The System.Crypto unit provides a wide range of cryptographic primitives, including secure hashing, symmetric and asymmetric encryption, and cryptographic utilities.
All hashing classes inherit from HashAlgorithm and provide HashData and HMAC methods.
| Class | Description |
|---|---|
HashMD5 |
Legacy MD5 hashing (128-bit). |
HashSHA1 |
Legacy SHA-1 hashing (160-bit). |
HashSHA256 |
Standard SHA-2 256-bit hashing. |
HashSHA512 |
Standard SHA-2 512-bit hashing. |
HashSHA3_256 |
Modern SHA-3 256-bit hashing (Keccak). |
HashRIPEMD160 |
RIPEMD 160-bit hashing. |
HashCRC32 |
CRC32 checksum. |
uses System.Crypto;
// Standard Hashing
var hash := HashSHA256.HashData('Message');
// HMAC (Keyed Hashing)
var hmac := HashSHA256.HMAC('Message', 'SecretKey');Authenticated encryption combining AES with hashing for integrity.
| Class | Description |
|---|---|
EncryptionAESSHA256Full |
AES-CTR with SHA-256 HMAC. Recommended for general use. |
EncryptionAESSHA3CTR |
AES-CTR with SHA3-256 HMAC. |
EncryptionAESnistCTR |
Low-level AES-CTR (requires manual IV management). |
EncryptionCryptProtect |
Windows DPAPI (Machine or User bound encryption). |
The ECCsecp256r1 class provides Elliptic Curve Cryptography for signatures and key exchange.
| Method | Description |
|---|---|
MakeKey(var pub, var priv) |
Generates a new key pair. |
ECDHSharedSecret(pub, priv) |
Calculates shared secret (Diffie-Hellman). |
ECDSASign(priv, hashHex) |
Signs a 256-bit hash. |
ECDSAVerify(pub, hashHex, sig) |
Verifies a signature. |
The TRSAKey class supports RSA encryption and signatures.
| Method | Description |
|---|---|
Generate(bitSize) |
Constructor for new keys (e.g. 2048, 4096). |
SignHash(algo, hashHex) |
Signs a hash. |
VerifyHash(algo, hashHex, sig) |
Verifies a signature. |
Encrypt / Decrypt |
Encrypts or decrypts data using the key. |
ExportJSON / ImportJSON |
Serializes the key to/from JSON format. |
The Nonces class manages unique, time-limited tokens stored in memory, useful for preventing replay attacks, CSRF protection, or managing temporary sessions.
| Method | Description |
|---|---|
Generate(ms) |
Generates a new nonce with no associated data. |
Generate(ms, data) |
Generates a new nonce with associated data string. |
Register(nonce, ms, data) |
Registers an existing token string with expiration. |
CheckAndRemove(nonce) |
True if valid and has no data. Removes it. |
CheckAndRemove(nonce, data) |
True if valid and matches data. Removes it. |
CheckAndKeep(nonce) |
True if valid and has no data. Keeps it. |
CheckAndKeep(nonce, data) |
True if valid and matches data. Keeps it. |
GetData(nonce) |
Retrieves the data string associated with a nonce (or empty if invalid). |
Remove(nonce) |
Manually expires a nonce. |
| Function / Method | Description |
|---|---|
PBKDF2_HMAC_SHA256(pass, salt, iters) |
Password-based key derivation. |
CryptographicToken(bits) |
Returns a random alphanumeric token. |
CryptographicRandom(bytes) |
Returns raw random bytes. |
Nonces.Generate(ms, data) |
Generates and registers a time-limited one-time token. |