encrypt | nodejs encrypt_decode & & encrypt_encode | Runtime Evironment library

I ended implementing the TLS handshake timeout this way:

I would start with running sp_who2 on the database server to see if sqlpackage has made a connection to it, and if it's blocking on the server somewhere.

If so, you can further investigate with the SQL Server Profiler (can be found in the Tools menu of SQL Server Management Studio)

Here I'm wondering about the line [in s_client]
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384

You're apparently using OpenSSL 1.0.2, where that's a basically useless relic. Back in the days when OpenSSL supported SSLv2 (mostly until 2010, although almost no one used it much after 2000), the ciphersuite values used for SSLv3 and up (including all TLS, but before 2014 OpenSSL didn't implement higher than TLS1.0) were structured differently than those used for SSLv2, so it was important to qualify the ciphersuite by the 'universe' it existed in. It has almost nothing to do with the protocol version actually used, which appears later in the session-param decode:

The way you're encrypting data makes no sense. Asymmetric encryption can only encrypt a small, fixed amount of data. Never use asymmetric encryption such as RSA-OAEP for anything other than a symmetric key, and use that symmetric key to encrypt the actual data. For the symmetric encryption, use a proper AEAD mode such as AES-GCM or ChaCha20-Poly1305. This is called hybrid encryption.

Other things that are wrong with your code:

• A 1024-bit RSA key is not enough for security: 2048-bit is a minimum, and you should prepare to move away from RSA because its key sizes don't scale well. (Feel free to use 1024-bit keys for testing and learning, just don't use anything less than 2048-bit for RSA in production.)
• The encryption is a binary format, but you join up lines as if they were text. Text or binary: pick one. Preferably use a well-known format such as ASN.1 (complex but well-supported) for binary data or JSON for text. If you need to encode binary data in a text format, use Base64.

If this is for real-world use, scrap this and use NaCl or libsodium. In Python, use a Python wrapper such as libnacl, PyNaCl, pysodium or csodium. Use a public-key box. The Python APIs are slightly different for each Python wrapper, but all include a way to export the keys.

If this is a learning exercise, read up on hybrid encryption. Look inside libsodium to see how to do it correctly. Key import and export is done with the methods import_key and export_key. Symmetric encryption starts with Crypto.Cipher.AES.new(key, Crypto.Cipher.AES.MODE_GCM) or Crypto.Cipher.ChaCha20_Poly1305.new(key) (Crypto.Cipher.AES.new(key, Crypto.Cipher.AES.MODE_GCM, nonce=nonce) or Crypto.Cipher.ChaCha20_Poly1305.new(key, nonce=nonce) for decryption).

Your problem is that you have set SESSION_CONNECTION=session, but your SESSION_DRIVER=default, so you have to use SESSION_DRIVER=database in your .env. See the config/session.php:

You need the library https://phpseclib.com/ to get the following code to run (I'm using version 3).

Kindly note that there is no exception handling on the code.

This is an output:

GCM is a stream cipher mode and therefore does not require padding. During encryption, an authentication tag is implicitly generated, which is used for authentication during decryption. Also, an IV/nonce of 12 bytes is recommended for GCM.

The posted Python code unnecessarily pads and doesn't take the authentication tag into account, unlike the JavaScript code, which may be the main reason for the different ciphertexts. Whether this is the only reason and whether the JavaScript code implements GCM correctly, is difficult to say, since the getMessageEncoding() method was not posted, so testing this was not possible.

Also, both codes apply a 16 bytes IV/nonce instead of the recommended 12 bytes IV/nonce.

Cryptography offers two possible implementations for GCM. One implementation uses the architecture of the non-authenticating modes like CBC. The posted Python code applies this design, but does not take authentication into account and therefore implements GCM incompletely. A correct example for this design can be found here.
Cryptography generally recommends the other approach for GCM (s. the Danger note), namely the AESGCM class, which performs implicit authentication so that this cannot be accidentally forgotten or incorrectly implemented.

The following implementation uses the AESGCM class (and also takes into account the optional additional authenticated data):

This is how Start-Process command was basically created. -PassThru switch redirects the output to an object ($sqlpackagepublish in this case). More on Start-Process here: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/start-process?view=powershell-5.1

There are few solutions.

1. Remove a -PassThru parameter and read files' content as you are doing it right now
2. Do it harder, but more robust .NET'y way:

Your page is not re built after logging in the user, that is why your nav bar is not updated. When you click on the button it refreshes and correctly displays the new elements.

Instead of using a global variable you could look into a state management package in order to make the logged-in user available throughout your app. (article for getx the simplest one out there)

If this is simply a prototype and you want some quick and dirty, I guess you could trigger a reload of your app once a user logs in by wrapping your app with a widget that exposes a rebuild method. (article)

EDIT: Example with Getx: