5** - ~65% (hash function)
9. **3DES** - ~25% (very slow due to triple encryption)
10. **RSA** - <1% (extremely slow, asymmetric)
Security Recommendations
**Recommended for New Applications:**
- **AES-256** - Best overall choice for symmetric encryption
- **ChaCha20** - Excellent alternative, especially on mobile
- **SHA-256** - Standard for hashing and integrity
**Acceptable with Caveats:**
- **AES-128** - Still secure, faster than AES-256
- **Blowfish** - Good but prefer AES
- **3DES** - Only for legacy systems, being phased out
- **RSA-2048+** - For asymmetric needs, but use established libraries
**Not Recommended (Legacy/Weak):**
- **DES** - Broken, obsolete
- **RC4** - Multiple vulnerabilities
- **MD5** - Collision attacks practical
- **XOR** - Not real encryption
Block Size Considerations
**Why Block Size Matters:**
- Algorithms work on fixed-size blocks
- Input data must be padded to block size multiples
- Padding adds overhead (up to one block of extra data)
**Block Sizes:**
- **16 bytes**: AES (most common modern choice)
- **8 bytes**: DES, 3DES, Blowfish (older standard)
- **1 byte**: RC4, XOR, stream ciphers (no padding needed)
- **64 bytes**: ChaCha20 (internal, but acts as stream cipher)
**Example:**
- Encrypting 100 bytes with AES (16-byte blocks):
- Need 7 blocks = 112 bytes output
- 12 bytes overhead (12% increase)
- Encrypting 100 bytes with DES (8-byte blocks):
- Need 13 blocks = 104 bytes output
- 4 bytes overhead (4% increase)
- Encrypting 100 bytes with ChaCha20:
- Output = 100 bytes (no padding)
Usage Guidelines
**Initialization Process:**
1. Create component instance
2. Set `Key` property (and `Nonce` for ChaCha20)
3. Call `Initialize` method
4. Call `Encrypt` or `Decrypt`
**Key Management:**
- Never hardcode keys in source code
- Use proper key derivation functions (PBKDF2, Argon2)
- Store keys securely (OS key storage, HSM)
- Rotate keys periodically
**Padding Modes:**
- **PKCS7**: Standard, adds bytes equal to padding length (default)
- **Zero**: Pads with zeros (problems with data ending in zeros)
- **ANSIX923**: Zeros with length byte at end
- **None**: No padding (must provide block-aligned data)
Encryption Kit DX v3.0.0 Demo
===========================
This demo showcases:
1. AES symmetric encryption with CBC mode
2. Secure key storage with encryption
3. PGP message creation and processing
=== AES Encryption Demo ===
Plain Text: Hello, this is a test message for AES encryption!
Cipher Text (Hex): [hex string]
Decrypted Text: Hello, this is a test message for AES encryption!
Encryption successful: TRUE
=== Key Storage Demo ===
Stored keys:
AES-Key-1
AES-Key-2
RSA-Key-1
Retrieved AES-Key-1: 1234567890123456
=== PGP/GPG Demo ===
Generated PGP key pair for demo@example.com
Created PGP message:
-----BEGIN PGP MESSAGE-----
Version: Encryption Kit DX v3.0.0
[encrypted data]
-----END PGP MESSAGE-----
Processed message: This is a secret message!
Demo completed successfully!
Press Enter to exit...
### **Delphi 7 Compatibility:**
- No generics used (Delphi 7 predates generics)
- Brace-style comments `{ }` throughout
- Traditional unit naming without namespaces
- TComponent descendants for IDE integration
- Compatible with Delphi 7 through modern versions
### **Threading:**
- Components are NOT thread-safe by default
- Create separate instances per thread
- Or add synchronization (critical sections)
### **Error Handling:**
- Always call `Initialize` before Encrypt/Decrypt
- Check key length requirements per algorithm
- Validate ciphertext length for block ciphers
- Handle exceptions for hash decrypt attempts
## Version History
- **v1.0.0** (2024-01-15) - Initial release
- Core symmetric ciphers: AES, DES, 3DES, Blowfish
- Stream ciphers: RC4, ChaCha20
- Asymmetric: RSA (simplified)
- Hash functions: MD5, SHA-256
- Classic: XOR cipher
- Base component architecture with padding support
- v2.0.0 - (2024-09-14) - Production-grade improvements: Complete algorithm implementations, CBC mode support, IV handling, enhanced security features, performance optimizations
- v3.0.0 - (2024-11-11) - Added key storage components and PGP/GPG support for secure key management and public message encryption