symmetric-encryption | Symmetric Encryption for Ruby Projects using OpenSSL | Encryption library
kandi X-RAY | symmetric-encryption Summary
kandi X-RAY | symmetric-encryption Summary
Any project that wants to meet PCI compliance has to ensure that the data is encrypted whilst in flight and at rest. Amongst many other requirements all passwords in configuration files also have to be encrypted. Symmetric Encryption helps achieve compliance by supporting encryption of data in a simple and consistent way. Symmetric Encryption uses OpenSSL to encrypt and decrypt data, and can therefore expose all the encryption algorithms supported by OpenSSL.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of symmetric-encryption
symmetric-encryption Key Features
symmetric-encryption Examples and Code Snippets
Community Discussions
Trending Discussions on symmetric-encryption
QUESTION
I am not sure what options to use when storing a CloudSQL ssl certificate in the Google Cloud key chain, my import job fails. Which are the correct encryption options for a client SSL certificate?
...ANSWER
Answered 2021-Apr-26 at 16:04You should check the official documentation to manage your keys in CloudSQL.
Also review if your keys are supported.
QUESTION
I'm writing a python script just to practice cryptography. I want to create a small program with Users who can send themselves messages, that have to be encrypted and decrypted. I created 3 classes. The first one contains the 2 functions with which I can encrypt and decrypt a message using a public and private key. The second class is the Message class, which has 4 attributes(the sender, the text of the message, the recipient and a timestamp). With the class method __str__, I create the actual message which has to be sent in this format: From {the name of the sender}: {Message} {timestamp}. The third class is User. With User, I can initialize each user with a name, public and private key, an inbox to receive encrypted messages and a list called messages to store each message received and decrypted. Each user can send a message to another user, by encrypting the message with the recipient's public key, who can then decrypt the encrypted message with his own private key. I want to do this by using the 2 functions send, which encrypts the message and sends it into the recipient inbox. This function has to be used by the sender and the send function runs the receive function of the recipient, which iterates over new messages, decrypts and appends the message (From {sender.name} ...) to the messages list.
Then I tried to run the program by creating 2 users (Bob and Alice) and send some messages. But I get some errors.
I tried to use the encrypt and decrypt functions just for encrypting and decrypting a simple string (without users and other stuff I added) and are actually working.
I found the two functions here(encrypt and decrypt) : https://medium.com/@securegns/implementing-asymmetric-encryption-to-secure-your-project-35368049cb5f
I'm an absolute beginner with cryptography, I might have used bad practice.
What could the problem be? I can't figure it out
...ANSWER
Answered 2021-Jan-24 at 17:08Are you using https://github.com/pycrypto/pycrypto and your python version is >3.5? It says that PyCrypto is written and tested using Python version 2.1 through 3.3.
Please update to https://github.com/Legrandin/pycryptodome and then see if it works. The second lib takes care of converting to Integar before calling pow().
The first one also has checks in this file but they seem to be using types.StringType which is no longer present after python 2.7. They use 2to3 during setup to make it work with python3 but types.StringType converts to bytes which fails on latest python.
QUESTION
Hello I am trying to import and export (to and from string) public/private keys for RSA, ECC, AES GCM, and ChaChaPoly1305.
I am using bouncy castle 1.59 to accomplish most of this. RSA I can use a KeyFactory natively supported by java so that is probably fine.
However, the other ones do not seem possible. Does anyone know of previous work in this area? I am looking for something like wolfcrypt's import and export functionality.
Essentially I need to be able to store a key and then recreate it.
Here is my code ( I know its a lot but its what I got).
Important snippet
...ANSWER
Answered 2021-Jan-23 at 00:55The description 'DER' is ambiguous, but in the contrast you quoted it probably means that RSA keys are in the ASN.1 format(s?) defined by PKCS1 aka RFC8017 et pred Appendix A.1 which like all ASN.1 data can be and for crypto often is encoded in DER. 'X.963' is clearly a mistake; the relevant standards for ECC crypto are X9.62 and X9.63, but the publickey format which indeed is not ASN.1/DER was defined by X9.62 and copied by X9.63, while the privatekey format was not standardized at all, but is often a raw octet string and not ASN.1/DER. (X.(number) standards are from the international treaty organization formerly called International Consultative Committee on Telephony and Telegraphy CCITT and now International Telecommunication Union Telecommunication Standardization Sector ITU-T; X9.(number) are from the USA private-sector financial-industry organization ANSI accredited standards committee (ASC) X9.) OTOH Java crypto encoding for private key is PKCS8 aka RFC5208 (unencrypted) which adds metadata. To convert a Java key to the format your 'wolfcrypt' apparently wants is fairly easy, by just extracting the algorithm-dependent element, while the reverse, using a 'wolfcrypt' key in Java, would be quite difficult with just Java, but adding BouncyCastle helps a lot; there are numerous existing Qs about both (or all three) of these, which I will dig up for you later.
Some other, partial, comments:
generateChaChaPoly1305Key, generateAESGCMKey: KeyGenerator.init(int) takes the number of bits, which should be 256 for ChaCha20 and 128, 192 or 256 for AES. (So does KeyPairGenerator and you got that one right for RSA.) The IV should NOT be generated with the key for AES-GCM; see more below.
unpackRsaPrivateKey, unpackRsaPublicKey, unpackECCPrivateKey, unpackECCPublicKey: the 'PrivateKey' methods use key.getPublicKey() and the 'PublicKey' methods use key.getPrivateKey() which appears to be backwards. Assuming you change the PrivateKey methods to use the privatekey, as above the Java encoding of a privatekey is PKCS8EncodedKeySpec -- not X509EncodedKeySpec which is only for publickey.
unpackAESGCMKey, unpackChaChaPoly1305Key: to use a whole byte[] as the key, you don't need to specify , 0, array.length, you can use the simpler ctor SecretKeySpec(byte[], String algorithm).
encrypt*: you do new String(byte[]) on the ciphertext, and (String_var).getBytes() in the decrypt* methods. THIS IS NOT SAFE. Java String is designed to hold characters, and although crypto still uses the traditional terms plaintext and ciphertext, since about 1950 the plaintext is not required to be and the ciphertext is NEVER actually characters, but rather arbitrary bit patterns. Trying to put these bits in a Java String and then get them back will usually fail, especially if done across multiple systems (e.g. encrypt on A, transmit, and decrypt on B, which is a common use case). The best thing is to handle them consistently as byte[]; if you must run them through something that can't handle arbitrary bits, like SMS or the Web (HTML), you need to encode in a text form that preserves all bits; the common methods for this are hexadecimal (or hex) and base64.
encryptAESGCM: it's not clear what key.getIV() does/uses, but if this repeats an IV value for multiple encryptions using the same key, that is CATASTROPHIC; even one reuse destroys all authenticity (attacker can forge any data), and depending on your data anywhere from one to a small number of reuses (like two or ten) destroys confidentiality (attacker can expose supposedly secret data).
encryptChaChaPoly1305: this clearly uses the same nonce, all-zeros, for every encryption; if you reuse the key at all, which seems to be the point of your design, this destroys all security in the same way as for AES-GCM.
At this point I gave up. You should throw out this design and replace it with one from someone who knows about cryptography.
QUESTION
I have an app what needs to share private AES keys. (they are wrapped). The server will send and receive the keys in JWK format.
For the moment, in android I can generate AES KEY like this :
...ANSWER
Answered 2020-Nov-15 at 14:43I decided to create my own JWK class. And I used GSON library to parse / stringify JSON.
Another solution :
@jps proposed to use this library connect2id.com/products/nimbus-jose-jwt/examples/jwk-generation
QUESTION
I am trying pytest with the cryptography library. In a test, I decrypt and authenticate some data with a purposely corrupted authentication tag. Doing this should raise an 'InvalidTag' exception as written in the following example.
I am using the following way to assert an exception with pytest:
...ANSWER
Answered 2020-May-21 at 18:55The match parameter to pytest.raises() performs a regex match on the string representation of the exception, which isn't what you want.
Instead, just pass the cryptography.exceptions.InvalidTag type as the first argument:
QUESTION
I have the following C++ code (based on Microsoft API examples), it uses message signing and encryption API to produce PKCS#7 message.
There is a hardware token with certificate inserted (Yubikey) which requires a PIN code for the signing operation.
I want to disable the standard Windows pin popup and provide my own, so there is a call to CryptSetProvParam with a pin code.
The issue is that this call has no effect: I am still prompted with pin code.
If I add CertSetCertificateContextProperty call afterwards and set the key provider handle then nothing works anymore, for example CryptMsgCalculateEncodedLength returns 0x80090027.
If I comment out CertSetCertificateContextProperty then all operations are working but the pin code popup is still shown.
ANSWER
Answered 2020-Apr-06 at 19:17Found an answer and posting it here in case anyone needs it. The trick is to use CNG API instead of legacy crypto API:
QUESTION
Is it possible to activate normal discovery as well as Kubernetes discovery at the same time? Actually what I am trying to do is I have different services already running and connected to hazelcast. I want one service to connect to a service that is running on a VM which is not a part of the k8s cluster.
...ANSWER
Answered 2019-Oct-28 at 08:59No, it's not possible to have multiple discovery strategies (joiners) and the same time. Please check this for details.
QUESTION
Version: rswag (2.0.5), rspec (3.8.0)
Environment: Rails 5.2.3, Ruby 2.4.5
It is my first time to use it, was stuck in authorization header for a day. Here is what I did:
...ANSWER
Answered 2019-Sep-29 at 06:08Seems not working with Rack::Test::Methods
It worked after remove the line 'include Rack::Test::Methods" in a helper file, which was added previously to use 'get' to test the API.
QUESTION
I have a problem with Java AES GCM encryption. I have followed the instructions on this page to generate the following code:
...ANSWER
Answered 2018-Dec-17 at 12:53I finally found the mistake by myself. The mistake was that in the decrypt method I tried to do doFinal (...) on the whole received message and not just on the extracted ciphertext. I left the mistake in my question and post here the relevant (now correct) part of the program. @kelalaka Thank you for your efforts.
QUESTION
I want to access data in a database created by Rails for use by non-Ruby code. Some fields use attr_encrypted accessors, and the library in use is the symmetric-encryption gem. I consistently get a "wrong final block length" error if I try to decrypt the data with, e.g., the NodeJS crypto library.
I suspect this has to do either with character encoding or with padding, but I can't figure it out based on the docs.
As an experiment, I tried decrypting data from symmetric-encryption in Ruby's own OpenSSL library, and I get either a "bad decrypt" error or the same problem:
ANSWER
Answered 2018-Mar-01 at 20:12Looking at the source for the symmetric-encryption gem, by default it adds a header to the output and base64 encodes it, although both of these are configurable.
To decrypt using Ruby’s OpenSSL directly, you will need to decode it and strip off this header, which is 6 bytes long in this simple case:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install symmetric-encryption
On a UNIX-like operating system, using your system’s package manager is easiest. However, the packaged Ruby version may not be the newest one. There is also an installer for Windows. Managers help you to switch between multiple Ruby versions on your system. Installers can be used to install a specific or multiple Ruby versions. Please refer ruby-lang.org for more information.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
