Search Results

Search found 1329 results on 54 pages for 'aes encrypt'.

Page 41/54 | < Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >

  • Simple string encryption in .NET and Javascript

    - by jonathanconway
    I'm developing an ASP.NET MVC application in which I want to encrypt a short string on the server, using C#, and send it to the client-side. Then on the client-side it will be decrypted through Javascript code. Any thoughts on how to implement this? Do you know of a simple encryption algorithm (doesn't have to be bullet-proof secure) that can be easily translated from C# to Javascript or vice-versa? NOTE: I could do this entirely in C# and do the decryption through Ajax, but I'd prefer not to do it this way, as I want to reduce website traffic as much as possible.

    Read the article

  • Secure messaging using Secure MIME is it reliable?

    - by aaronb
    We have an automatic reporting and notification system written in .net that sends emails with plain text. We are having to encrypt the messages that we send our clients. The possible implementation approaches we have: Send messages as S/Mime email with attachments. Plain text email with that just contains a link to a web site that will display the message over https. It seems like S/Mime is a simpler solution, as we won't need to create the web application or secure it. Our concern is our interoperability with our clients email clients and more importantly their email filtering software. Has anyone had success or issues deploying a Secure MIME messaging solution?

    Read the article

  • How can a hacker put a file on my server root (apache, php, 1and1)

    - by mike-sav
    Hi there, I have a site hosted on 1and1 and a couple of weeks ago I noticed a hacker had put a .php file on the server that when viewed in a browser exposed my DB schema, DB connection strings, FTP account (for file uploads using a form), etc, etc. Naturally I panicked and I wiped the server and reuploaded my files. Fortunatley I encrypt passwords using MD5 and I don't store things like credit card details, etc, etc. Now I checked my files and with all user input I use a clean function (htmlentities, sql_real_escape_string, etc, etc) that strips the input of any XSS or SQL injection. I have also made sure that the session key gets re-engineered when a user status changes (like they log into their account) to prevent session hijacking, my folder permissions are set to 755 and file permission are 644. Has anyone got any idea how this could have happened? Or if I'm missing something

    Read the article

  • open encrypted file with php

    - by stormdrain
    Hi, I'm looking for a way to open encrypted files that are stored on a server. I'm using mcrypt to encrypt the files. I was initially going to create a class that would open the file, decrypt it, write it to a new location, then open that. But I have convinced myself there is a better way (I just don't know what it is). It seems like there should be a way to stream it (?) to the browser once it's decrypted. The initial setup would just link to the file location and the browser would take over (e.g. .pdf files would bring up a dialogue offering to open or save the file). If possible, I'd like it to do the same after decoding. Pointers? Advice? Bueller? Thanks!

    Read the article

  • Decryption Key value not match

    - by Jitendra Jadav
    public class TrippleENCRSPDESCSP { public TrippleENCRSPDESCSP() { } public void EncryptIt(string sData,ref byte[] sEncData,ref byte[] Key1,ref byte[] Key2) { try { // Create a new TripleDESCryptoServiceProvider object // to generate a key and initialization vector (IV). TripleDESCryptoServiceProvider tDESalg = new TripleDESCryptoServiceProvider(); // Create a string to encrypt. // Encrypt the string to an in-memory buffer. byte[] Data = EncryptTextToMemory(sData,tDESalg.Key,tDESalg.IV); sEncData = Data; Key1 = tDESalg.Key; Key2 = tDESalg.IV; } catch (Exception) { throw; } } public string DecryptIt(byte[] sEncData) { //byte[] toEncrypt = new ASCIIEncoding().GetBytes(sEncData); //XElement xParser = null; //XmlDocument xDoc = new XmlDocument(); try { //string Final = ""; string sPwd = null; string sKey1 = null; string sKey2 = null; //System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding(); string soutxml = ""; //soutxml = encoding.GetString(sEncData); soutxml = ASCIIEncoding.ASCII.GetString(sEncData); sPwd = soutxml.Substring(18, soutxml.LastIndexOf("</EncPwd>") - 18); sKey1 = soutxml.Substring(18 + sPwd.Length + 15, soutxml.LastIndexOf("</Key1>") - (18 + sPwd.Length + 15)); sKey2 = soutxml.Substring(18 + sPwd.Length + 15 + sKey1.Length + 13, soutxml.LastIndexOf("</Key2>") - (18 + sPwd.Length + 15 + sKey1.Length + 13)); //xDoc.LoadXml(soutxml); //xParser = XElement.Parse(soutxml); //IEnumerable<XElement> elemsValidations = // from el in xParser.Elements("EmailPwd") // select el; #region OldCode //XmlNodeList objXmlNode = xDoc.SelectNodes("EmailPwd"); //foreach (XmlNode xmllist in objXmlNode) //{ // XmlNode xmlsubnode; // xmlsubnode = xmllist.SelectSingleNode("EncPwd"); // xmlsubnode = xmllist.SelectSingleNode("Key1"); // xmlsubnode = xmllist.SelectSingleNode("Key2"); //} #endregion //foreach (XElement elemValidation in elemsValidations) //{ // sPwd = elemValidation.Element("EncPwd").Value; // sKey1 = elemValidation.Element("Key1").Value; // sKey2 = elemValidation.Element("Key2").Value; //} //byte[] Key1 = encoding.GetBytes(sKey1); //byte[] Key2 = encoding.GetBytes(sKey2); //byte[] Data = encoding.GetBytes(sPwd); byte[] Key1 = ASCIIEncoding.ASCII.GetBytes(sKey1); byte[] Key2 = ASCIIEncoding.ASCII.GetBytes(sKey2); byte[] Data = ASCIIEncoding.ASCII.GetBytes(sPwd); // Decrypt the buffer back to a string. string Final = DecryptTextFromMemory(Data, Key1, Key2); return Final; } catch (Exception) { throw; } } public static byte[] EncryptTextToMemory(string Data,byte[] Key,byte[] IV) { try { // Create a MemoryStream. MemoryStream mStream = new MemoryStream(); // Create a CryptoStream using the MemoryStream // and the passed key and initialization vector (IV). CryptoStream cStream = new CryptoStream(mStream, new TripleDESCryptoServiceProvider().CreateEncryptor(Key, IV), CryptoStreamMode.Write); // Convert the passed string to a byte array. //byte[] toEncrypt = new ASCIIEncoding().GetBytes(Data); byte[] toEncrypt = ASCIIEncoding.ASCII.GetBytes(Data); // Write the byte array to the crypto stream and flush it. cStream.Write(toEncrypt, 0, toEncrypt.Length); cStream.FlushFinalBlock(); // Get an array of bytes from the // MemoryStream that holds the // encrypted data. byte[] ret = mStream.ToArray(); // Close the streams. cStream.Close(); mStream.Close(); // Return the encrypted buffer. return ret; } catch (CryptographicException e) { MessageBox.Show("A Cryptographic error occurred: {0}", e.Message); return null; } } public static string DecryptTextFromMemory(byte[] Data, byte[] Key, byte[] IV) { try { // Create a new MemoryStream using the passed // array of encrypted data. MemoryStream msDecrypt = new MemoryStream(Data); // Create a CryptoStream using the MemoryStream // and the passed key and initialization vector (IV). CryptoStream csDecrypt = new CryptoStream(msDecrypt, new TripleDESCryptoServiceProvider().CreateDecryptor(Key, IV), CryptoStreamMode.Write); csDecrypt.Write(Data, 0, Data.Length); //csDecrypt.FlushFinalBlock(); msDecrypt.Position = 0; // Create buffer to hold the decrypted data. byte[] fromEncrypt = new byte[msDecrypt.Length]; // Read the decrypted data out of the crypto stream // and place it into the temporary buffer. msDecrypt.Read(fromEncrypt, 0, msDecrypt.ToArray().Length); //csDecrypt.Close(); MessageBox.Show(ASCIIEncoding.ASCII.GetString(fromEncrypt)); //Convert the buffer into a string and return it. return new ASCIIEncoding().GetString(fromEncrypt); } catch (CryptographicException e) { MessageBox.Show("A Cryptographic error occurred: {0}", e.Message); return null; } } }

    Read the article

  • asp.net forms authentication timing out after 1 minute

    - by user548929
    I'm using ASP.NET MVC 3 with the Authorize attribute, but it keeps kicking me to the logon page after 1 minute, but even though my expiration is set to a very high value, it times out quickly. I check the cookie in my browser and its still there and not set to expire until about a month later, and it's set to be persistent, so I'm not sure why it keeps booting me. It only happens on my published location, locally it works just fine. var ticket = new FormsAuthenticationTicket(username, true, 500000); var encryptedTicket = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); cookie.Expires = ticket.Expiration; Response.Cookies.Add(cookie); web.config: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="7200" slidingExpiration="false"/> </authentication>

    Read the article

  • Thread Local Memory for Scratch Memory.

    - by Hassan Syed
    I am using Protocol Buffers and OpensSSL to generate, HMACs and then CBC encrypt the two fields to obfuscate the session cookies -- similar Kerberos tokens. Protocol Buffers' API communicates with std::strings and has a buffer caching mechanism; I exploit the caching mechanism, for successive calls in the the same thread, by placing it in thread local memory; additionally the OpenSSL HMAC and EVP CTX's are also placed in the same thread local memory structure ( see this question for some detail on why I use thread local memory and the massive amount of speedup it enables even with a single thread). The generation and deserialization, "my algorithms", of these cookie strings uses intermediary void *s and std::strings and since Protocol Buffers has an internal memory retention mechanism I want these characteristics for "my algorithms". So how do I implement a common scratch memory ? I don't know much about the rdbuf of the std::string object. I would presumeably need to grow it to the lowest common size ever encountered during the execution of "my algorithms". Thoughts ?

    Read the article

  • Translate from Java to C#: simple code to re-encode a string

    - by Dr. Zim
    We were sent this formula to encrypt a string written in Java: String myInput = "test1234"; MessageDigest md = MessageDigest.getInstance("SHA"); byte[] myD = md.digest(myInput.getBytes()); BASE64Encoder en64 = new BASE64Encoder(); String myOutput = new String ( Java.net.URLEncoder.encode( en64.encode(myD))); // myOutput becomes "F009U%2Bx99bVTGwS3cQdHf%2BJcpCo%3D" Our attempt at writing this in C# is: System.Security.Cryptography.SHA1 sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider(); string myOutput = HttpUtility.UrlEncode( Convert.ToBase64String( sha1.ComputeHash( ASCIIEncoding.Default.GetBytes(myInput)))); However the output is no where near the same. It doesn't even have percent signs in it. Any chance anyone would know where we are going wrong?

    Read the article

  • Best way to order menu items injected by an IoC/plugin Framework

    - by Daver
    One of the common things I've seen done in applications built on IoC/plugin frameworks is to add commands to menus or toolbars from the dynamically loaded plugins. For example, the application's default plugins supply actions like "New, Open, Save" that show up in the context menu for a certain item in the workspace. A new plugin may add "Mail, Post, Encrypt" commands, but where do those commands show up in relation to "New, Open, Save"? How can the application that is loading components through IoC impose order on the items that get injected? Does it require metadata from the plugins that give a hint on how to group or order the items? Does it use a config file of previously known menu names (or ids) to define the order (seems a little weak to me)? Or are "unknown" plugins treated as second class citizens and always get dumped into sub menus? Something I've never even imagined (which I'm hoping to see in the answers)

    Read the article

  • IsAuthenticated is false!

    - by Naor
    This is how I login ('user' holds the data of the user): HttpResponse Response = HttpContext.Current.Response; HttpRequest Request = HttpContext.Current.Request; FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, user.UserId.ToString(), DateTime.Now, DateTime.Now.AddHours(12), false, UserResolver.Serialize(user)); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.Path = FormsAuthentication.FormsCookiePath; Response.Cookies.Add(cookie); string redirectUrl = user.HomePage; Response.Redirect(redirectUrl); After this login I get IsAuthenticated == false. Why?? It worked for me before an hour but I don't know what is wrong now.

    Read the article

  • Using a password to generate two distinct hashes without reducing password security

    - by Nevins
    Hi there, I'm in the process of designing a web application that will require the storage of GPG keys in an encrypted format in a database. I'm planning on storing the user's password in a bCrypt hash in the database. What I would like to be able to do is to use that bCrypt to authenticate the user then use the combination of the stored bCrypt hash and another hash of the password to encrypt and decrypt the GPG keys. My question is whether I can do this without reducing the security of the password? I was thinking I may be able to use something like an HMAC-SHA256 of a static string using the password and a salt as the secret key. Is there a better way to do this that I haven't thought of? Thanks

    Read the article

  • How to open save dialog box for saving pdf

    - by Mutturaj Bali
    I truly appreciate your suggestions. I am using MVC3 and I want user to save to his own path by opening a dialog with password protected. Can you guys please help me on this. Below is my code: mydoc.GenerateLetter(PdfData); string WorkingFolder = Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments); using (MemoryStream m = new MemoryStream()) { m.Write(mydoc.DocumentBytes, 0, mydoc.DocumentBytes.Length); m.Seek(0, SeekOrigin.Begin); string OutputFile = Path.Combine(WorkingFolder, PdfData.Name + ".pdf"); using (Stream output = new FileStream(OutputFile, FileMode.Create, FileAccess.Write, FileShare.None)) { PdfReader reader = new PdfReader(m); PdfEncryptor.Encrypt(reader, output, true, "abc123", "secret", PdfWriter.ALLOW_SCREENREADERS); } }

    Read the article

  • Can you create a HIPAA compliant Amazon S3 Web Application?

    - by xkingpin
    I am facing some questions when trying to design an S3 application using ASP.NET MVC and trying to stay HIPAA compliant. My initial plan was to require an SSL connection to my web server, encrypt the images on my server, then send them to s3 using my private keys. Here's my obvious concerns: You cannot store unencrypted images in any temporary file cache when client views images within the browser. Even if I setup an ashx to generically handle the image in memory, couldn't this get stored in cache? Saying the images will be encrpyted because you will be connecting to my server via https still does not guarantee all browsers will not cache data. It's not possible to even consider the "Query String" with expiration option since data will be encrypted before being stored on disk at s3, and will again be decrypted at my server in memory. I think my only option would be to write/purchase some sort of ActiveX component that will not expose the image as a simple html image source or write my app as a client side WinForm application.

    Read the article

  • Encoding license file for privacy

    - by Swingline Rage
    Hi, We're using XML Digital Signatures for signing and verifying our license keys. The signing works fine and has been running smoothly. The XML license file contains a few (plaintext) details about the license, along with a binary signature. We'd like to encode (I don't say encrypt) those plaintext details (license duration, user name, etc, etc.) so they're not immediately visible to prying eyes. Is there a standard (eg, base 64 or something else) that people use in this situation? It doesn't need to be secure or particularly clever, just enough to conceal the information in Notepad. Thanks : )

    Read the article

  • Encryption-Decryption in Rails

    - by Salil
    Hi All, I am using require 'digest/sha1' to encrypt my password and save into database. During login I authenticate by matching the encrypted password saved in database and again encrypted the one use enter in password field. As of now everything works fine but now I want to do 'Forgot Password' functionality. To do this I need to decrypt the password which is saved in database to find original one. How to decrypt using digest/sha1? Or does anyone know any algorithm which supports encryption & decryption as well? I am using ruby on rails so I need Ruby way to accomplish it.

    Read the article

  • Simple 2 way encryption for C#

    - by Matt Dawdy
    I'm looking for very simple encrypt and decrypt functionality for some data. It's not mission critical. I need something to keep honest people honest, but something a little stronger than ROT13 or Base64. I'd prefer something that is already included in the .Net framework 2.0 so I don't have to worry about any external dependencies. Pre-emptive EDIT: I really don't want to have to mess around with public/private keys, etc. I don't know much about encryption, but I do enough to know that anything I wrote would be less than worthless...in fact, I'd probably screw up the math and make it trivial to crack.

    Read the article

  • Server-side application configuration security. Best practices

    - by Andrew Florko
    We publish server-side application to our customer workstation and customer's security guys are concerned about configuration connection strings safety. Connection strings are stored as plain text right now, but as configuration file is not in the public/shared folder we supposed that workstation security itself is enough. What are the ways to improve connection strings security further? It is a big step forward to encrypt password and keep a decryption key on the same workstation? What are the steps we can take to keep connection strings (and alike) information more and more securable? Thank you in advance!

    Read the article

  • how do i convert RSAParameters from .net to .pem file so i can use it in php

    - by netuser24
    Hello i have a private and public keys for RSA generated in .net in this format string privateKey = "<RSAKeyValue>" + "<Modulus>...kCFhsjB4xMW49mrx5B/Ga...</Modulus>" + "<Exponent>...</Exponent>" + "<P>...7bRCrQVgVIfXdTIH3iY8x...</P>" + "<Q>...4SiQDhrAZADuFDTr7bRCrQVgVIfXdTIH3iY8x...</Q>" + "<DP>...ZADuFDTr7bRCrQVgVIfXdT...</DP>" + "<DQ>...4SiQDhrAZADuFDTr...</DQ>" + "<InverseQ>...sjB4xMW49mrx5B/Ga...</InverseQ>" + "<D>...SiQDhrAZADuFDTr7bRCrQVgVIf...</D>" + "</RSAKeyValue>"; how can i convert this so i can use it in php openssl functions to encrypt and decrypt data? i need both public and private keys converted. maybe with openssl bash command in linux where can i specify my own modulus, exponent and so on? any ideas? thanks

    Read the article

  • Storing And Using Microsoft User Account Credentials in SQL Server 2008 database

    - by user337501
    I'm not exactly positive how to word this for the sake of the title so please forgive me. Also I can't seem to figure out how to even google this question, so I'm hoping that I can get a lead in the right direction. Part of my software(VB.NET App) requires the ability to access/read/write a shared network folder. I have an option for the user to specify any credentials that might be needed to access said folder. I want to store these credentials given in the SQL Server database as part of the config (I have a table which contains configuration). My concern is that the password for the user account will be unencrpyted. Yet, if I encrypt the password the VB.NET App And/Or database will be unable to use the credentials for file i/o operations unless the Password is unencrypted before use. I'm fishing for suggestions on how to better handle this situation.

    Read the article

  • Architecture of a secure application that encrypts data in the database.

    - by Przemyslaw Rózycki
    I need to design an application that protects some data in a database against root attack. It means, that even if the aggressor takes control over the machine where data is stored or machine with the application server, he can't read some business critical data from the database. This is a customer's requirement. I'm going to encrypt data with some assymetric algorithm and I need some good ideas, where to store private keys, so that data is secure as well as the application usability was quite comfortable? We can assume, for simplicity, that only one key pair is used.

    Read the article

  • Problem with bluetooth service in J2ME don't discoverable

    - by Fran
    Hi! I try to create a service with: LocalDevice localDevice = LocalDevice.getLocalDevice(); localDevice.setDiscoverable(DiscoveryAgent.GIAC); String url = "btl2cap://localhost:"+uuid.toString()+";name="+name+";authorize=true;authenticate=true;encrypt=true"; L2CAPConnectionNotifier notifier = (L2CAPConnectionNotifier)Connector.open(url); ServiceRecord = localDevice.getRecord(notifier); // Set some attributes // ... conn = notifier.acceptAndOpen(); //... I run this code on a Nokia 5800 and Nokia 2760, with 5800 I can see 2760, but not vice versa, I don't know what is the problem, I have think security problems... Any ideas? Thanks!

    Read the article

  • Creating a function that will handle objects with common properties

    - by geocine
    Take this as an example I have trimmed this example for readability and you may not find the use of this concept here. class Teacher() { public Name {get; set;} public Salt {get; set;} public Department{get; set;} } class Student() { public Name {get; set;} public Salt {get; set;} public Section{get; set;} } public string GetEncryptedName(object Person) { //return encrypted name based on Name and Salt property return encrypt(object.Salt,object.Name) } callig the function GetEncryptedName(Teacher) GetEncryptedName(Student) How do you implement this kind of stuff?

    Read the article

  • How to hide keys in application?

    - by WilliamKF
    I have a C++ client/server application where the client and server are my executable. Each time a connection is made between the client and server, I generate a new encryption key for that session and I wish to transmit this session key and encrypt this session key using a static key that is built into both the client and server. However, running strings on my executable reveals the static key. How can I hide the embedded static key in my client and server application so that they are not easily extracted and thus allowing someone to decode my session key.

    Read the article

  • Decryption with the public key in iphone

    - by vignesh
    Hi all, I have a public key and an encrypted string. I could encrypt with publickey successfully.But when i try to decrypt using the publickey it fails. I mean when i pass the publickey seckeyDecrypt it fails. I have Googled and found out that by default kSecAttrCanDecrypt is false for public keys.So When i import the public key, i have added this particular line , [publicKeyAttr setObject:(id)kCFBooleanTrue forKey:(id)kSecAttrCanDecrypt]; But there is no improvement it still fails. Please somebody help.

    Read the article

  • OpenSSL compatible API for Scala?

    - by pfleidi
    Hello, I'm working on a project with a friend. He's implementing his software in Ruby and I'm doing my stuff in Scala (with Lift). We're using some asynchronous encryption and he is using the ruby OpenSSL bindings for that: key = OpenSSL::PKey::RSA.generate(4096) self.public_key = key.public_key self.private_key = key What I'm looking for is a simple API which is compatible to OpenSSL and runs on the JVM. I need it to create key-pairs and to encrypt and sign our payload. Do you have any suggestions?

    Read the article

< Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >