Search Results

Search found 514 results on 21 pages for 'cipher suites'.

Page 5/21 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Encryption in Java & Flex

    - by Jef
    I want tp encrypt and decrypt string, with defined salt. But the result must be same if the code run in java and adobe flex. The main goal is: the app in adobe flex will be generate a string that can be decrypt in server using java. I use this flex library http://crypto.hurlant.com/demo/ Try to 'Secret Key' Tab. I want to use AES Encryption, 'CBC' or 'PKCS5'. var k:String = "1234567890123456"; var kdata:ByteArray = Hex.toArray(k); var txt:String = "hello"; var data:ByteArray = Hex.toArray(Hex.fromString(txt));; var name:String = "simple-aes-cbc"; var pad:IPad =new PKCS5(); var mode:ICipher = Crypto.getCipher(name, kdata, pad); pad.setBlockSize(mode.getBlockSize()); mode.encrypt(data); encrypted.text=Hex.fromArray(data); trace(Hex.fromArray(data)); And here is the code in java String plaintext = "hello"; String key = "1234567890123456"; SecretKey keyspec = new SecretKeySpec(key.getBytes(), "AES"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE,keyspec); byte[] encrypted = cipher.doFinal(plaintext.getBytes()); BASE64Encoder base64 = new BASE64Encoder(); String encodedString = base64.encode(encrypted); System.out.println(encodedString); Why the result is not same? Can you guys provide the sample with the same result both of java and flex (encrypt and decrypt)? And if I want to change the paramater, for example, from cbc to ebc, which line that need to be changed? Thanks!

    Read the article

  • AES Encryption Java Invalid Key length

    - by wuntee
    I am trying to create an AES encryption method, but for some reason I keep getting a 'java.security.InvalidKeyException: Key length not 128/192/256 bits'. Here is the code: public static SecretKey getSecretKey(char[] password, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException{ SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWithMD5AndDES"); // NOTE: last argument is the key length, and it is 256 KeySpec spec = new PBEKeySpec(password, salt, 1024, 256); SecretKey tmp = factory.generateSecret(spec); SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES"); return(secret); } public static byte[] encrypt(char[] password, byte[] salt, String text) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidParameterSpecException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException{ SecretKey secret = getSecretKey(password, salt); Cipher cipher = Cipher.getInstance("AES"); // NOTE: This is where the Exception is being thrown cipher.init(Cipher.ENCRYPT_MODE, secret); byte[] ciphertext = cipher.doFinal(text.getBytes("UTF-8")); return(ciphertext); } Can anyone see what I am doing wrong? I am thinking it may have something to do with the SecretKeyFactory algorithm, but that is the only one I can find that is supported on the end system I am developing against. Any help would be appreciated. Thanks.

    Read the article

  • Android AES and init vector

    - by Donald_W
    I have an issue with AES encryptio and decryption: I can change my IV entirely and still I'm able to decode my data. public static final byte[] IV = { 65, 1, 2, 23, 4, 5, 6, 7, 32, 21, 10, 11, 12, 13, 84, 45 }; public static final byte[] IV2 = { 65, 1, 2, 23, 45, 54, 61, 81, 32, 21, 10, 121, 12, 13, 84, 45 }; public static final byte[] KEY = { 0, 42, 2, 54, 4, 45, 6, 7, 65, 9, 54, 11, 12, 13, 60, 15 }; public static final byte[] KEY2 = { 0, 42, 2, 54, 43, 45, 16, 17, 65, 9, 54, 11, 12, 13, 60, 15 }; //public static final int BITS = 256; public static void test() { try { // encryption Cipher c = Cipher.getInstance("AES"); SecretKeySpec keySpec = new SecretKeySpec(KEY, "AES"); c.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(IV)); String s = "Secret message"; byte[] data = s.getBytes(); byte[] encrypted = c.doFinal(data); String encryptedStr = ""; for (int i = 0; i < encrypted.length; i++) encryptedStr += (char) encrypted[i]; //decryoption Cipher d_c = Cipher.getInstance("AES"); SecretKeySpec d_keySpec = new SecretKeySpec(KEY, "AES"); d_c.init(Cipher.DECRYPT_MODE, d_keySpec, new IvParameterSpec(IV2)); byte[] decrypted = d_c.doFinal(encrypted); String decryptedStr = ""; for (int i = 0; i < decrypted.length; i++) decryptedStr += (char) decrypted[i]; Log.d("", decryptedStr); } catch (Exception ex) { Log.d("", ex.getMessage()); } } Any ideas what I'm doing wrong? How can I get 256 bit AES encryption (only change key to 32-byte long array?) Encryption is a new topic for me so please for newbie friendly answers.

    Read the article

  • slowAES encryption and java descryption

    - by amnon
    Hi , I've tried to implement the same steps as discussed in AES .NET but with no success , i can't seem to get java and slowAes to play toghter ... attached is my code i'm sorry i can't add more this is my first time trying to deal with encryption would appreciate any help private static final String ALGORITHM = "AES"; private static final byte[] keyValue = getKeyBytes("12345678901234567890123456789012"); private static final byte[] INIT_VECTOR = new byte[16]; private static IvParameterSpec ivSpec = new IvParameterSpec(INIT_VECTOR); public static void main(String[] args) throws Exception { String encoded = encrypt("watson?"); System.out.println(encoded); } private static Key generateKey() throws Exception { Key key = new SecretKeySpec(keyValue, ALGORITHM); // SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM); // key = keyFactory.generateSecret(new DESKeySpec(keyValue)); return key; } private static byte[] getKeyBytes(String key) { byte[] hash = DigestUtils.sha(key); byte[] saltedHash = new byte[16]; System.arraycopy(hash, 0, saltedHash, 0, 16); return saltedHash; } public static String encrypt(String valueToEnc) throws Exception { Key key = generateKey(); Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding"); c.init(Cipher.ENCRYPT_MODE, key,ivSpec); byte[] encValue = c.doFinal(valueToEnc.getBytes()); String encryptedValue = new BASE64Encoder().encode(encValue); return encryptedValue; } public static String decrypt(String encryptedValue) throws Exception { Key key = generateKey(); Cipher c = Cipher.getInstance(ALGORITHM); c.init(Cipher.DECRYPT_MODE, key); byte[] decordedValue = new BASE64Decoder().decodeBuffer(encryptedValue); byte[] decValue = c.doFinal(decordedValue); String decryptedValue = new String(decValue); return decryptedValue; } the bytes returned are different thanks in advance .

    Read the article

  • Encrypt string with public key only

    - by vlahovic
    i'm currently working on a android project where i need to encrypt a string using 128 bit AES, padding PKCS7 and CBC. I don't want to use any salt for this. I've tried loads of different variations including PBEKey but i can't come up with working code. This is what i currently have: String plainText = "24124124123"; String pwd = "BobsPublicPassword"; byte[] key = pwd.getBytes(); key = cutArray(key, 16); byte[] input = plainText.getBytes(); byte[] output = null; SecretKeySpec keySpec = null; keySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding"); cipher.init(Cipher.ENCRYPT_MODE, keySpec); output = cipher.doFinal(input); private static byte[] cutArray(byte[] arr, int length){ byte[] resultArr = new byte[length]; for(int i = 0; i < length; i++ ){ resultArr[i] = arr[i]; } return resultArr; } Any help appreciated //Vlahovic

    Read the article

  • Java RSA Encrypt using .NET XML Key File - need help

    - by badMonkey
    In .net I have generated the following public key file: <RSAKeyValue> <Modulus>xTSiS4+I/x9awUXcF66Ffw7tracsQfGCn6g6k/hGkLquHYMFTCYk4mOB5NwLwqczwvl8HkQfDShGcvrm47XHKUzA8iadWdA5n4toBECzRxiCWCHm1KEg59LUD3fxTG5ogGiNxDj9wSguCIzFdUxBYq5ot2J4iLgGu0qShml5vwk=</Modulus> <Exponent>AQAB</Exponent> .NET is happy to encrypt using it's normal methods. I am trying to use this key to encode a string in Java and am running into an Arithmetic problem (exception) when I attempt to encrypt the string. The following is the code I am using to encrypt: byte[] modulusBytes = Base64.decode(this.getString(R.string.public_key_modulus)); byte[] exponentBytes = Base64.decode(this.getString(R.string.public_key_exponent)); BigInteger modulus = new BigInteger( modulusBytes ); BigInteger exponent = new BigInteger( exponentBytes); RSAPublicKeySpec rsaPubKey = new RSAPublicKeySpec(modulus, exponent); KeyFactory fact = KeyFactory.getInstance("RSA"); PublicKey pubKey = fact.generatePublic(rsaPubKey); Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, pubKey); byte[] cipherData = cipher.doFinal( new String("big kitty dancing").getBytes() ); It is the final line in the code block that fails. I have looked at numerous examples and this is the best I could come up with. If it is not obvious, the R.string.public_key_modulus is a copy/paste of the text in the Modulus element, same applies for exponent.

    Read the article

  • MDM Poised for Growth

    - by david.butler(at)oracle.com
    David Nixon, an Oracle colleague of mine, was doing some research on MDM the other day. He came up with some well founded insights that I thought I’d share with you. Gartner recently published a note asking “Should Organizations Using ERP 'Do' Master Data Management?”  It may seem a bit strange but that’s a question Gartner has been asked by a number of companies as organizations are beginning to understand the importance of data governance and data stewardship.  That’s because ERP Suites typically “focus on integrating their own applications within suites, but have little interest in making their suites interoperate with the applications or suites of other vendors.”  Therefore, Gartner is advising customers that “have deployed or plan to support multiple packaged application suites (even from the same vendor) that have different semantic data and/or process models” to add an MDM solution. And it appears that customers are taking note.  In a more recent note entitled “Search Analytics Trends: Master Data Management”, Gartner noted that MDM searches on gartner.com in November 2010 “were 300% higher than [in] May 2009, indicating the increased interest an importance that businesses are placing on MDM.”  Why the increased interest?  Moving towards a single version of the truth is a familiar theme, but customers are talking more about the underlying business value that this enables.  For example, businesses are talking about the need to fix master data before they can successfully move forward on SOA initiatives.  And the growing demands for compliance continue to be a major driver.  In short, companies are talking more about specific and tangible business value, and they are looking for help creating business cases for an MDM initiative. Why This Matters Gartner’s notes make three things clear.  First, MDM is poised for growth as organizations gain a greater understanding for it and the need they have.  Many are still sorting it out, but the demand is growing and is sure to rise.  Second, any organization with a heterogeneous computing environment should invest in MDM.  Even solutions from the same vendor may have different data models and could benefit from MDM.  But the key to growth, or which vendors will benefit the most from it, is the third and perhaps most critical point: companies need help with the business case for MDM. Oracle can help your organization build a compelling business case for MDM. We have seen our 1100+ MDM customers gain competitive advantages in a wide variety of implementations. Give us a ring.

    Read the article

  • Oracle Hyperion si conferma leader nel Magic Quadrant Gartner 2012

    - by Andrea Cravero
    L'edizione 2012 del Gartner Magic Quadrant for Corporate Performance Management Suites conferma la leadership Oracle Hyperion, che dura ininterrotta dal 2005. Secondo Gartner, "Oracle is a Leader in CPM suites, with one of the most widely distributed solutions in the market. Oracle Hyperion Enterprise Performance Management is recognized by CFOs worldwide. The vendor has a well-established partner channel, with both large and smaller CPM SI specialists. Hyperion skills are also plentiful among the independent consultant community, given the well-established products." "Oracle continues to innovate, bringing incremental improvements across the portfolio as well as new financial close management, disclosure management and predictive planning additions. Furthermore, Oracle has improved integration of Hyperion with the Oracle BI platform, and has improved planning performance, enabling Hyperion Planning to use Oracle Exalytics In-Memory Machine." Il rapporto completo è disponibile qui: Gartner: Magic Quadrant for Corporate Performance Management Suites, 2012 Buona lettura!

    Read the article

  • Encrypt images before uploading to Dropbox [migrated]

    - by Cherry
    I want to encrypt a file first before the file will be uploaded to the dropbox. So i have implement the encryption inside the uploading of the codes. However, there is an error after i integrate the codes together. Where did my mistake go wrong? Error at putFileOverwriteRequest and it says The method putFileOverwriteRequest(String, InputStream, long, ProgressListener) in the type DropboxAPI is not applicable for the arguments (String, FileOutputStream, long, new ProgressListener(){}) Another problem is that this FileOutputStream fis = new FileOutputStream(new File("dont know what to put in this field")); i do not know where to put the file so that after i read the file, it will call the path and then upload to the Dropbox. Anyone is kind to help me in this? As time is running out for me and i still cant solve the problem. Thank you in advance. The full code is as below. public class UploadPicture extends AsyncTask<Void, Long, Boolean> { private DropboxAPI<?> mApi; private String mPath; private File mFile; private long mFileLen; private UploadRequest mRequest; private Context mContext; private final ProgressDialog mDialog; private String mErrorMsg; public UploadPicture(Context context, DropboxAPI<?> api, String dropboxPath, File file) { // We set the context this way so we don't accidentally leak activities mContext = context.getApplicationContext(); mFileLen = file.length(); mApi = api; mPath = dropboxPath; mFile = file; mDialog = new ProgressDialog(context); mDialog.setMax(100); mDialog.setMessage("Uploading " + file.getName()); mDialog.setProgressStyle(ProgressDialog.STYLE_HORIZONTAL); mDialog.setProgress(0); mDialog.setButton("Cancel", new OnClickListener() { public void onClick(DialogInterface dialog, int which) { // This will cancel the putFile operation mRequest.abort(); } }); mDialog.show(); } @Override protected Boolean doInBackground(Void... params) { try { KeyGenerator keygen = KeyGenerator.getInstance("DES"); SecretKey key = keygen.generateKey(); //generate key //encrypt file here first byte[] plainData; byte[] encryptedData; Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); //File f = new File(mFile); //read file FileInputStream in = new FileInputStream(mFile); //obtains input bytes from a file plainData = new byte[(int)mFile.length()]; in.read(plainData); //Read bytes of data into an array of bytes encryptedData = cipher.doFinal(plainData); //encrypt data FileOutputStream fis = new FileOutputStream(new File("dont know what to put in this field")); //upload to a path first then call the path so that it can be uploaded up to the dropbox //save encrypted file to dropbox // By creating a request, we get a handle to the putFile operation, // so we can cancel it later if we want to //FileInputStream fis = new FileInputStream(mFile); String path = mPath + mFile.getName(); mRequest = mApi.putFileOverwriteRequest(path, fis, mFile.length(), new ProgressListener() { @Override public long progressInterval() { // Update the progress bar every half-second or so return 500; } @Override public void onProgress(long bytes, long total) { publishProgress(bytes); } }); if (mRequest != null) { mRequest.upload(); return true; } } catch (DropboxUnlinkedException e) { // This session wasn't authenticated properly or user unlinked mErrorMsg = "This app wasn't authenticated properly."; } catch (DropboxFileSizeException e) { // File size too big to upload via the API mErrorMsg = "This file is too big to upload"; } catch (DropboxPartialFileException e) { // We canceled the operation mErrorMsg = "Upload canceled"; } catch (DropboxServerException e) { // Server-side exception. These are examples of what could happen, // but we don't do anything special with them here. if (e.error == DropboxServerException._401_UNAUTHORIZED) { // Unauthorized, so we should unlink them. You may want to // automatically log the user out in this case. } else if (e.error == DropboxServerException._403_FORBIDDEN) { // Not allowed to access this } else if (e.error == DropboxServerException._404_NOT_FOUND) { // path not found (or if it was the thumbnail, can't be // thumbnailed) } else if (e.error == DropboxServerException._507_INSUFFICIENT_STORAGE) { // user is over quota } else { // Something else } // This gets the Dropbox error, translated into the user's language mErrorMsg = e.body.userError; if (mErrorMsg == null) { mErrorMsg = e.body.error; } } catch (DropboxIOException e) { // Happens all the time, probably want to retry automatically. mErrorMsg = "Network error. Try again."; } catch (DropboxParseException e) { // Probably due to Dropbox server restarting, should retry mErrorMsg = "Dropbox error. Try again."; } catch (DropboxException e) { // Unknown error mErrorMsg = "Unknown error. Try again."; } catch (FileNotFoundException e) { } return false; } @Override protected void onProgressUpdate(Long... progress) { int percent = (int)(100.0*(double)progress[0]/mFileLen + 0.5); mDialog.setProgress(percent); } @Override protected void onPostExecute(Boolean result) { mDialog.dismiss(); if (result) { showToast("Image successfully uploaded"); } else { showToast(mErrorMsg); } } private void showToast(String msg) { Toast error = Toast.makeText(mContext, msg, Toast.LENGTH_LONG); error.show(); } }

    Read the article

  • Padding error when using RSA Encryption in C# and Decryption in Java

    - by Matt Shaver
    Currently I am receiving the following error when using Java to decrypt a Base64 encoded RSA encrypted string that was made in C#: javax.crypto.BadPaddingException: Not PKCS#1 block type 2 or Zero padding The setup process between the exchange from .NET and Java is done by creating a private key in the .NET key store then from the PEM file extracted, created use keytool to create a JKS version with the private key. Java loads the already created JKS and decodes the Base64 string into a byte array and then uses the private key to decrypt. Here is the code that I have in C# that creates the encrypted string: public string Encrypt(string value) { byte[] baIn = null; byte[] baRet = null; string keyContainerName = "test"; CspParameters cp = new CspParameters(); cp.Flags = CspProviderFlags.UseMachineKeyStore; cp.KeyContainerName = keyContainerName; RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(cp); // Convert the input string to a byte array baIn = UnicodeEncoding.Unicode.GetBytes(value); // Encrypt baRet = rsa.Encrypt(baIn, false); // Convert the encrypted byte array to a base64 string return Convert.ToBase64String(baRet); } Here is the code that I have in Java that decrypts the inputted string: public void decrypt(String base64String) { String keyStorePath = "C:\Key.keystore"; String storepass = "1234"; String keypass = "abcd"; byte[] data = Base64.decode(base64String); byte[] cipherData = null; keystore = KeyStore.getInstance("JKS"); keystore.load(new FileInputStream(keyStorePath), storepass.toCharArray()); RSAPrivateKey privateRSAKey = (RSAPrivateKey) keystore.getKey(alias, keypass.toCharArray()); Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.DECRYPT_MODE, privateRSAKey); cipherData = cipher.doFinal(data); System.out.println(new String(cipherData)); } Does anyone see a step missing or where the padding or item needs to be changed? I have done hours of reading on this site and others but haven't really found a concrete solution. You're help is vastly appreciated. Thanks. -Matt

    Read the article

  • How to use Bouncy Castle lightweight API with AES and PBE

    - by Adrian
    I have a block of ciphertext that was created using the JCE algorithim "PBEWithSHA256And256BitAES-CBC-BC". The provider is BouncyCastle. What I'd like to do it decrypt this ciphertext using the BouncyCastle lightweight API. I don't want to use JCE because that requires installing the Unlimited Strength Jurisdiction Policy Files. Documentation seems to be thin on the ground when it comes to using BC with PBE and AES. Here's what I have so far. The decryption code runs without exception but returns rubbish. The encryption code, String password = "qwerty"; String plainText = "hello world"; byte[] salt = generateSalt(); byte[] cipherText = encrypt(plainText, password.toCharArray(), salt); private static byte[] generateSalt() throws NoSuchAlgorithmException { byte salt[] = new byte[8]; SecureRandom saltGen = SecureRandom.getInstance("SHA1PRNG"); saltGen.nextBytes(salt); return salt; } private static byte[] encrypt(String plainText, char[] password, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException { Security.addProvider(new BouncyCastleProvider()); PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, 20); PBEKeySpec pbeKeySpec = new PBEKeySpec(password); SecretKeyFactory keyFac = SecretKeyFactory.getInstance("PBEWithSHA256And256BitAES-CBC-BC"); SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec); Cipher encryptionCipher = Cipher.getInstance("PBEWithSHA256And256BitAES-CBC-BC"); encryptionCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec); return encryptionCipher.doFinal(plainText.getBytes()); } The decryption code, byte[] decryptedText = decrypt(cipherText, password.getBytes(), salt); private static byte[] decrypt(byte[] cipherText, byte[] password, byte[] salt) throws DataLengthException, IllegalStateException, InvalidCipherTextException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException { BlockCipher engine = new AESEngine(); CBCBlockCipher cipher = new CBCBlockCipher(engine); PKCS5S1ParametersGenerator keyGenerator = new PKCS5S1ParametersGenerator(new SHA256Digest()); keyGenerator.init(password, salt, 20); CipherParameters keyParams = keyGenerator.generateDerivedParameters(256); cipher.init(false, keyParams); byte[] decryptedBytes = new byte[cipherText.length]; int numBytesCopied = cipher.processBlock(cipherText, 0, decryptedBytes, 0); return decryptedBytes; }

    Read the article

  • what is wrong in java AES decrypt function?

    - by rohit
    hi, i modified the code available on http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html and made encrypt and decrypt methods in program. but i am getting BadpaddingException.. also the function is returning null.. why it is happing?? whats going wrong? please help me.. these are variables i am using: kgen = KeyGenerator.getInstance("AES"); kgen.init(128); raw = new byte[]{(byte)0x00,(byte)0x11,(byte)0x22,(byte)0x33,(byte)0x44,(byte)0x55,(byte)0x66,(byte)0x77,(byte)0x88,(byte)0x99,(byte)0xaa,(byte)0xbb,(byte)0xcc,(byte)0xdd,(byte)0xee,(byte)0xff}; skeySpec = new SecretKeySpec(raw, "AES"); cipher = Cipher.getInstance("AES"); plainText=null; cipherText=null; following is decrypt function.. public String decrypt(String cipherText) { try { cipher.init(Cipher.DECRYPT_MODE, skeySpec); byte[] original = cipher.doFinal(cipherText.getBytes()); plainText = new String(original); } catch(BadPaddingException e) { } return plainText; }

    Read the article

  • Cannot run public class in one .java from another

    - by DIOS
    I have created a basic program that takes whatever is input into two textfields and exports them to a file. I would now like to encrypt that file, and alredy have the encryptor. The problem is that I cannot call it. Here is my code for the encryptor: import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.*; import javax.crypto.Cipher; import javax.crypto.CipherInputStream; import javax.crypto.CipherOutputStream; import javax.crypto.spec.SecretKeySpec; public class FileEncryptor { private String algo; private File file; public FileEncryptor(String algo,String path) { this.algo=algo; //setting algo this.file=new File(path); //settong file } public void encrypt() throws Exception{ //opening streams FileInputStream fis =new FileInputStream(file); file=new File(file.getAbsolutePath()); FileOutputStream fos =new FileOutputStream(file); //generating key byte k[] = "HignDlPs".getBytes(); SecretKeySpec key = new SecretKeySpec(k,algo.split("/")[0]); //creating and initialising cipher and cipher streams Cipher encrypt = Cipher.getInstance(algo); encrypt.init(Cipher.ENCRYPT_MODE, key); CipherOutputStream cout=new CipherOutputStream(fos, encrypt); byte[] buf = new byte[1024]; int read; while((read=fis.read(buf))!=-1) //reading data cout.write(buf,0,read); //writing encrypted data //closing streams fis.close(); cout.flush(); cout.close(); } public static void main (String[] args)throws Exception { new FileEncryptor("DES/ECB/PKCS5Padding","C:\\Users\\*******\\Desktop\\newtext").encrypt();//encrypts the current file. } } Here is the section of my file creator that is failing to call this: FileWriter fWriter = null; BufferedWriter writer = null; try{ fWriter = new FileWriter("C:\\Users\\*******\\Desktop\\newtext"); writer = new BufferedWriter(fWriter); writer.write(Data); writer.close(); f.dispose(); FileEncryptor encr = new FileEncryptor(); //problem lies here. encr.encrypt //public void that does the encryption. new complete(); //different .java that is working fine.

    Read the article

  • AES and CBC in PHP

    - by Kane
    I am trying to encrypt a string in php using AES-128 and CBC, but when I call mcrypt_generic_init() it returns false. $cipher = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '',MCRYPT_MODE_CBC, ''); $iv_size = mcrypt_enc_get_iv_size($cipher); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $res = mcrypt_generic_init($cipher, 'aaaa', $iv); //'aaaa' is a test key Can someone tell me why is returning 0/false? I read the php documentation and seems correct (http://us.php.net/manual/en/mcrypt.examples.php)

    Read the article

  • How to setup IPSec with Amazon EC2

    - by bonzi
    How to setup an IPSec connection from my ubuntu laptop to Amazon EC2 instance? I tried setting it up using elastic IP and VPC with the following openswan configuration but it is not working. conn host-to-host left=%defaultroute leftsubnet=EC2PRIVATEIP/32 # Local netmask leftid=ELASTICIP leftrsasigkey= connaddrfamily=ipv4 right=1laptopip # Remote IP address rightid=laptopip rightrsasigkey= ike=aes128 # IKE algorithms (AES cipher) esp=aes128 # ESP algorithns (AES cipher) auto=add pfs=yes forceencaps=yes type=tunnel

    Read the article

  • How to setup IPSec with Amazon EC2

    - by bonzi
    How to setup an IPSec connection from my ubuntu laptop to Amazon EC2 instance? I tried setting it up using elastic IP and VPC with the following openswan configuration but it is not working. conn host-to-host left=%defaultroute leftsubnet=EC2PRIVATEIP/32 # Local netmask leftid=ELASTICIP leftrsasigkey= connaddrfamily=ipv4 right=1laptopip # Remote IP address rightid=laptopip rightrsasigkey= ike=aes128 # IKE algorithms (AES cipher) esp=aes128 # ESP algorithns (AES cipher) auto=add pfs=yes forceencaps=yes type=tunnel

    Read the article

  • OpenVPN not connecting

    - by LandArch
    There have been a number of post similar to this, but none seem to satisfy my need. Plus I am a Ubuntu newbie. I followed this tutorial to completely set up OpenVPN on Ubuntu 12.04 server. Here is my server.conf file ################################################# # Sample OpenVPN 2.0 config file for # # multi-client server. # # # # This file is for the server side # # of a many-clients <-> one-server # # OpenVPN configuration. # # # # OpenVPN also supports # # single-machine <-> single-machine # # configurations (See the Examples page # # on the web site for more info). # # # # This config should work on Windows # # or Linux/BSD systems. Remember on # # Windows to quote pathnames and use # # double backslashes, e.g.: # # "C:\\Program Files\\OpenVPN\\config\\foo.key" # # # # Comments are preceded with '#' or ';' # ################################################# # Which local IP address should OpenVPN # listen on? (optional) local 192.168.13.8 # Which TCP/UDP port should OpenVPN listen on? # If you want to run multiple OpenVPN instances # on the same machine, use a different port # number for each one. You will need to # open up this port on your firewall. port 1194 # TCP or UDP server? proto tcp ;proto udp # "dev tun" will create a routed IP tunnel, # "dev tap" will create an ethernet tunnel. # Use "dev tap0" if you are ethernet bridging # and have precreated a tap0 virtual interface # and bridged it with your ethernet interface. # If you want to control access policies # over the VPN, you must create firewall # rules for the the TUN/TAP interface. # On non-Windows systems, you can give # an explicit unit number, such as tun0. # On Windows, use "dev-node" for this. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. dev tap0 up "/etc/openvpn/up.sh br0" down "/etc/openvpn/down.sh br0" ;dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel if you # have more than one. On XP SP2 or higher, # you may need to selectively disable the # Windows firewall for the TAP adapter. # Non-Windows systems usually don't need this. ;dev-node MyTap # SSL/TLS root certificate (ca), certificate # (cert), and private key (key). Each client # and the server must have their own cert and # key file. The server and all clients will # use the same ca file. # # See the "easy-rsa" directory for a series # of scripts for generating RSA certificates # and private keys. Remember to use # a unique Common Name for the server # and each of the client certificates. # # Any X509 key management system can be used. # OpenVPN can also use a PKCS #12 formatted key file # (see "pkcs12" directive in man page). ca "/etc/openvpn/ca.crt" cert "/etc/openvpn/server.crt" key "/etc/openvpn/server.key" # This file should be kept secret # Diffie hellman parameters. # Generate your own with: # openssl dhparam -out dh1024.pem 1024 # Substitute 2048 for 1024 if you are using # 2048 bit keys. dh dh1024.pem # Configure server mode and supply a VPN subnet # for OpenVPN to draw client addresses from. # The server will take 10.8.0.1 for itself, # the rest will be made available to clients. # Each client will be able to reach the server # on 10.8.0.1. Comment this line out if you are # ethernet bridging. See the man page for more info. ;server 10.8.0.0 255.255.255.0 # Maintain a record of client <-> virtual IP address # associations in this file. If OpenVPN goes down or # is restarted, reconnecting clients can be assigned # the same virtual IP address from the pool that was # previously assigned. ifconfig-pool-persist ipp.txt # Configure server mode for ethernet bridging. # You must first use your OS's bridging capability # to bridge the TAP interface with the ethernet # NIC interface. Then you must manually set the # IP/netmask on the bridge interface, here we # assume 10.8.0.4/255.255.255.0. Finally we # must set aside an IP range in this subnet # (start=10.8.0.50 end=10.8.0.100) to allocate # to connecting clients. Leave this line commented # out unless you are ethernet bridging. server-bridge 192.168.13.101 255.255.255.0 192.168.13.105 192.168.13.200 # Configure server mode for ethernet bridging # using a DHCP-proxy, where clients talk # to the OpenVPN server-side DHCP server # to receive their IP address allocation # and DNS server addresses. You must first use # your OS's bridging capability to bridge the TAP # interface with the ethernet NIC interface. # Note: this mode only works on clients (such as # Windows), where the client-side TAP adapter is # bound to a DHCP client. ;server-bridge # Push routes to the client to allow it # to reach other private subnets behind # the server. Remember that these # private subnets will also need # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server. push "route 192.168.13.1 255.255.255.0" push "dhcp-option DNS 192.168.13.201" push "dhcp-option DOMAIN blahblah.dyndns-wiki.com" ;push "route 192.168.20.0 255.255.255.0" # To assign specific IP addresses to specific # clients or if a connecting client has a private # subnet behind it that should also have VPN access, # use the subdirectory "ccd" for client-specific # configuration files (see man page for more info). # EXAMPLE: Suppose the client # having the certificate common name "Thelonious" # also has a small subnet behind his connecting # machine, such as 192.168.40.128/255.255.255.248. # First, uncomment out these lines: ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 # Then create a file ccd/Thelonious with this line: # iroute 192.168.40.128 255.255.255.248 # This will allow Thelonious' private subnet to # access the VPN. This example will only work # if you are routing, not bridging, i.e. you are # using "dev tun" and "server" directives. # EXAMPLE: Suppose you want to give # Thelonious a fixed VPN IP address of 10.9.0.1. # First uncomment out these lines: ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 # Then add this line to ccd/Thelonious: # ifconfig-push 10.9.0.1 10.9.0.2 # Suppose that you want to enable different # firewall access policies for different groups # of clients. There are two methods: # (1) Run multiple OpenVPN daemons, one for each # group, and firewall the TUN/TAP interface # for each group/daemon appropriately. # (2) (Advanced) Create a script to dynamically # modify the firewall in response to access # from different clients. See man # page for more info on learn-address script. ;learn-address ./script # If enabled, this directive will configure # all clients to redirect their default # network gateway through the VPN, causing # all IP traffic such as web browsing and # and DNS lookups to go through the VPN # (The OpenVPN server machine may need to NAT # or bridge the TUN/TAP interface to the internet # in order for this to work properly). ;push "redirect-gateway def1 bypass-dhcp" # Certain Windows-specific network settings # can be pushed to clients, such as DNS # or WINS server addresses. CAVEAT: # http://openvpn.net/faq.html#dhcpcaveats # The addresses below refer to the public # DNS servers provided by opendns.com. ;push "dhcp-option DNS 208.67.222.222" ;push "dhcp-option DNS 208.67.220.220" # Uncomment this directive to allow different # clients to be able to "see" each other. # By default, clients will only see the server. # To force clients to only see the server, you # will also need to appropriately firewall the # server's TUN/TAP interface. ;client-to-client # Uncomment this directive if multiple clients # might connect with the same certificate/key # files or common names. This is recommended # only for testing purposes. For production use, # each client should have its own certificate/key # pair. # # IF YOU HAVE NOT GENERATED INDIVIDUAL # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, # EACH HAVING ITS OWN UNIQUE "COMMON NAME", # UNCOMMENT THIS LINE OUT. ;duplicate-cn # The keepalive directive causes ping-like # messages to be sent back and forth over # the link so that each side knows when # the other side has gone down. # Ping every 10 seconds, assume that remote # peer is down if no ping received during # a 120 second time period. keepalive 10 120 # For extra security beyond that provided # by SSL/TLS, create an "HMAC firewall" # to help block DoS attacks and UDP port flooding. # # Generate with: # openvpn --genkey --secret ta.key # # The server and each client must have # a copy of this key. # The second parameter should be '0' # on the server and '1' on the clients. ;tls-auth ta.key 0 # This file is secret # Select a cryptographic cipher. # This config item must be copied to # the client config file as well. ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES # Enable compression on the VPN link. # If you enable it here, you must also # enable it in the client config file. comp-lzo # The maximum number of concurrently connected # clients we want to allow. ;max-clients 100 # It's a good idea to reduce the OpenVPN # daemon's privileges after initialization. # # You can uncomment this out on # non-Windows systems. user nobody group nogroup # The persist options will try to avoid # accessing certain resources on restart # that may no longer be accessible because # of the privilege downgrade. persist-key persist-tun # Output a short status file showing # current connections, truncated # and rewritten every minute. status openvpn-status.log # By default, log messages will go to the syslog (or # on Windows, if running as a service, they will go to # the "\Program Files\OpenVPN\log" directory). # Use log or log-append to override this default. # "log" will truncate the log file on OpenVPN startup, # while "log-append" will append to it. Use one # or the other (but not both). ;log openvpn.log ;log-append openvpn.log # Set the appropriate level of log # file verbosity. # # 0 is silent, except for fatal errors # 4 is reasonable for general usage # 5 and 6 can help to debug connection problems # 9 is extremely verbose verb 3 # Silence repeating messages. At most 20 # sequential messages of the same message # category will be output to the log. ;mute 20 I am using Windows 7 as the Client and set that up accordingly using the OpenVPN GUI. That conf file is as follows: ############################################## # Sample client-side OpenVPN 2.0 config file # # for connecting to multi-client server. # # # # This configuration can be used by multiple # # clients, however each client should have # # its own cert and key files. # # # # On Windows, you might want to rename this # # file so it has a .ovpn extension # ############################################## # Specify that we are a client and that we # will be pulling certain config file directives # from the server. client # Use the same setting as you are using on # the server. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. dev tap0 up "/etc/openvpn/up.sh br0" down "/etc/openvpn/down.sh br0" ;dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap # Are we connecting to a TCP or # UDP server? Use the same setting as # on the server. proto tcp ;proto udp # The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. blahblah.dyndns-wiki.com 1194 ;remote my-server-2 1194 # Choose a random host from the remote # list for load-balancing. Otherwise # try hosts in the order specified. ;remote-random # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite # Most clients don't need to bind to # a specific local port number. nobind # Downgrade privileges after initialization (non-Windows only) user nobody group nobody # Try to preserve some state across restarts. persist-key persist-tun # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] # Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. ;mute-replay-warnings # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ca "C:\\Program Files\OpenVPN\config\\ca.crt" cert "C:\\Program Files\OpenVPN\config\\ChadMWade-THINK.crt" key "C:\\Program Files\OpenVPN\config\\ChadMWade-THINK.key" # Verify server certificate by checking # that the certicate has the nsCertType # field set to "server". This is an # important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the nsCertType # field set to "server". The build-key-server # script in the easy-rsa folder will do this. ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. ;cipher x # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. comp-lzo # Set log file verbosity. verb 3 # Silence repeating messages ;mute 20 Not sure whats left to do.

    Read the article

  • Openvpn - stuck on Connecting

    - by user224277
    I've got a problem with openvpn server... every time when I trying to connect to the VPN , I am getting a window with login and password box, so I typed my login and password (login = Common Name (user1) and password is from a challenge password from the client certificate. Logs : Jun 7 17:03:05 test ovpn-openvpn[5618]: Authenticate/Decrypt packet error: packet HMAC authentication failed Jun 7 17:03:05 test ovpn-openvpn[5618]: TLS Error: incoming packet authentication failed from [AF_INET]80.**.**.***:54179 Client.ovpn : client #dev tap dev tun #proto tcp proto udp remote [Server IP] 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert user1.crt key user1.key <tls-auth> -----BEGIN OpenVPN Static key V1----- d1e0... -----END OpenVPN Static key V1----- </tls-auth> ns-cert-type server cipher AES-256-CBC comp-lzo yes verb 0 mute 20 My openvpn.conf : port 1194 #proto tcp proto udp #dev tap dev tun #dev-node MyTap ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/VPN.crt key /etc/openvpn/keys/VPN.key dh /etc/openvpn/keys/dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt #push „route 192.168.5.0 255.255.255.0? #push „route 192.168.10.0 255.255.255.0? keepalive 10 120 tls-auth /etc/openvpn/keys/ta.key 0 #cipher BF-CBC # Blowfish #cipher AES-128-CBC # AES #cipher DES-EDE3-CBC # Triple-DES comp-lzo #max-clients 100 #user nobody #group nogroup persist-key persist-tun status openvpn-status.log #log openvpn.log #log-append openvpn.log verb 3 sysctl : net.ipv4.ip_forward=1

    Read the article

  • How to match ColdFusion encryption with Java 1.4.2?

    - by JohnTheBarber
    * sweet - thanks to Edward Smith for the CF Technote that indicated the key from ColdFusion was Base64 encoded. See generateKey() for the 'fix' My task is to use Java 1.4.2 to match the results a given ColdFusion code sample for encryption. Known/given values: A 24-byte key A 16-byte salt (IVorSalt) Encoding is Hex Encryption algorithm is AES/CBC/PKCS5Padding A sample clear-text value The encrypted value of the sample clear-text after going through the ColdFusion code Assumptions: Number of iterations not specified in the ColdFusion code so I assume only one iteration 24-byte key so I assume 192-bit encryption Given/working ColdFusion encryption code sample: <cfset ThisSalt = "16byte-salt-here"> <cfset ThisAlgorithm = "AES/CBC/PKCS5Padding"> <cfset ThisKey = "a-24byte-key-string-here"> <cfset thisAdjustedNow = now()> <cfset ThisDateTimeVar = DateFormat( thisAdjustedNow , "yyyymmdd" )> <cfset ThisDateTimeVar = ThisDateTimeVar & TimeFormat( thisAdjustedNow , "HHmmss" )> <cfset ThisTAID = ThisDateTimeVar & "|" & someOtherData> <cfset ThisTAIDEnc = Encrypt( ThisTAID , ThisKey , ThisAlgorithm , "Hex" , ThisSalt)> My Java 1.4.2 encryption/decryption code swag: package so.example; import java.security.*; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.*; public class SO_AES192 { private static final String _AES = "AES"; private static final String _AES_CBC_PKCS5Padding = "AES/CBC/PKCS5Padding"; private static final String KEY_VALUE = "a-24byte-key-string-here"; private static final String SALT_VALUE = "16byte-salt-here"; private static final int ITERATIONS = 1; private static IvParameterSpec ivParameterSpec; public static String encryptHex(String value) throws Exception { Key key = generateKey(); Cipher c = Cipher.getInstance(_AES_CBC_PKCS5Padding); ivParameterSpec = new IvParameterSpec(SALT_VALUE.getBytes()); c.init(Cipher.ENCRYPT_MODE, key, ivParameterSpec); String valueToEncrypt = null; String eValue = value; for (int i = 0; i < ITERATIONS; i++) { // valueToEncrypt = SALT_VALUE + eValue; // pre-pend salt - Length > sample length valueToEncrypt = eValue; // don't pre-pend salt Length = sample length byte[] encValue = c.doFinal(valueToEncrypt.getBytes()); eValue = Hex.encodeHexString(encValue); } return eValue; } public static String decryptHex(String value) throws Exception { Key key = generateKey(); Cipher c = Cipher.getInstance(_AES_CBC_PKCS5Padding); ivParameterSpec = new IvParameterSpec(SALT_VALUE.getBytes()); c.init(Cipher.DECRYPT_MODE, key, ivParameterSpec); String dValue = null; char[] valueToDecrypt = value.toCharArray(); for (int i = 0; i < ITERATIONS; i++) { byte[] decordedValue = Hex.decodeHex(valueToDecrypt); byte[] decValue = c.doFinal(decordedValue); // dValue = new String(decValue).substring(SALT_VALUE.length()); // when salt is pre-pended dValue = new String(decValue); // when salt is not pre-pended valueToDecrypt = dValue.toCharArray(); } return dValue; } private static Key generateKey() throws Exception { // Key key = new SecretKeySpec(KEY_VALUE.getBytes(), _AES); // this was wrong Key key = new SecretKeySpec(new BASE64Decoder().decodeBuffer(keyValueString), _AES); // had to un-Base64 the 'known' 24-byte key. return key; } } I cannot create a matching encrypted value nor decrypt a given encrypted value. My guess is it's something to do with how I'm handling the initial vector/salt. I'm not very crypto-savvy but I'm thinking I should be able to take the sample clear-text and produce the same encrypted value in Java as ColdFusion produced. I am able to encrypt/decrypt my own data with my Java code (so I'm consistent) but I cannot match nor decrypt the ColdFusion sample encrypted value. I have access to a local webservice that can test the encrypted output. The given ColdFusion output sample passes/decrypts fine (of course). If I try to decrypt the same sample with my Java code (using the actual key and salt) I get a "Given final block not properly padded" error. I get the same net result when I pass my attempt at encryption (using the actual key and salt) to the test webservice. Any Ideas?

    Read the article

  • How do I enable ciphers for NSS?

    - by Cody
    I am trying to use curl built with NSS (not built with OpenSSL) on Fedora 14 to connect to a webpage over https. The server to which I am connecting (example.com) uses the RC4-SHA cipher for its SSL. Whenever I try to connect to example.com, I get the NSS error SSL_ERROR_NO_CYPHER_OVERLAP. I can connect via curl on this computer to example-2.com which has the DHE-RSA-AES256-SHA cipher. I can connect to example.com from a different computer that has curl built with OpenSSL. How do I find out which ciphers are enabled on NSS and how do I enable the RC4-SHA cipher on NSS?

    Read the article

  • Windows Server 2012 - SSL Cypher Suite Order Not Long Enough

    - by Sam
    I want to re-order the cypher suites on our new Windows Server 2012 box to help mitigate the BEAST vulnerability for our clients. I went to Local Group Policy => Computer Configuration => Administrative Templates => Network => SSL Configuration Settings, opened SSL Cypher Suite Order, enabled it, and copied the values from the SSL Cypher Suites textbox. I pasted them into notepad, re-ordered them, then copied+pasted them back into the SSL Cypher Suites textbox. However, the box isn't long enough to hold them all, despite the fact that the length didn't change. I would have to drop the last 3 cyphers (SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_NULL_SHA) in order for it to fit. Should I just drop them? Other ideas?

    Read the article

  • ODF (Open Document Format) para ISVs - 16/Dez/10

    - by Paulo Folgado
    Os ISVs (Independent Software Vendors) sentem frequentemente necessidade de incluir nas suas aplicações uma funcionalidade de exportação de informação - uma carta, uma tabela com dados financeiros, um gráfico, etc - para que possa ser trabalhada externamente com ferramentas ditas de Produtividade num 'desktop' (também designadas por 'Suites de Office'). Nessas situações são confrontados com a necessidade de elegerem que formato deve ser usado para essa exportação de dados, sendo a escolha mais usual a utilização dos formatos do Microsoft Office. Contudo, se fôr essa a sua única opção, estarão a auto excluir-se de um mercado em crescimento constituído pelos clientes que utilizam outras ferramentas de produtividade, nomeadamente as que são baseadas no standard ISO Open Document Format (ODF), como é o caso do Open Office. Este seminário tem por objectivo dar aos parceiros ISVs da Oracle: Uma visão sobre o mercado actual de 'suites' de Office e dos standards usados pelos principais fornecedores de soluções A estratégia da Oracle para o Open Office Razões para deverem suportar a norma ODF Como suportar ODF nas suas aplicações Agenda O mercado actual das Suites Office Os standards actuais "de facto" e oficiais - MS-Office, OOXML e ODF Que produtos usam o ODF hoje Estratégia Oracle para o Open Office Porquê suportar ODF nas aplicações Como adaptar as aplicações actuais à utilização de ODF Local: Oracle - Lagoas ParkData: 16 de DezembroDuração: 1/2 diaHorário: 9:30 - 12:00 Inscrições: Email, ou pelo telefone 211929708 Para mais informações, por favor contacte Claudia Costa via Email ou telefone 214235027.

    Read the article

  • Design practice for securing data inside Azure SQL

    - by Sid
    Update: I'm looking for a specific design practice as we try to build-our-own database encryption. Azure SQL doesn't support many of the encryption features found in SQL Server (Table and Column encryption). We need to store some sensitive information that needs to be encrypted and we've rolled our own using AesCryptoServiceProvider to encrypt/decrypt data to/from the database. This solves the immediate issue (no cleartext in db) but poses other problems like Key rotation (we have to roll our own code for this, walking through the db converting old cipher text into new cipher text) metadata mapping of which tables and which columns are encrypted. This is simple when it's just couple of columns (send an email to all devs/document) but that quickly gets out of hand ... So, what is the best practice for doing application level encryption into a database that doesn't support encryption? In particular, what is a good design to solve the above two bullet points? If you had specific schema additions would love it if you could give details ("Have a NVARCHAR(max) column to store the cipher metadata as JSON" or a SQL script/commands). If someone would like to recommend a library, I'd be happy to stay away from "DIY" too. Before going too deep - I assume there isn't any way I can add encryption support to Azure by creating a stored procedure, right?

    Read the article

  • Encryption is hard: AES encryption to Hex

    - by Rob Cameron
    So, I've got an app at work that encrypts a string using ColdFusion. ColdFusion's bulit-in encryption helpers make it pretty simple: encrypt('string_to_encrypt','key','AES','HEX') What I'm trying to do is use Ruby to create the same encrypted string as this ColdFusion script is creating. Unfortunately encryption is the most confusing computer science subject known to man. I found a couple helper methods that use the openssl library and give you a really simple encryption/decryption method. Here's the resulting string: "\370\354D\020\357A\227\377\261G\333\314\204\361\277\250" Which looks unicode-ish to me. I've tried several libraries to convert this to hex but they all say it contains invalid characters. Trying to unpack it results in this: string = "\370\354D\020\357A\227\377\261G\333\314\204\361\277\250" string.unpack('U') ArgumentError: malformed UTF-8 character from (irb):19:in `unpack' from (irb):19 At the end of the day it's supposed to look like this (the output of the ColdFusion encrypt method): F8E91A689565ED24541D2A0109F201EF Of course that's assuming that all the padding, initialization vectors, salts, cypher types and a million other possible differences all line up. Here's the simple script I'm using to encrypt/decrypt: def aes(m,k,t) (aes = OpenSSL::Cipher::Cipher.new('aes-256-cbc').send(m)).key = Digest::SHA256.digest(k) aes.update(t) << aes.final end def encrypt(key, text) aes(:encrypt, key, text) end def decrypt(key, text) aes(:decrypt, key, text) end Any help? Maybe just a simple option I can pass to OpenSSL::Cipher::Cipher that will tell it to hex-encode the final string?

    Read the article

  • Encrypt a hex string in java.

    - by twintwins
    I would like to ask for any suggestions about my problem. I need to encrypt a hexadecimal string. I must not to use the built-in functions of java because it doesn't work in my server. In short, I have to hard code an algorithm or any means of encrypting the message. Anyone who could help me with this? thanks a lot! here is the code. public Encrypt(SecretKey key, String algorithm) { try { ecipher = Cipher.getInstance(algorithm); dcipher = Cipher.getInstance(algorithm); ecipher.init(Cipher.ENCRYPT_MODE, key); dcipher.init(Cipher.DECRYPT_MODE, key); } catch (NoSuchPaddingException e) { System.out.println("EXCEPTION: NoSuchPaddingException"); } catch (NoSuchAlgorithmException e) { System.out.println("EXCEPTION: NoSuchAlgorithmException"); } catch (InvalidKeyException e) { System.out.println("EXCEPTION: InvalidKeyException"); } } public void useSecretKey(String secretString) { try { SecretKey desKey = KeyGenerator.getInstance("DES").generateKey(); SecretKey blowfishKey = KeyGenerator.getInstance("Blowfish").generateKey(); SecretKey desedeKey = KeyGenerator.getInstance("DESede").generateKey(); Encrypt desEncrypter = new Encrypt(desKey, desKey.getAlgorithm()); Encrypt blowfishEncrypter = new Encrypt(blowfishKey, blowfishKey.getAlgorithm()); Encrypt desedeEncrypter = new Encrypt(desedeKey, desedeKey.getAlgorithm()); desEncrypted = desEncrypter.encrypt(secretString); blowfishEncrypted = blowfishEncrypter.encrypt(secretString); desedeEncrypted = desedeEncrypter.encrypt(secretString); } catch (NoSuchAlgorithmException e) {} } those are the methods i used. no problem if it is run as an application but then when i put it to my server which is the glassfish server an exception occured and it says no such algorithm.

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >