We have Dell EMC PowerEdge R740 machine with Ubuntu 20.04 OS. This machine has Trusted Platform Module(TPM)2.0. When we try to clear TPM or take TPM Ownership, we are getting error. It has required PCRs for TPM provisioning.
By default SHA1 is enabled in advance settings of bios. SHA1 is also supported as per this Dell document - https://www.dell.com/support/manuals/en-in/poweredge-r740xd2/per740xd2_bios_pub/system-security-settings-details?guid=guid-46361969-bb8d-4bdc-bd8c-ed63d4f0ae26&lang=en-us
Is SHA256 mandatory for TPM2.0 ?
Yes, SHA256 PCRs must be supported.
Since your title also asks about SHA1 - SHA1 is not mandatory as a PCR algorithm (although it is mandatory for other features and deprecated, i.e. it will probably be removed in future specifications).
As per the TCG PC Client Platform TPM Profile Specification for TPM 2.0, 4.6 PCR Requirements:
A conformant TPM SHALL support SHA-384 (0x000C) and SHA-256 (0x000B). The TPM MAY support Hash algorithms
For information about supported algorithms generally, see PC Client Algorithms.
Related
I am working on a Flutter application which needs to communicate using DTLS. As far as I can see there is no current support for DTLS in the Dart APIs, only TLS.
Can anyone recommend what I can do? Perhaps just the high-level steps on how to get a Flutter application to communicate in DTLS? Any tips on what I should watch out for?
Thanks!
I wrote a DTLS server ten years ago in Java (before there was support in Bouncy Castle), and I've ported a lot of my Java code to Dart over the last few years (but not DTLS!).
I had a quick look through the server code for what the biggest gotchas might be in a pure Dart implementation (of a client - hope that's a correct assumption). Two immediate difficulties seem to be parsing the server's certificate chain (DER decode to get to a usable RSA public key) and then using that RSA key to encrypt the pre-master-secret. (There's an old implementation of RSA in pub, but I couldn't find any ASN/DER libraries to help with the certificates.) Validating the root CA certificate would be tricky without access to a trust store.
Most of the other stuff like random number generation (how secure?), SHA/MD5 hashing, serialization to/from network byte order, handling timers are doable.
All in all, given the support in BC, RĂ©mi is correct to suggest a platform channel to Java.
I want to encrypt a parameter(which consist of sensitive data) while sending to server(WCF Service) using SHA1 algorithm, On server end I'll decrypt the string and use it.
This way i can ensure any third party won't read my sensitive data so easily.
How do I encrypt the string in windows phone 7 using SHA1 algorithm and decrypt the same in my WCF service.
Encrypted string may come to server from iPhone, android or WP7; How do I ensure that every client will produce the same result in server.
Update:
Can I use AES algorithm for above requirement?
How do I encrypt the string in windows phone 7 using SHA1 algorithm and decrypt the same
You don't. SHA-1 is a hashing algorithm. It's one way - you can't "decrypt" it. You should choose a symmetric or public/private key algorithm based on your requirements. Read the .NET cryptographic services documentation as a starting point - I'd expect pretty much any of the algorithms supported by .NET to also be supported on other platforms.
Alternatively, just use HTTPS instead of HTTP... that would satisfy your initial highlighted requirement without you having to do much work at all (beyond the server-side deployment of appropriate HTTPS certs).
Agree with Jon's post but with additional thoughts.
I cannot comment yet (need more street cred) so I will post it here.
Your question does not state if you are transmitting this from a native app, or a browser (using an Ajaxian mechanism). But I will presume native. Really though the answer is the same with the difference being implementation.
The easiest approach IMO would be to use the tools and APIs to be a HTTPS (SSL/TLS) client which will give you over the wire confidentiality. The details of what quality of service the SSL connection provides is for you to configure from the "cipher suites") available. AES is available.
I am looking for a FOSS SHA1 implementation for use with Delphi (7).
Preferably something small, maybe even standalone SHA1, rather than past of a humongous library. Ease of install and use are nice, but of course reliability is priority number 1.
Update:Thanks, Rob, that code works like a dream
Use the Cryptography API built in to the OS. You can use the Hashes.pas unit by Domingo Seoane to use it in Delphi, or you can write your own routine using CryptAcquireContext, CryptCreateHash, repeated calls to CryptHashData, and finally CryptGetHashParam to get the result.
I realize it's neither free (as in speech) nor open source, but there are also no distribution requirements since it's included on all your customers' systems already.
TurboPower LockBox is free and open-source and implements SHA1, as well as many others:
Features
AES
SHA2 (including the new SHA-512/224 & SHA-512/256)
DES/3DES
Blowfish
Twofish
SHA1
MD5
RSA Sign &
Verify
Chaining modes: ECB, CBC, CFB8, CFB, CTR, ECB, OFB, PCBC
Version 3 officially supports Delphi 2007 and Delphi 2010 (but may work with Delphi 7), but Version 2 has support for older versions of Delphi.
You have Open Source MD5, SHA-1, SHA-256, and Adler32 implementation in the SynCrypto.pas unit. There is also included AES-256 encryption.
This unit was very optimized for speed (the SHA-256 an AES-256 was even profiled at asm level), and can also use the very fast real-time instructions of the VIA C3/C7/Nano CPU if available.
Works from Delphi 6 up to XE.
You most probably already have SHA-1 implementation preinstalled within IdHashSHA1 unit (part of Indy 10).
I am looking for SDKs which can do finger print matching. Rest of my code is mostly in C so I prefer if the SDK has C API's. Also it would be great if the SDK is free. Does anybody has experience with these SDKs and recommend any particular SDK? Also, while looking in these SDK what are the important features I should concentrate?
I've used two SDKs in the past, but only as a C# developer. Both the SDKs below say that they support C:
Griaule Fingerprint SDK (requires paid-for license)
Digital Persona OneTouch (free sdk)
A quick summary of features to consider:
Are you verifying that a fingerprint matches that of a known user, or identifying a user from a single fingerprint?
The Griaule SDK implements both Verify and Identify patterns.
DigitalPersona's free SDK only supports Verify - to Identify, you have to loop through all the fingerprints in your database and see which one matches best. They state that this is 'inefficient', but if you have very few users (< 200), it seems quick enough.
Adjustment of discrimination sensitivity (false positives/false negatives)
Balance up how closely a print must be identified. A high sensitity may cause a legitimate user's prints to be rejected, but a low sensitivity may match one users' prints to the wrong user. Assess the impact of each case and code accordingly.
The deployment overheads differed - the DP components came with a merge module, but I only recall seeing standalone installs for Griaule.
What fingerprint capture devices are you intending to support? Check very carefully that the SDK will support yours!
Check the licensing terms very carefully the Griaule costs can be substantial based on the number of clients you expect to roll out to.
The Griaule SDK required a license file be deployed, both on client and server.
DP (free edition) did not.
The .NET DP SDK came with a visually pretty, and easy to use, fingerprint registration dialog, but the version I downloaded (v1.4.0) had a bug with the fingerprint capture component taking up to 10 seconds to initialise. I don't know if this has been resolved yet. However, it was straightforward to code a bespoke UI.
Overall, I favoured the DP SDK, but it was a close-run thing. Basically, being license-free and better documented suited me more.
You can use Innovatrics IDKit PC SDK. You can get a free version for 6 months. This provides a C API as well as a C# API. I have been extremely impressed with this package.
If your platform is not a PC, there are packages for other platforms as well.
This is very useful with detail information about fingerprint integration with windows based software: http://www.codeproject.com/Articles/38881/Fingerprint-Reader-Integration-using-the-M-SYS-SDK This integration was using this fingerprint sdk. It solves problems with low level free sdks and also supports other biometric modality.
This is a really simple question, but the answer is really complicated. Most of the Free or at least royalty free matching SDKs are tied to a vendors fingerprint scanner. If you are wanting to use one of those SDKs you will have to commit to their scanners.
The next question is how is the software going to be used. Fingerprint matcher tend to fall into one of two categories, 1 to 1 or 1 to N. 1 to 1 is assuming you know who the user is and you want to just VERIFY their identity with a fingerprint. 1 to N searches through a database of users and finds them by their fingerprint. Depending on the size of your user population, if you are doing 1 to N you may need to confirm the performance of the algorithm first to ensure it will meet your needs.
The other option that you have is there are fingerprint scanners that do what is known as match on device. These scanners have embedded matching algorithms and databases that do all the work for you. You get all the licenses you need when you buy the fingerprint sensor. These are really useful in embedded applications.
I'm looking for a Delphi implementation of an asymmetric encryption algorithm without any dependencies on external DLLs. Is there any available?
My goal is to encrypt/decrypt a string (or array of bytes) using a public/private key pair.
SecureBlackBox from Eldos offers a native, comprehensive solution - including certificate management and access to external crypto devices (i.e. USB tokens)
LockBox is now improved. It allows long keys for RSA, AES cipher and is in active development.
It is free, Open Source and 100% native code with no DLLs.
You can try Lockbox - http://sourceforge.net/projects/tplockbox/. It's free and includes RSA among others (Blowfish, MD5, SHA-1, DES, triple-DES, Rijndael, & digital signing of messages).
It comes complete with a good RSA example that demonstrates how to generate your public/private keys and how to actually encrypt and decrypt data using the keys.
I'm currently using it with Delphi 2010.
I realize that the original question stated "no external DLLs" but in the absence of an acceptable answer maybe you should take a look at the OpenSSL DLLs along with this Delphi link which contains an import unit for the library and some good examples on how to use it, including RSA encryption.
I have tinkered with this and got it working pretty well. There are some changes required to make it work with unicode Delphi - but these are mostly to do with changing PChar to PAnsiChar or PBytes.
Simple Delphi wrappers now allow me to sign/verify/encrypt sym or asym and use SSL. And let's be honest - the distribution of the OpenSSL DLLs is a lot more straightforward than some of the Microsoft offerings. Plus it's free and well maintained.
Take a look at the FGInt package on this site: http://submanifold.be/
If you can stomach using Windows services, there is the Crypto API: http://msdn.microsoft.com/en-us/library/aa380255(v=VS.85).aspx
If you are targeting Vista and up, there is the new Cryptography API: Next Generation. This also supports Elliptic Curve crypto: http://msdn.microsoft.com/en-us/library/aa376210(VS.85).aspx
Another very good fairly complete package is the Delphi Encryption Compendium (DEC) 5.2. You can download (Free with source) from http://www.torry.net/pages.php?id=519#939342.