Question about Crypto.RSAGenerateKeyPair

I’ve just been asked to work on a Xojo project that will use encryption. The crypto needs to be strong so that means I’m going to need good algorithms and good random numbers. My choices in Xojo are 1) have the user install something like GnuPG and shell out to it for all the crypto related functions or 2) use Xojo’s built-in crypto functions.

I’d LIKE to do it all in Xojo since it just feels more elegant but I know nothing about how Xojo creates keys. What sources of entropy does it us? How “random” is random? Is the encryption good enough for long term use?

I know some of this might be opinion but I’m wondering which you would use and why?

What exactly will you be encrypting? There are limitations to using the built-in RSA encryption.

Other options: A plugin (MBS or Einhuger), a class (I have posted an open-source Blowfish project), or storing the data in a SQLite database and turning on encryption there.

One thing: If you store the password for the encrypted data within the project, you might as well not encrypt it at all.

I was mostly doing file encryption. I didn’t realize there were limits to how much could be encrypted. That, right there, is a dealbreaker for me. I’ll just bundle along GnuPG and shell out to it. I don’t like to depend on plugins. Thanks!

There is a blowfish implementation available in Xojo code. Typically you would use something like blowfish to do the file encryption and then rsa to encrypt the blowfish key. It’s VERY efficient that way.

Fwiw, RSA is a very slow algorithm for encryption when the bits get above 512, so you wouldn’t want that anyway.