Search Results

Search found 2089 results on 84 pages for 'symmertric encryption'.

Page 38/84 | < Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >

  • Paypal Encrypted Website payments

    - by John Isaacks
    I am trying to integrate a PayPal Website Payments Standard Cart Upload payment type into my shopping cart. I integrated Google Checkout a while back and I did not find it overly confusing as I do paypal. I am getting info on how to encrypt it from here: https://cms.paypal.com/us/cgi-bin/?&cmd=_render-content&content_ID=developer/e_howto_html_encryptedwebpayments#id08A3I0P017Q Paypal says I need to generate a private key and a public certificate using OpenSSL. I went to OpenSSL and downloaded the latest release, which is just a folder containing various files but I see no application I can use, not sure what to do here. Even if I were to get OpenSSL to generate me a private key and public cert, the next step is to download either an MS or Java command line tool to create the encrypted cart ahead of time with the cart-total, tax, etc. which sounds crazy to me, like I am supposed to manually do this prior to every order?? Obviously I do not know the items in the cart the customer is going to buy before hand so I need this to be done on the fly on my website using PHP. But I am completely lost. There has to be a way to setup dynamic secure cart uploads to paypal. Can someone please point me in the right direction?

    Read the article

  • Is there any benefit to encrypting twice using pgp?

    - by ojblass
    I am asking from a "more secure" perspective. I can imagine a scenario with two required private keys needed for decryption scenarios that may make this an attractive model. This is to settle an argument. My vote is that it is not adding any additional security other than having to compromise two different private keys. I think that if it was any more secure than encrypting it one million times would be the best way to secure informaiton and I don't buy it. So I guess my question becomes is a two locking mechanism equivalent to another one locking mechanism with a single key? Update: Forgive me if the answer is obvious but my bread goes dead as I read books on the topic.

    Read the article

  • How to keep multiple connectionString passwords safe, separate, and easy to deploy?

    - by Funka
    I know there are plenty of questions here already about this topic (I've read through as many as I could find), but I haven't yet been able to figure out how best to satisfy my particular criteria. Here are the goals: The ASP.NET application will run on a few different web servers, including localhost workstations for development. This means encrypting web.config using a machine key is out. The application will decide which connection string to use based on the server name (using a switch statement). For example, "localhost" and "dev.example.com" will use the DevDatabaseConnectionString, "test.example.com" will use the TestDatabaseConnectionString, and "www.example.com" will use the ProdDatabaseConnectionString, for example. Ideally, the exact same executables and web.config should be able to run on any of these environments, without needing to tailor or configure each environment separately every time that we deploy (something that seems like it would be easy to forget/mess up one day during a deployment, which is why we moved away from having just one connectionstring that has to be changed on each target). Deployment is currently accomplished via FTP. We will not have command-line access to the production web server. This means using aspnet_regiis.exe is out. (I could run on localhost, however, if this would still work.) We would prefer to not have to recompile the application whenever a password changes, so using web.config (or db.config or whatever) seems to make the most sense. A developer should not be able to decrypt the production database password. If a developer checks the source code out onto their localhost laptop (which would determine that it should be using the DevDatabaseConnectionString, remember?) and the laptop gets lost or stolen, it should not be possible to get at the other connection strings. Thus, having a single RSA private key to un-encrypt all three passwords cannot be considered. (Contrary to #3 above, it does seem like we'd need to have three separate key files if we went this route; these could be installed once per machine, and should the wrong key file get deployed to the wrong server, the worst that should happen is that the app can't decrypt anything---and not allow the wrong host to access the wrong database!) I know this is probably a subjective question (asking for a "best" way to do something), but given the criteria I've mentioned, I'm hoping that a single best answer will indeed arise. Thank you!

    Read the article

  • openssl versus windows capi

    - by oren
    Which is better to use openssl or windows capi for ecnryption issues what is the pro and con list for both. and if it possible to write my encryptor program on openssl and decrypt it with windows capi with no problem or there are some problem with this.

    Read the article

  • HSM - cryptoki - opening sessions overhead

    - by Raj
    I am having a query regarding sessions with HSM. I am aware that there is an overhead if you initialise and finalise the cryptoki api for every file you want to encrypt/decrypt. My queries are, Is there an overhead in opening and closing individual sessions for every file, you want to encrypt/decrypt.(C_Initialize/C_Finalize) How many maximum number of sessions can i have for a HSM simultaneously, with out affecting the performance? Is opening and closing the session for processing individual files the best approach or opening a session and processing multiple files and then closing the session the best approach? Thanks

    Read the article

  • Encrypted volume automounting in Mac OS X

    - by nsayer
    I've had a need to create an encrypted volume on my mac for the company source code. The requirements are not terribly stringent: If someone can log into the machine as me, they win, but otherwise, they should lose. With that set of requirements, you can make it so that the disk is automatically mounted at login.

    Read the article

  • Can you figure out the password hashing scheme?

    - by Adal
    I have two passwords and two resulting hashes. I can't figure out how the hash is derived from the password. I don't know if salting is used. I don't know if the password is hashed as a integer value or as a string (possibly Unicode). Password: 6770 Hash: c12114b91a3841c143bbeb121693e80b Password: 9591 Hash: 25238d578b6a61c2c54bfe55742984c1 The hash length seems to suggest MD5. Anybody has any ideas what I could try? Note: This is not for hacking purposes. I'm trying to access a service through an API instead of it's desktop client, and I can't figure out how to compute the password hash. Currently instead of using my real password I'm sending directly the hash.

    Read the article

  • AES-XTS implementation in C#

    - by Ranhiru
    Is there any implementation of AES-XTS written in C# available in the Internet? Bouncy Castle disappointed me :( I took the source codes of TrueCrypt and FreeOTFE but they are written in C which is very hard for me to understand... Anyone?

    Read the article

  • open encrypted file with php

    - by stormdrain
    Hi, I'm looking for a way to open encrypted files that are stored on a server. I'm using mcrypt to encrypt the files. I was initially going to create a class that would open the file, decrypt it, write it to a new location, then open that. But I have convinced myself there is a better way (I just don't know what it is). It seems like there should be a way to stream it (?) to the browser once it's decrypted. The initial setup would just link to the file location and the browser would take over (e.g. .pdf files would bring up a dialogue offering to open or save the file). If possible, I'd like it to do the same after decoding. Pointers? Advice? Bueller? Thanks!

    Read the article

  • Encrypt URL in asp.net

    - by Zerotoinfinite
    Hi All, My site is in asp.net 3.5 and C#. I am sending link to my user through mail, now I want to send each user a specific URL. so instead of sending the clear text I want to send link with encrypted string URL, which I will decrypt on my home page. Like instead of www.mysite.aspx\mypage?userId=12 i'll send www.mysite.aspx\mypage?UserId=)@kasd12 and the same i'll decrypt on my page so that I'll get the userId = 12. Please let me know if my approach is correct and not and how can I encrypt & decrypt the string in simplest and easier manner. Thanks in advance.

    Read the article

  • Why is my program printing out the null termination character?

    - by Tyler Pfaff
    When I run this, it will SOMETIMES print out a null termination character. Most of the time it will, and probably 1/5 times it will print just the characters. void cryptogram::Encrypt(){ cout<<"encrypt"<tempS){ len=tempS.length(); int a=0; for(int j=0;j if(j!=len){ //if the word still has more characters j++; a=0; }else{ //if the word is done being scanned cout<<" "; } } } } } } } So that's it and this is the corresponding EXPECTED output that is printed SOMETIMES xvk bkikhxlr wggbtfkj wiylekgbdhx wjjm hko wigbtubxt xvk iwhj uedjkm glctb gvrmdiwhj iebbdielmeggtbx ctb xvtmk gbtubxvk wjjdxdthgbtubodll khvxvk imkbfdik xt xvk bkudth whj gbtfdjk hko tgxdthm whj tggtbxehdxdkm ctb mxejkhxmibdzdhtltur whj pemxdik mxejdkm mxdh cok wbk wlmt gbkgctb cteb hko zdh cgvrmdikjeiwhj qdhkmdtlturzzkjdydtivkzdmxbrw zdh zdjjlkkjeiwhj w jtixtbdh kjeiwjzdhdmxbittgkbodxv mjme whj eimj This is what normally prints though xvkÈ bkikhxlrÈ wggbtfkjÈ wiylekgbdhxÈ wjjmÈ hkoÈ wigbtubxtÈ xvkÈ iwhjÈ uedjkmÈ glctbÈ gvrmdiwhjÈ iebbdielmeggtbxÈ ctbÈ xvtmkÈ gbtubxvkÈ wjjdxdthgbtubodllÈ khvxvkÈ imkbfdikÈ xtÈ xvkÈ bkudthÈ whjÈ gbtfdjkÈ hkoÈ tgxdthmÈ whjÈ tggtbxehdxdkmÈ ctbÈ mxejkhxmibdzdhtlturÈ whjÈ pemxdikÈ mxejdkmÈ mxdhÈ cokÈ wbkÈ wlmtÈ gbkgctbÈ ctebÈ hkoÈ zdhÈ cgvrmdikjeiwhjÈ qdhkmdtlturzzkjdydtivkzdmxbrwÈ zdhÈ zdjjlkkjeiwhjÈ wÈ jtixtbdhÈ kjeiwjzdhdmxbittgkbodxvÈ mjmeÈ whjÈ eimj or some variation of an odd character at the end of each word This is what the cryptogram array is filled with by the way wyijkcuvdpqlzhtgabmxefonrs

    Read the article

  • SSIS XML Decryption Message

    - by Vaccano
    My SSIS package says it is successful, but when it runs it ends not doing anything (that I can see). The only thing wrong is this message (that it does not qualify as an error). Description: Failed to decrypt an encrypted XML node because the password was not specified or not correct. Package load will attempt to continue without the encrypted information I do have a password on my packages, but I don't see anywhere to put the password in when I load the Package into SSIS. Am I missing a step?

    Read the article

  • Decryption Key value not match

    - by Jitendra Jadav
    public class TrippleENCRSPDESCSP { public TrippleENCRSPDESCSP() { } public void EncryptIt(string sData,ref byte[] sEncData,ref byte[] Key1,ref byte[] Key2) { try { // Create a new TripleDESCryptoServiceProvider object // to generate a key and initialization vector (IV). TripleDESCryptoServiceProvider tDESalg = new TripleDESCryptoServiceProvider(); // Create a string to encrypt. // Encrypt the string to an in-memory buffer. byte[] Data = EncryptTextToMemory(sData,tDESalg.Key,tDESalg.IV); sEncData = Data; Key1 = tDESalg.Key; Key2 = tDESalg.IV; } catch (Exception) { throw; } } public string DecryptIt(byte[] sEncData) { //byte[] toEncrypt = new ASCIIEncoding().GetBytes(sEncData); //XElement xParser = null; //XmlDocument xDoc = new XmlDocument(); try { //string Final = ""; string sPwd = null; string sKey1 = null; string sKey2 = null; //System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding(); string soutxml = ""; //soutxml = encoding.GetString(sEncData); soutxml = ASCIIEncoding.ASCII.GetString(sEncData); sPwd = soutxml.Substring(18, soutxml.LastIndexOf("</EncPwd>") - 18); sKey1 = soutxml.Substring(18 + sPwd.Length + 15, soutxml.LastIndexOf("</Key1>") - (18 + sPwd.Length + 15)); sKey2 = soutxml.Substring(18 + sPwd.Length + 15 + sKey1.Length + 13, soutxml.LastIndexOf("</Key2>") - (18 + sPwd.Length + 15 + sKey1.Length + 13)); //xDoc.LoadXml(soutxml); //xParser = XElement.Parse(soutxml); //IEnumerable<XElement> elemsValidations = // from el in xParser.Elements("EmailPwd") // select el; #region OldCode //XmlNodeList objXmlNode = xDoc.SelectNodes("EmailPwd"); //foreach (XmlNode xmllist in objXmlNode) //{ // XmlNode xmlsubnode; // xmlsubnode = xmllist.SelectSingleNode("EncPwd"); // xmlsubnode = xmllist.SelectSingleNode("Key1"); // xmlsubnode = xmllist.SelectSingleNode("Key2"); //} #endregion //foreach (XElement elemValidation in elemsValidations) //{ // sPwd = elemValidation.Element("EncPwd").Value; // sKey1 = elemValidation.Element("Key1").Value; // sKey2 = elemValidation.Element("Key2").Value; //} //byte[] Key1 = encoding.GetBytes(sKey1); //byte[] Key2 = encoding.GetBytes(sKey2); //byte[] Data = encoding.GetBytes(sPwd); byte[] Key1 = ASCIIEncoding.ASCII.GetBytes(sKey1); byte[] Key2 = ASCIIEncoding.ASCII.GetBytes(sKey2); byte[] Data = ASCIIEncoding.ASCII.GetBytes(sPwd); // Decrypt the buffer back to a string. string Final = DecryptTextFromMemory(Data, Key1, Key2); return Final; } catch (Exception) { throw; } } public static byte[] EncryptTextToMemory(string Data,byte[] Key,byte[] IV) { try { // Create a MemoryStream. MemoryStream mStream = new MemoryStream(); // Create a CryptoStream using the MemoryStream // and the passed key and initialization vector (IV). CryptoStream cStream = new CryptoStream(mStream, new TripleDESCryptoServiceProvider().CreateEncryptor(Key, IV), CryptoStreamMode.Write); // Convert the passed string to a byte array. //byte[] toEncrypt = new ASCIIEncoding().GetBytes(Data); byte[] toEncrypt = ASCIIEncoding.ASCII.GetBytes(Data); // Write the byte array to the crypto stream and flush it. cStream.Write(toEncrypt, 0, toEncrypt.Length); cStream.FlushFinalBlock(); // Get an array of bytes from the // MemoryStream that holds the // encrypted data. byte[] ret = mStream.ToArray(); // Close the streams. cStream.Close(); mStream.Close(); // Return the encrypted buffer. return ret; } catch (CryptographicException e) { MessageBox.Show("A Cryptographic error occurred: {0}", e.Message); return null; } } public static string DecryptTextFromMemory(byte[] Data, byte[] Key, byte[] IV) { try { // Create a new MemoryStream using the passed // array of encrypted data. MemoryStream msDecrypt = new MemoryStream(Data); // Create a CryptoStream using the MemoryStream // and the passed key and initialization vector (IV). CryptoStream csDecrypt = new CryptoStream(msDecrypt, new TripleDESCryptoServiceProvider().CreateDecryptor(Key, IV), CryptoStreamMode.Write); csDecrypt.Write(Data, 0, Data.Length); //csDecrypt.FlushFinalBlock(); msDecrypt.Position = 0; // Create buffer to hold the decrypted data. byte[] fromEncrypt = new byte[msDecrypt.Length]; // Read the decrypted data out of the crypto stream // and place it into the temporary buffer. msDecrypt.Read(fromEncrypt, 0, msDecrypt.ToArray().Length); //csDecrypt.Close(); MessageBox.Show(ASCIIEncoding.ASCII.GetString(fromEncrypt)); //Convert the buffer into a string and return it. return new ASCIIEncoding().GetString(fromEncrypt); } catch (CryptographicException e) { MessageBox.Show("A Cryptographic error occurred: {0}", e.Message); return null; } } }

    Read the article

  • How to encrypt information in aspx page?

    - by Jimmyc
    Hi all, I know it's a silly question but , My client asked for encrypting some information form their payment system to prevent user stealing personal information. The system is web-base and written by ASP.NET We have tried some annoying solution such as JavaScript no right-click or css-no-print but apparently my client didn't like it. so are there any commercial solution to encrypt information in aspx produced html pages? or someone can tell me how to pursuit my client to stop these "prevent stealing" idea in a web-base system?

    Read the article

  • BCrypt says long, similar passwords are equivalent - problem with me, the gem, or the field of crypt

    - by PreciousBodilyFluids
    I've been experimenting with BCrypt, and found the following. If it matters, I'm running ruby 1.9.2dev (2010-04-30 trunk 27557) [i686-linux] require 'bcrypt' # bcrypt-ruby gem, version 2.1.2 @long_string_1 = 'f287ed6548e91475d06688b481ae8612fa060b2d402fdde8f79b7d0181d6a27d8feede46b833ecd9633b10824259ebac13b077efb7c24563fce0000670834215' @long_string_2 = 'f6ebeea9b99bcae4340670360674482773a12fd5ef5e94c7db0a42800813d2587063b70660294736fded10217d80ce7d3b27c568a1237e2ca1fecbf40be5eab8' def salted(string) @long_string_1 + string + @long_string_2 end encrypted_password = BCrypt::Password.create(salted('password'), :cost => 10) puts encrypted_password #=> $2a$10$kNMF/ku6VEAfLFEZKJ.ZC.zcMYUzvOQ6Dzi6ZX1UIVPUh5zr53yEu password = BCrypt::Password.new(encrypted_password) puts password.is_password?(salted('password')) #=> true puts password.is_password?(salted('passward')) #=> true puts password.is_password?(salted('75747373')) #=> true puts password.is_password?(salted('passwor')) #=> false At first I thought that once the passwords got to a certain length, the dissimilarities would just be lost in all the hashing, and only if they were very dissimilar (i.e. a different length) would they be recognized as different. That didn't seem very plausible to me, from what I know of hash functions, but I didn't see a better explanation. Then, I tried shortening each of the long_strings to see where BCrypt would start being able to tell them apart, and I found that if I shortened each of the long strings to 100 characters or so, the final attempt ('passwor') would start returning true as well. So now I don't know what to think. What's the explanation for this?

    Read the article

  • implementing cryptographic algorithms, specifically the key expansion part

    - by masseyc
    Hey, recently I picked up a copy of Applied Cryptography by Bruce Schneier and it's been a good read. I now understand how several algorithms outlined in the book work, and I'd like to start implementing a few of them in C. One thing that many of the algorithms have in common is dividing an x-bit key, into several smaller y-bit keys. For example, blowfish's key, X, is 64-bits, but you are required to break it up into two 32-bit halves; Xl and Xr. This is where I'm getting stuck. I'm fairly decent with C, but I'm not the strongest when it comes to bitwise operators and the like. After some help on IRC, I managed to come up with these two macros: #define splitup(a, b, c) {b = a >> 32; c = a & 0xffffffff; } #define combine(a, b, c) {a = (c << 32) | a;} Where a is 64 bits and b and c are 32 bits. However, the compiler warns me about the fact that I'm shifting a 32 bit variable by 32 bits. My questions are these: what's bad about shifting a 32-bit variable 32 bits? I'm guessing it's undefined, but these macros do seem to be working. Also, would you suggest I go about this another way? As I said, I'm fairly familiar with C, but bitwise operators and the like still give me a headache.

    Read the article

  • Credit Card storage solution

    - by jtnire
    Hi Everyone, I'm developing a solution that is designed to store membership details, as well as credit card details. I'm trying to comply with PCI DSS as much as I can. Here is my design so far: PAN = Primary account number == long number on credit card Server A is a remote server. It stores all membership details (Names, Address etc..) and provides indivudal Key A's for each PAN stored Server B is a local server, and actually holds the encrypted PANs, as well as Key B, and does the decryption. To get a PAN, the client has to authenticate with BOTH servers, ask Server A for the respective Key A, then give Key A to server B, which will return the PAN to the client (provided authentication was sucessful). Server A will only ever encrypt Key A with Server B's public Key, as it will have it beforehand. Server B will probably have to send a salt first though, however I doin't think that has to be encrypted I havn't really thought about any implementation (i.e. coding) specifics yet regarding the above, however the solution is using Java's Cajo framework (wrapper for RMI) so that is how the servers will communicate with each other (Currently, membership details are transfered in this way). The reason why I want Server B to do the decryption, and not the client, is that I am afraid of decryption keys going into the client's RAM, even though it's probably just as bad on the server... Can anyone see anything wrong with the above design? It doesn't matter if the above has to be changed. Thanks jtnire

    Read the article

  • Translate from Java to C#: simple code to re-encode a string

    - by Dr. Zim
    We were sent this formula to encrypt a string written in Java: String myInput = "test1234"; MessageDigest md = MessageDigest.getInstance("SHA"); byte[] myD = md.digest(myInput.getBytes()); BASE64Encoder en64 = new BASE64Encoder(); String myOutput = new String ( Java.net.URLEncoder.encode( en64.encode(myD))); // myOutput becomes "F009U%2Bx99bVTGwS3cQdHf%2BJcpCo%3D" Our attempt at writing this in C# is: System.Security.Cryptography.SHA1 sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider(); string myOutput = HttpUtility.UrlEncode( Convert.ToBase64String( sha1.ComputeHash( ASCIIEncoding.Default.GetBytes(myInput)))); However the output is no where near the same. It doesn't even have percent signs in it. Any chance anyone would know where we are going wrong?

    Read the article

< Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45  | Next Page >