function TAESCryptor.Encrypt(var uncoded:pointer;var size:int64):pointer;
var
  ASalt: Binary;
  AData: TByteDynArray;
  APass: Binary;
  mac : Binary;
  cipher : TDECCipher;
  datalen : Int64;
  Hlp : pointer;

begin
  cipher := ValidCipher(fCipherClass).create;
  cipher.Mode := fCipherMode;
  //Salt erzeugen
  ASalt := RandomBinary(fSaltLen);
  //PW härten
  APass := ValidHash(fHashClass).KDFx(fpwd[1], Length(fpwd) * SizeOf(fpwd[1]), ASalt[1], Length(ASalt), Cipher.Context.KeySize, TFormat_Copy, fKDFIndex);

  //Initialisieren vom Cipher
  cipher.Init(APass);
  //Daten codieren
  datalen := Size;
  setLength(AData,datalen);

  cipher.Encode(uncoded^,AData[0],datalen-1);
  //Prüfsumme berechnen
  mac := cipher.CalcMAC();
  //Ergebnis zusammenschrauben
  datalen := length(AData);
  //Parameter an ergebnis anpassen !
  size := fSaltLen+datalen+Cipher.Context.BufferSize;
  //New Result-Pointer;
  GetMem(result,size);
  //Another one for Aritmethiks, so result is alwas at the begin
  hlp := Result;
  //First store the Salt
  move(ASalt[1],result^,fSaltLen);
  //Move on
  inc(Cardinal(hlp),fSaltLen);
  //Store the crypted data
  move(AData[0],hlp^,datalen);
  //Move on
  inc(Cardinal(hlp),datalen);
  //Store Mac
  move(mac[1],hlp^,Cipher.Context.BufferSize);

  //Cleanup internal data;
  cipher.free;
  ProtectBinary(ASalt);
  ProtectBuffer(AData[0],datalen);
  SetLength(AData,0);
  ProtectBinary(APass);
  ProtectBinary(mac);
end;

function TAESCryptor.Decrypt(var coded:Pointer;var size:int64):pointer;
var
  ASalt: Binary;
  AData: TByteDynArray;
  ACheck: Binary;
  APass: Binary;
  ALen: Integer;
  cipher : TDECCipher;
  hlp : Pointer;

begin
  //First we copy the pointer,so coded points always to the first byte
  hlp := coded;
  Cipher := ValidCipher(fCipherClass).Create;
  //Salt holen
  SetLength(ASalt,fSaltlen);
  move(hlp^,ASalt[1],fSaltLen);
  //Point to the begin of the crypted data
  Inc(Cardinal(hlp),fsaltLen);
  //Berechnung der tatsächlichen länge der veschlüsselten Daten
  ALen := Size-FSaltLen-cipher.Context.BufferSize;

  //Veschlüsselte Daten holen
  setLength(AData,ALen);
  move(hlp^,Adata[0],ALen);

  //Point to the begin of the MAC
  inc(Cardinal(hlp),ALen);

  //Checksumme holen
  SetLength(ACheck,Cipher.Context.BufferSize);
  move(hlp^,ACheck[1],Cipher.Context.BufferSize);
  //Pw save machen
  APass := ValidHash(fHashClass).KDFx(fpwd[1], Length(fpwd) * SizeOf(fpwd[1]), ASalt[1], fSaltLen, Cipher.Context.KeySize, TFormat_Copy, fKDFIndex);
  Cipher.Mode := fCipherMode;
  cipher.Init(APass);
  //Size auf größe des Ergebnisses setzen !
  size := Alen;
  //Result-Pointer erzeugen
  GetMem(result,size);
  //Daten decodieren
  Cipher.Decode(AData[0],result^,Alen-1);
  //Prüfsummenprüfung
  if (ACheck <> Cipher.CalcMac) then
    Raise eCryptorException.Create('Invalid Data');
  //Aufräumen
  cipher.Free;
  ProtectBinary(ASalt);
  ProtectBinary(ACheck);
  ProtectBinary(APass);
  ProtectBuffer(AData[0],alen);
  SetLength(AData,0);
end;