Attached is a simplified encrypted file download Client/Server similar to:
https://www.vbforums.com/showthread....13-VB6-GetFile
Whereas the original used full TLS 1.3 to establish the network connection, this one uses an abbreviated version. It is NOT compatible with full TLS 1.3. TLS 1.3 is very complex for the novice to follow, and this one is not burdened with all the logic required to be backwards compatible with previous versions of SSL/TLS. It only supports Elliptic-Curve Cryptography (ECC), which does not require Key storage. Like the full version, it negotiates the session parameters using Client Hello and Server Hello, followed by a Finished record.
The Public ECC Key from the other end is combined with the Internal Private ECC Key to form the Agreed Secret. The other end does the same thing, and the two connected ends should have identical Agreed Secrets. The Hello records are considerably smaller than the originals.
It also does not use an HMAC. The HMAC consists of an accumulated session hash to verify that the network packets have not been messed with. We have made no attempt to provide the same level of security as the full version. It is provided only to demonstrate the principles involved so that the unfamiliar can follow the process.
The full version manipulates the Agreed Secret to create Handshake Read & Write keys, as well as Application Read & Write keys. Our simplified version utilizes the Agreed Secret itself as the starting data encryption/decryption key. The simplified routine uses the same routine for both encryption and decryption. The result is determined by the Key Stream used. "bStream" is updated every time the routine is called.
I have used a DLL (Dynamic Linked Library) prepared by using MakeDLL from DanSoft Australia to create jCrypt.dll. It provides the following functions:
Encrypt
GetECCKey
GenRandom
HashData
as outlined in the declarations section of the form. If you don't have access to this facility, you can comment out the declarations provided and add the mEncrypt.bas module provided to each project.
The encryption/decryption call deserves further explanation.
bStream = Encrypt(bBuffer, bStream)
"bStream" is the Key Stream applied to the Buffer (bBuffer) to form the encrypted or decrypted value, which is returned in "bBuffer". The updated Key Stream is returned in "bStream". If you are encrypting and decrypting within the same program, replace "bStream =" with "Call" on the encryption part of it. This allows you to use the same "bStream" to decrypt.
https://www.vbforums.com/showthread....13-VB6-GetFile
Whereas the original used full TLS 1.3 to establish the network connection, this one uses an abbreviated version. It is NOT compatible with full TLS 1.3. TLS 1.3 is very complex for the novice to follow, and this one is not burdened with all the logic required to be backwards compatible with previous versions of SSL/TLS. It only supports Elliptic-Curve Cryptography (ECC), which does not require Key storage. Like the full version, it negotiates the session parameters using Client Hello and Server Hello, followed by a Finished record.
Code:
************ New Client Hello Sample *************
01 01 00 00 4C - Header (len=76)
00 06 - Supported Elliptic Curves (len=6)
00 17 - secp256r1
00 18 - secp384r1
00 19 - secp521r1
00 17 - Curve Used
00 40 - Len=64 (Public Key)
DA D0 B6 53 94 22 1C F9 B0 51 E1 FE CA 57 87 D0
98 DF E6 37 FC 90 B9 EF 94 5D 0C 37 72 58 11 80
52 71 A0 46 1C DB 82 52 D6 1F 1C 45 6F A3 E5 9A
B1 F4 5B 33 AC CF 5F 58 38 9E 05 77 B8 99 0B B3
************ New Server Hello Sample *************
02 01 00 00 44 - Header (len=68)
00 17 - Curve Used
00 40 - Len=64 (Public Key)
5C A5 0F AD 85 5C 6D 0F 9B CE DB 75 B1 29 8B F0
F5 D2 51 66 DD 47 47 75 20 AA 2B C9 AF 28 AE 19
CC 48 93 F5 B2 4A 9E 52 29 A7 D8 0A 02 41 AC 02
C8 12 69 52 FC 16 78 BC 83 AF F4 A5 00 C0 BD 09It also does not use an HMAC. The HMAC consists of an accumulated session hash to verify that the network packets have not been messed with. We have made no attempt to provide the same level of security as the full version. It is provided only to demonstrate the principles involved so that the unfamiliar can follow the process.
The full version manipulates the Agreed Secret to create Handshake Read & Write keys, as well as Application Read & Write keys. Our simplified version utilizes the Agreed Secret itself as the starting data encryption/decryption key. The simplified routine uses the same routine for both encryption and decryption. The result is determined by the Key Stream used. "bStream" is updated every time the routine is called.
I have used a DLL (Dynamic Linked Library) prepared by using MakeDLL from DanSoft Australia to create jCrypt.dll. It provides the following functions:
Encrypt
GetECCKey
GenRandom
HashData
as outlined in the declarations section of the form. If you don't have access to this facility, you can comment out the declarations provided and add the mEncrypt.bas module provided to each project.
The encryption/decryption call deserves further explanation.
bStream = Encrypt(bBuffer, bStream)
"bStream" is the Key Stream applied to the Buffer (bBuffer) to form the encrypted or decrypted value, which is returned in "bBuffer". The updated Key Stream is returned in "bStream". If you are encrypting and decrypting within the same program, replace "bStream =" with "Call" on the encryption part of it. This allows you to use the same "bStream" to decrypt.