kandi background
Explore Kits

Signal-Server | Server supporting the Signal Private Messenger applications | Encryption library

 by   signalapp Java Version: Current License: AGPL-3.0

 by   signalapp Java Version: Current License: AGPL-3.0

Download this library from

kandi X-RAY | Signal-Server Summary

Signal-Server is a Java library typically used in Security, Encryption, React applications. Signal-Server has no bugs, it has no vulnerabilities, it has build file available, it has a Strong Copyleft License and it has medium support. You can download it from GitHub.
Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS
Support
Support
Quality
Quality
Security
Security
License
License
Reuse
Reuse

kandi-support Support

  • Signal-Server has a medium active ecosystem.
  • It has 7566 star(s) with 1816 fork(s). There are 388 watchers for this library.
  • It had no major release in the last 12 months.
  • Signal-Server has no issues reported. There are 1 open pull requests and 0 closed requests.
  • It has a neutral sentiment in the developer community.
  • The latest version of Signal-Server is current.
Signal-Server Support
Best in #Encryption
Average in #Encryption
Signal-Server Support
Best in #Encryption
Average in #Encryption

quality kandi Quality

  • Signal-Server has 0 bugs and 0 code smells.
Signal-Server Quality
Best in #Encryption
Average in #Encryption
Signal-Server Quality
Best in #Encryption
Average in #Encryption

securitySecurity

  • Signal-Server has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
  • Signal-Server code analysis shows 0 unresolved vulnerabilities.
  • There are 0 security hotspots that need review.
Signal-Server Security
Best in #Encryption
Average in #Encryption
Signal-Server Security
Best in #Encryption
Average in #Encryption

license License

  • Signal-Server is licensed under the AGPL-3.0 License. This license is Strong Copyleft.
  • Strong Copyleft licenses enforce sharing, and you can use them when creating open source projects.
Signal-Server License
Best in #Encryption
Average in #Encryption
Signal-Server License
Best in #Encryption
Average in #Encryption

buildReuse

  • Signal-Server releases are not available. You will need to build from source code and install.
  • Build file is available. You can build the component from source.
  • Installation instructions are not available. Examples and code snippets are available.
  • Signal-Server saves you 16870 person hours of effort in developing the same functionality from scratch.
  • It has 49698 lines of code, 3557 functions and 647 files.
  • It has medium code complexity. Code complexity directly impacts maintainability of the code.
Signal-Server Reuse
Best in #Encryption
Average in #Encryption
Signal-Server Reuse
Best in #Encryption
Average in #Encryption
Top functions reviewed by kandi - BETA

kandi has reviewed Signal-Server and discovered the below as its top functions. This is intended to give you an instant insight into Signal-Server implemented functionality, and help decide if they suit your requirements.

  • Creates an account .
  • Requests required captcha .
  • Sends the next message to the device .
  • Get the profile for the given account
  • Handle an unregistered user .
  • Excludes remote versions from the remote server .
  • Handles the crawl .
  • Method for write write operations .
  • Sends a message .
  • Sends a update message .

Signal-Server Key Features

Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS

default

copy iconCopydownload iconDownload
Looking for protocol documentation? Check out the website!

https://signal.org/docs/

Cryptography Notice
------------

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software.
BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted.
See <http://www.wassenaar.org/> for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms.
The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

License
---------------------

Copyright 2013-2021 Signal Messenger, LLC

Licensed under the AGPLv3: https://www.gnu.org/licenses/agpl-3.0.html

Community Discussions

Trending Discussions on Encryption
  • Crypto-js encryption and Python decryption using HKDF key
  • Access a .pem public key from .env file
  • iOS CryptoSwift AES Encryption to Python Decryption works - but not the inverse
  • Encrypt data in Javascript, Decrypt data in C# using private/public keys
  • How do I calculate a key check value for AES-128-CBC?
  • C# - How to Decrypt an Encrypted Private Key with Bouncy Castle
  • Problem Updating to .Net 6 - Encrypting String
  • Missing entries in user.config after decryption/encryption
  • multithreading or multiprocessing for encrypting multiple files
  • How do I correctly store encryption keys on macOS so only my executable can access them?
Trending Discussions on Encryption

QUESTION

Crypto-js encryption and Python decryption using HKDF key

Asked 2022-Mar-28 at 11:29

Based on the example provided here on how to establish a shared secret and derived key between JS (Crypto-JS) and Python, I can end up with the same shared secret and derived key on both ends.

However, when I try to encrypt as below, I cannot find a way to properly decrypt from Python. My understanding is that probably I am messing with the padding or salts and hashes.

    const payload = "hello"
    var iv = CryptoJS.enc.Utf8.parse("1020304050607080");

    var test = CryptoJS.AES.encrypt(
        payload,
        derived_key,
        {iv: iv, mode: CryptoJS.mode.CBC}
    ).toString();

    console.log(test)

Output "y+In4kriw0qy4lji6/x14g=="

Python (one of the attempts):

from Crypto.Cipher import AES
from Crypto.Util.Padding import pad,unpad

iv = "1020304050607080"

test_enc = "y+In4kriw0qy4lji6/x14g=="
enc = base64.b64decode(test_enc)

cipher = AES.new(derived_key, AES.MODE_CBC, iv.encode('utf-8'))

print(base64.b64decode(cipher.decrypt(enc)))

print(unpad(cipher.decrypt(enc),16))

Any guidance here would be greatly appreciated as I am stuck for quite some time.

(I have encryption working using a password, but struggling with HKDF).

EDIT:

Here is the full Python code:

from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives import serialization
import base64


from Crypto.Cipher import AES
from Crypto.Util.Padding import pad,unpad


def deriveKey():

  server_pkcs8 = b'''-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBReGpDVmoVTzxNbJx6
aL4L9z1EdB91eonAmAw7mKDocLfCJITXZPUAmM46c6AipTmhZANiAAR3t96P0ZhU
jtW3rHkHpeGu4e+YT+ufMiMeanE/w8p+d9aCslvIbZyBBzeZ/266yqTUUoiYDzqv
Hb5q8rz7vEgr3DG4XfHYpCqfE2nttQGK3emHKGnvY239AteZkdwMpcs=
-----END PRIVATE KEY-----'''

  client_x509 = b'''-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEm0xeyy3nVnYpOpx/CV/FnlNEdWUZaqtB
AGf7flKxXEjmlSUjseYzCd566sLpNg56Gw6hcFx+rWTLGR4eDRWfmwlXhyUasuEg
mb0BQf8XJLBdvadb9eFx2CP1yjBsiy8e
-----END PUBLIC KEY-----'''

  client_public_key = serialization.load_pem_public_key(client_x509)
  server_private_key = serialization.load_pem_private_key(server_pkcs8, password=None)
  shared_secret = server_private_key.exchange(ec.ECDH(), client_public_key)
  print('Shared secret: ' + base64.b64encode(shared_secret).decode('utf8')) # Shared secret: xbU6oDHMTYj3O71liM5KEJof3/0P4HlHJ28k7qtdqU/36llCizIlOWXtj8v+IngF

  salt_bytes = "12345678".encode('utf-8')
  info_bytes = "abc".encode('utf-8')

  derived_key = HKDF(
    algorithm=hashes.SHA256(),
    length=32,
    salt=salt_bytes,
    info=info_bytes,
  ).derive(shared_secret)
  print('Derived key:   ' + base64.b64encode(derived_key).decode('utf8'))
  return derived_key

derived_key = deriveKey()
iv = "1020304050607080"

test_enc = "y+In4kriw0qy4lji6/x14g=="
enc = base64.b64decode(test_enc)

cipher = AES.new(derived_key, AES.MODE_CBC, iv.encode('utf-8'))

print(base64.b64decode(cipher.decrypt(enc)))

print(unpad(cipher.decrypt(enc),16))

ANSWER

Answered 2022-Mar-28 at 11:29

The issue is that the key is not passed correctly in the CryptoJS code.


The posted Python code generates LefjQ2pEXmiy/nNZvEJ43i8hJuaAnzbA1Cbn1hOuAgA= as Base64-encoded key. This must be imported in the CryptoJS code using the Base64 encoder:

const payload = "hello"
var derived_key = CryptoJS.enc.Base64.parse("LefjQ2pEXmiy/nNZvEJ43i8hJuaAnzbA1Cbn1hOuAgA=")
var iv = CryptoJS.enc.Utf8.parse("1020304050607080");
var test = CryptoJS.AES.encrypt(payload, derived_key, {iv: iv, mode: CryptoJS.mode.CBC}).toString();
document.getElementById("ct").innerHTML = test; // bLdmGA+HLLyFEVtBEuCzVg==
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>
<p style="font-family:'Courier New', monospace;" id="ct"></p>

The hereby generated ciphertext bLdmGA+HLLyFEVtBEuCzVg== can be decrypted with the Python code:

from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
import base64

test_enc = "bLdmGA+HLLyFEVtBEuCzVg=="
enc = base64.b64decode(test_enc)
derived_key = base64.b64decode("LefjQ2pEXmiy/nNZvEJ43i8hJuaAnzbA1Cbn1hOuAgA=")
iv = "1020304050607080"
cipher = AES.new(derived_key, AES.MODE_CBC, iv.encode('utf-8'))
print(unpad(cipher.decrypt(enc),16)) # b'hello'

Note that for security reasons, a static IV should not be used so that key/IV pairs are not repeated.

Source https://stackoverflow.com/questions/71632056

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install Signal-Server

You can download it from GitHub.
You can use Signal-Server like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the Signal-Server component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

DOWNLOAD this Library from

Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
over 430 million Knowledge Items
Find more libraries
Reuse Solution Kits and Libraries Curated by Popular Use Cases

Save this library and start creating your kit

Explore Related Topics

Share this Page

share link
Compare Encryption Libraries with Highest Support
Compare Encryption Libraries with Permissive License
Compare Encryption Libraries with Highest Reuse
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
over 430 million Knowledge Items
Find more libraries
Reuse Solution Kits and Libraries Curated by Popular Use Cases

Save this library and start creating your kit

  • © 2022 Open Weaver Inc.