gcm | helps developers send data from ruby backend servers
kandi X-RAY | gcm Summary
kandi X-RAY | gcm Summary
The GCM gem lets your ruby backend send notifications to Android and iOS devices via Google Cloud Messaging.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of gcm
gcm Key Features
gcm Examples and Code Snippets
pip install pycryptodome
from Crypto.Cipher import AES
import binascii, os
def encrypt_AES_GCM(msg, secretKey):
aesCipher = AES.new(secretKey, AES.MODE_GCM)
ciphertext, authTag = aesCipher.encrypt_and_digest(msg)
return (ciphertext, ae
from Crypto.Cipher import AES
import scrypt, os, binascii
def encrypt_AES_GCM(msg, password):
kdfSalt = os.urandom(16)
secretKey = scrypt.hash(password, kdfSalt, N=16384, r=8, p=1, buflen=32)
aesCipher = AES.new(secretKey, AES.MODE_GCM)
public byte[][] gcmEncrypt(SecretKey key, byte[] iv, byte[] data) throws GeneralSecurityException {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, key, new GCMParameterSpec(128, iv));
public byte[] gcmDecrypt(SecretKey key, byte[] iv, byte[] ciphertext) throws GeneralSecurityException {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.DECRYPT_MODE, key, new GCMParameterSpec(128, iv));
Community Discussions
Trending Discussions on gcm
QUESTION
I know there are some other questions (with answers) to this topic. But no of these was helpful for me.
I have a postfix server (postfix 3.4.14 on debian 10) with following configuration (only the interesting section):
...ANSWER
Answered 2021-Jun-15 at 08:30Here I'm wondering about the line [in s_client]
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
You're apparently using OpenSSL 1.0.2, where that's a basically useless relic. Back in the days when OpenSSL supported SSLv2 (mostly until 2010, although almost no one used it much after 2000), the ciphersuite values used for SSLv3 and up (including all TLS, but before 2014 OpenSSL didn't implement higher than TLS1.0) were structured differently than those used for SSLv2, so it was important to qualify the ciphersuite by the 'universe' it existed in. It has almost nothing to do with the protocol version actually used, which appears later in the session-param decode:
QUESTION
I am trying encrypting in JS front end and decrypt in python backend using AES GCM cryptographic algorithm. I am using Web cryptography api for JS front end and python cryptography library for python backend as cryptographic library. I have fixed the IV for now in both side. I have implemented encryption-decryption code in both side, they work on each side. But I think the padding is done differently, can't seem to figure out how the padding is done in web cryptography api. Here is the encryption and decryption for the python backend:
...ANSWER
Answered 2021-Jun-14 at 18:01GCM is a stream cipher mode and therefore does not require padding. During encryption, an authentication tag is implicitly generated, which is used for authentication during decryption. Also, an IV/nonce of 12 bytes is recommended for GCM.
The posted Python code unnecessarily pads and doesn't take the authentication tag into account, unlike the JavaScript code, which may be the main reason for the different ciphertexts. Whether this is the only reason and whether the JavaScript code implements GCM correctly, is difficult to say, since the getMessageEncoding()
method was not posted, so testing this was not possible.
Also, both codes apply a 16 bytes IV/nonce instead of the recommended 12 bytes IV/nonce.
Cryptography offers two possible implementations for GCM. One implementation uses the architecture of the non-authenticating modes like CBC. The posted Python code applies this design, but does not take authentication into account and therefore implements GCM incompletely. A correct example for this design can be found here.
Cryptography generally recommends the other approach for GCM (s. the Danger note), namely the AESGCM
class, which performs implicit authentication so that this cannot be accidentally forgotten or incorrectly implemented.
The following implementation uses the AESGCM
class (and also takes into account the optional additional authenticated data):
QUESTION
I want implement a elliptic curve diffie hellman using HKDF as key derivation function. I am using a python backend and (vanilla) javascript in frontend. I am using python cryptography library in backend and Web Crypto api in frontend as cryptographic library. I created ECDH key pair in both side and exchanged the pbulic keys. Now I am trying to create the AES shared key with the exchanged public key and private key along with HKDF algorithm. I am able to do it in the python backend (I followed this example for the python code):
...ANSWER
Answered 2021-Jun-13 at 11:02The referenced Python code uses P-384 (aka secp384r1) as elliptic curve. This is compatible with the WebCrypto API, which supports three curves P-256 (aka secp256r1), P-384 and P-521 (aka secp521r1), see EcKeyImportParams
.
The following WebCrypto code generates a shared secret using ECDH and derives an AES key from the shared secret using HKDF. In detail the following happens:
- To allow comparison of the derived key with that of the referenced Python code, predefined EC keys are applied. The private key is imported as PKCS#8, the public key as X.509/SPKI. Note that due to a Firefox bug concerning the import of EC keys, the script below cannot be run in the Firefox browser.
- After the import the shared secret is created with ECDH using
deriveBits()
(and notderiveKey()
). - The shared secret is imported with
importKey()
and then the AES key is derived using HKDF, again withderiveBits()
.
QUESTION
I tried every possible solution on the internet with no hope
What I am trying to do is simply use aws lambda functions (through the aws console) to fetch user fcm token from lets say DynamoDB (not included in the question), use that token to create endpointArn, send push to that specific device
I tested to send Using SNS console and the push gets to the device successfully but I failed to get it to the device using Lambda functions although it gives success status and message ID
Here is the code I used
...ANSWER
Answered 2021-Jun-12 at 09:43After some trials and errors I figured out the solution for my own question
1- The GCM part of the payload should be a string not a json 2- The message parameter should have an attribute that explicitly sets the mime type of the payload to Json
Taking all that into consideration
QUESTION
In my previous question (RAM not being freed in c# after working with files) I asked about a way to clear RAM. someone suggested using streams instead of reading it into a variable. I found Encrypting/Decrypting large files (.NET) which uses streams but it is not using AesGcm. The problem is that I can't find how to use AesGcm with streams. AesGcm.decrypt only accepts Byte[] in the ciphertext field, and AesManaged doesn't have CihperMode.GCM.
Currently, decryption takes 4GB of ram when decrypting an 800MB file. How can I decrypt a file with AesGcm without filling the RAM?
Thanks.
...ANSWER
Answered 2021-Feb-01 at 14:24I'll say that AesGcm
(and probably AesCcm
) in .NET don't support "streaming" mode and it seems the consensus (https://crypto.stackexchange.com/questions/51537/delayed-tag-checks-in-aes-gcm-for-streaming-data) is that you shouldn't create a streaming mode AesGcm
. I'll add another reference about this https://github.com/dotnet/runtime/issues/27348 . I'm not an expert in cryptography so it isn't clear for me what are the problems about streaming an encrypted document and checking for its authentication tags only at the end.
If possible you should change the algorithm. Otherwise other solutions can be found. The Bouncycastle library supports AesGcm.
QUESTION
I try to divide an xml output from nmap into arrays. The nmap script scans the ssh ciphers of a port and the goal of my python script is to filter the nmap output into insecure ciphers. The xml output looks like this:
...ANSWER
Answered 2021-Jun-10 at 08:10see below (the code collects the tables data into a dict)
QUESTION
I am facing a problem with my React Native Android project. I am currently working on integrating AWS Amplify Push Notifications. I am receiving the following "Duplicate Classes" dependency error and I don't know, where it might originate from. Do you have a solution for this problem?
What I already did:
- I found this ticket here https://github.com/facebook/react-native/issues/27493 which seemed to indicate that there might be an issue using react-native-device-info which was the case for me. So I removed this library and replaced it with react-native-version-info. But the problem persists.
- I checked this ticket https://github.com/dantasfiles/AmplifyAndroidPush/issues/1 - when running
./gradlew :app:dependencies > ../dependencies.txt
, I get the dependency tree and can see thatcom.firebase:firebase-jobdispatcher:0.6.0
seems to be solely used by aws amplify push notifications. But still I do not know what to do about this now:
ANSWER
Answered 2021-Jun-09 at 05:00Hi stackoverflow community,
after about a week of investigating and also opening a ticket in the aws-amplify-js github project, I was now able to solve the problem. In the following, I want to describe the solution if any of you might face the same problem in the future.
Here's the github ticket I had created on aws-amplify-js: https://github.com/aws-amplify/amplify-js/issues/8389
In my app/build.gradle I had the following definitions related to firebase and play-services:
QUESTION
I have 2 step auth fetching a Bearer token with which I am automatically populating a environmental variable {{authToken}} for use in a GET request. The GET request is correctly called with the token but I get a 401 returned thus -
...ANSWER
Answered 2021-Jun-08 at 14:28Thanks @so-cal-cheesehead you are correct the API was faulty
QUESTION
I am trying to gzip all responses. In main.go
...ANSWER
Answered 2021-Jun-07 at 21:501. You should only gzip
when it's requested by the client.
Accept-Encoding: gzip
is never requested, but you gzip
the response anyway.
So curl
gives it back to you as-is.
2. Given the behavior of your browser, it sounds like double-compression. Maybe you have some HTTP reverse proxy in place which already handles compression to the browser, but doesn't compress backend traffic. So you may not need any gzipping at the backend at all - try curl --compressed
to confirm this.
3. You should filter out Content-Length
from the response. Content-Length is the final size of the compressed HTTP response, so the value changes during compression.
4. You should not blindly apply compression to all URI's. Some handlers perform gzipping already (e.g. prometheus /metrics
), and some are pointless to compress (e.g. .png
, .zip
, .gz
). At the very least strip Accept-Encoding: gzip
from the request before passing it down the handler chain, to avoid double-gzipping.
5. Transparent gzipping in Go has been implemented before. A quick search reveals this gist (adjusted for point #4 above):
QUESTION
I'm using (CryptoKit) to use AES-GCM to encrypt some data and authenticate it as well.
However, I was wondering how I would generate an AES-GCM key from a plain text password. Normally, you would use a KDF
function for that, like PBKDF2.
In CryptoKit
, there is a HKDF
class which does about what I want: https://developer.apple.com/documentation/cryptokit/hkdf
However, I am wondering what KDF algorithm the DeriveKey function uses. Does it use PBKDF2? Does it use bcrypt
? If so, how do I specify settings, or are the settings automatically determined?
ANSWER
Answered 2021-May-29 at 21:03HKDF is defined in RFC5869. It is intended to generate keys from some cryptographically secure "keying material" (IKM). It is not intended for stretching a human-generated password. As discussed in section 4 Applications of HKDF:
On the other hand, it is anticipated that some applications will not be able to use HKDF "as-is" due to specific operational requirements, or will be able to use it but without the full benefits of the scheme. One significant example is the derivation of cryptographic keys from a source of low entropy, such as a user's password. The extract step in HKDF can concentrate existing entropy but cannot amplify entropy. In the case of password-based KDFs, a main goal is to slow down dictionary attacks using two ingredients: a salt value, and the intentional slowing of the key derivation computation. HKDF naturally accommodates the use of salt; however, a slowing down mechanism is not part of this specification. Applications interested in a password-based KDF should consider whether, for example, [PKCS5] meets their needs better than HKDF.
I don't believe that CryptoKit offers a PBKDF of any kind (PBKDF2, scrypt, bcrypt, argon2). It's a very limited framework (I have yet to find a situation where it was useful). You will likely need to continue to use CommonCrypto for this, or implement it yourself (or use something like CryptoSwift, which I believe implements several).
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install gcm
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page