Best cipher for encryption ?

jbv at mozik.fr jbv at mozik.fr
Thu Feb 19 12:45:51 EST 2026 

Yes, the server is mine.
Below is the code that I'm planning to use.
According to the tests that I have made so far, it works.

function Encrypt_CBC_HMAC_ToB64 pPlainText, pMasterKeyB64
    local tMaster, tKeyEnc, tKeyMac, tIV, tCipher, tTag

    put base64Decode(pMasterKeyB64) into tMaster
    if length(tMaster) < 64 then return "ERR: master key must be >= 64 
bytes"

    put char 1 to 32 of tMaster into tKeyEnc
    put char 33 to 64 of tMaster into tKeyMac

    put randomBytes(16) into tIV  -- IV 16 octets pour AES-CBC

    encrypt pPlainText using "aes-256-cbc" with key tKeyEnc and IV tIV
    if the result is not empty then return "ERR:" & the result
    put it into tCipher

    -- HMAC sur (IV || CIPHER)
    put messageAuthenticationCode(tIV & tCipher, tKeyMac, "HMAC-SHA-256") 
into tTag

    return "v1:" & base64Encode(tIV) & ":" & base64Encode(tCipher) & ":" 
& base64Encode(tTag)
end Encrypt_CBC_HMAC_ToB64

function Decrypt_CBC_HMAC_FromB64 pPacked, pMasterKeyB64
    local tMaster, tKeyEnc, tKeyMac
    local tIV, tCipher, tTag, tTag2

    set itemdel to ":"

    if item 1 of pPacked is not "v1" then return "ERR: bad 
format/version"

    put base64Decode(pMasterKeyB64) into tMaster
    if length(tMaster) < 64 then return "ERR: master key must be >= 64 
bytes"
    put char 1 to 32 of tMaster into tKeyEnc
    put char 33 to 64 of tMaster into tKeyMac

    put base64Decode(item 2 of pPacked) into tIV
    put base64Decode(item 3 of pPacked) into tCipher
    put base64Decode(item 4 of pPacked) into tTag

    -- Recalcule et compare le HMAC
    put messageAuthenticationCode(tIV & tCipher, tKeyMac, "HMAC-SHA-256") 
into tTag2
    if tTag2 is not tTag then return "ERR: authentication failed 
(tampered or wrong key)"

    decrypt tCipher using "aes-256-cbc" with key tKeyEnc and IV tIV
    if the result is not empty then return "ERR:" & the result
    return it
end Decrypt_CBC_HMAC_FromB64


on mouseUp pMouseButton
    put "Getting Started with LiveCode" into tvar
    put base64Encode(randomBytes(64)) into tMasterKeyB64  -- 64 octets: 
32 enc + 32 mac
    put Encrypt_CBC_HMAC_ToB64(tvar,tMasterKeyB64) into z
    put Decrypt_CBC_HMAC_FromB64(z,tMasterKeyB64)
end mouseUp



Le 2026-02-19 10:43, Mark Clark a écrit :
> Is the remote server yours or is it operated by a third party?
> 
> There is more to it than just the choice of cipher. Key exchange is 
> usually the toughest part of any system. Have you read "Cryptography 
> Engineering: Design Principles and Practical Applications?"  There is a 
> lot to think about. Depends on the answer to the first question.
> 
> Mark
> 
> On Feb 19, 2026, at 4:11 AM, jbv via use-livecode 
> <use-livecode at lists.runrev.com> wrote:
> 
> Hi list,
> 
> I am building a standalone app that will send requests to a remote
> server and receive data in return.
> I want to encrypt the two-ways exhanges.
> Is there any advice regarding the best cipher to chose among the
> long list of ciphernames ?
> 
> Thank you in advance.
> jbv
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your 
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

More information about the use-livecode mailing list