Middleware Encryption in Sparkle/RemoteDB

We are currently evaluating TMS Biz specifically RemoteDB and also Sparkle.
Apologies if this enquiry is posted in the wrong place, however I do not seem to be able to post it directly in the Biz or RemoteDB/Sparkle forums. Presumably this is because we have not yet purchased the components (unless there is another reason?)

Specifically we are trying to Encrypt the Message between Client and Server i.e. Encrypt the Request and Response objects, so that the RemoteDB requests are not passing SQL commands in cleartext to the server.

I have attempted this in 2 different ways, but cannot get either to work completely.
Firstly using the Encryption middleware as shown in the Sparkle demo project 'EncryptionMiddleware'.
The problem here is that when I Decrypt the Request object it appears to have some extraneous 'Bel' characters at the end. If I debug into the Aurelius.Drivers.dbGo.SetSQLCommand() method however I can see that the SQLCommand appears to be correct. However, after completing this method an error is thrown by RemoteDB - "EDatabaseError with message Field '***.
The weird thing is that even if I hardcode the SQLCommand text at this point to a different command than the one that was passed, the same error still occurs.
However, if we do not Encrypt/Decrypt then the hardcoded SQLCommand is executed correctly.
This implies to me that some other property or method that I cannot obviously see is also being set in the case where we are Encrypting.
Note that the actual Encryption is being done with AES encryption as per the demo (using TMS Encryption pack which we are also evaluating).

Alternatively we have tried using Custom Middleware instead of the Encryption middleware.
The events fire when expected and the we are able to Decrypt the request content in the Service project, but cannot see a way to assign it back to the Request object before it hits RemoteDB/Aurelius.
Context.Request.Content is a read-only property. Context.Request.ContentStream is writeable but does not actually write anything. i.e. it appears to let me assign a stream back to it, but still contains the original (encrypted) value afterward. I cannot see any examples either in your documentation or in your demos where you do this.

Hope you can help one way or the other! Thanks

Hi @Parker_Andrew.

That is correct.

The standard, well-accepted and secure way of avoid "passing in cleartext to the server" is using a certificate. That's what you should do unless you have a really specific and strong reason for not doing so. One argument is exactly what you are struggling with. Reinventing the wheel and spending time dealing with something that is already solved by someone else in a standard way.

The encryption middleware is something that I personally struggle to include it in the main package, exactly because of that. Users shouldn't be using it for such purpose, but just use certificates instead. It was a very, very specific use case of a customer that we end up making available for other users.