I remember that when I mentioned that Delphi did not officially have an encryption unit in a discussion with my friends, I always thought it was incredible, because DataSnap has this encryption filter:
TTransportFilterItem.FilterId: PC1 / RSA
Since there is an encryption setting, the encryption method must be hidden somewhere in the Source paths.
It cost me 8 damn nights!
How exactly does DataSnap operate encryption? I muttered to myself as I silently stared at the screen in the dark.
Quest
Find of the DSTCPServerTransport unit, I saw the dependent DBXTransport, and I saw a sensitive word in "uses":
DBXEncryption
As if seeing a glimmer of light, I find the Delphi installation path and opened the mysterious DBXEncryption source code.
It begins with this:
PC1 encryption definitely came from here.
TPC1Cypher is the PC1 encryption class, and my intuition tells me that RSA is maybe TRSACypher.
But there is no trace of it in the DBXEncryption unit, is it a mistake? I try to find possible clues in the source code sea.
DBXOpenSSL
The beginning of the file reads like this :
Sure enough, as I expected, the RSA encryption method is named after [TRSACypher].
PC1 encryption filter provided by DataSnap Server
DataSnap Server provides PC1 encryption filter. At the beginning, everything uses the official default value. There is no problem in operation, but the Key value is fixed, so let's modify it.
After modifying, the operation is also success. After the normal measurement, I try the [what error will pop up if the server and client passwords are different].
The result can still run successfully!
Why does it work with different KEY values on both sides? After being tested, it goes through several units:
- DBXTransport
- DBXEncryption
There are Cypher / Decypher encryption and decryption functions in DBXEncryption.TPC1Cypher class. After testing, we know that when each pair of packets is encrypted and passed to the other party, it will also be passed to the other party together with the "KEY", and the other party will use the "KEY" to decrypt the packet, and vice versa Of course.
To put it simply, the packet can be decrypted correctly only when the KEY is used with the [same] algorithm to decrypt the packet.
Therefore, it is the key to know the correct algorithm. Although as long as it is a Delphi application, it can be unraveled, but in such a niche as Delphi, it can be regarded as a good encryption method. 😁