When decrypting and verifying the Google Play Integrity verdict as per official docs (https://developer.android.com/google/play/integrity/verdict) the code snippet/samples shared uses these constants: AES_KEY_SIZE_BYTES, AES_KEY_TYPE and EC_KEY_TYPE
But the values of those are never mentioned. Can someone plase help, what are those values?
After searching hours on the internet, I came across a youtube video (Obtaining and Decoding the Integrity Verdict | Step 3 of Migrating to Play Integrity API) (obviously not from Google) which gave me the required answer. Here are the values for those constants:
AES_KEY_SIZE_BYTES: decryptionKeyBytes.length
AES_KEY_TYPE: AES
EC_KEY_TYPE: EC
So your final code should look something like this:
package com.example.sample
...
...
import org.apache.commons.codec.binary.Base64;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwx.JsonWebStructure;
import org.jose4j.lang.JoseException;
...
...
// base64OfEncodedDecryptionKey is provided through Play Console.
byte[] decryptionKeyBytes =
Base64.decode(base64OfEncodedDecryptionKey, Base64.DEFAULT);
// Deserialized encryption (symmetric) key.
SecretKey decryptionKey =
new SecretKeySpec(
decryptionKeyBytes,
/* offset= */ 0,
decryptionKeyBytes.length,
"AES");
// base64OfEncodedVerificationKey is provided through Play Console.
byte[] encodedVerificationKey =
Base64.decode(base64OfEncodedVerificationKey, Base64.DEFAULT);
// Deserialized verification (public) key.
PublicKey verificationKey =
KeyFactory.getInstance("EC")
.generatePublic(new X509EncodedKeySpec(encodedVerificationKey));
If you are using maven make sure you added these dependancies:
<dependency>
<groupId>com.google.apis</groupId>
<artifactId>google-api-services-playintegrity</artifactId>
<version>v1-rev20220904-2.0.0</version>
</dependency>
<dependency>
<groupId>org.bitbucket.b_c</groupId>
<artifactId>jose4j</artifactId>
<version>0.8.0</version>
</dependency>
Related
I am trying to use Clair and Rascal to analyze C++ files.
I followed the instructions on the Github page of Clair to add Clair to an empty Rascal project. After importing the required modules successfuly, I attempted to call parseCpp to parse a C++ file and got the following errors:
rascal>parseCpp(|project://myproject3/myFile.cpp|);
|jar+file:///Users/rh07/.m2/repository/org/rascalmpl/clair/0.4.0/clair-0.4.0.jar!/src/lang/cpp/AST.rsc|(24317,206,<455,0>,<456,167>): Java("NoSuchMethodError","\'io.usethesource.vallang.IString org.rascalmpl.library.Prelude.readFile(io.usethesource.vallang.ISourceLocation)\'")
at lang.cpp.internal.CDTParser.parseFileAsCpp(|unknown:///CDTParser.java|(0,0,<202,0>,<202,0>))
at lang.cpp.internal.Parser.parseCpp(|unknown:///Parser.java|(0,0,<349,0>,<349,0>))
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(|unknown:///NativeMethodAccessorImpl.java|(0,0,<0,0>,<0,0>))
at parseCpp(|jar+file:///Users/rh07/.m2/repository/org/rascalmpl/clair/0.4.0/clair-0.4.0.jar!/src/lang/cpp/AST.rsc|(24516,5,<456,160>,<456,165>)Beginning at 2022-11-25T11:35:54.827391Z
WARNING: ResourcesPlugin was null, can't get workspace; not overriding include files
How I can get parseCpp to work? Thanks.
The error is caused by a bad combination of versions. Please use clair-0.5.0 (just released) which will work with rascal-0.27.2 that is distributed with the Rascal VScode extension 0.5.5.
Adopt the pom.xml like so:
<dependency>
<groupId>org.rascalmpl</groupId>
<artifactId>clair</artifactId>
<version>0.5.0</version>
</dependency>
I'm using this upload addon:
<dependency>
<groupId>com.wcs.wcslib</groupId>
<artifactId>wcslib-vaadin-widget-multifileupload</artifactId>
<version>4.0</version>
</dependency>
I'm uploading multiple files and each file upload is processed in:
void handleFile(InputStream stream, String fileName, String mimeType, long length, int filesLeftInQueue);
but it gives me only info about currently processed file.
I need a list of all files to check if two files with the same name but different extensions are uploaded. I checked some components related to this upload but methods that could be useful are private.
How do I get a list of all files that are uploaded in the same batch?
I have tried using three different libraries to AES-encrypt a string.
When I use the tool found here I get the following results:
Input: "Test"
key: "MyEncryptionKey1MyEncryptionKey1" (256 Bit)
ECB mode.
this gives me the output Cidor8Ph7pZqPw0x2AwIKw==
But when i'm using the libraries in Swift I get different results.
Using RNCryptor
When i'm using RNcryptor i'm using the following code:
class func encryptMessage(message: String) throws -> String {
guard let messageData = message.data(using: .utf8) else { return message }
let cipherData = RNCryptor.encrypt(data: messageData, withPassword: key)
return cipherData.base64EncodedString()
}
output:
AwF8a+HziYkO4iHdcI3jY8p9QAY461DVgkjkYUFMkuh4A2a8FCfa4RgS9Z37QhJGxIL0Q20RE3BL4nmLQVFOfZmBpj8l0wj9YZgqZmrkxRFYQQ==
Using AESCrypt
When i'm using RNcryptor i'm using the following code:
class func encryptMessageAES(message: String) -> String{
guard let encryptedData = AESCrypt.encrypt(message, password: key) else { return message }
return encryptedData
}
Output:
T5/mR8UT/EXeUobPTLhcFA==
Also if i'm using CryptoSwift i'm getting a third result. My co-worker who does Android always gets the same result - matching the web tool.
I am totally new to encryption and I see that i'm doing something wrong. But I can't really realize what. I should also mention that this encryption is only used to not have chat messages in raw strings showing in Firebase, for those who have access to the database.
The definition of AES is quite precise and when things don't work between different implementations it's often due various things build on top of AES. The AES algorithm itself always operates on binary data. The data you encrypt needs to be binary. The key you use to encrypt with, needs to be binary and If an IV is in play, it also needs to be binary.
In all implementations where you provide data to the implementation that are not binary, a choice have been made on how that data is transformed into a format that can be used with AES. Sometimes these transformations are just simple data conversions like hex or base64 decoding, but other times whole new concepts are in play, like deriving encryption keys from passwords.
All of your three examples uses text as input for the Key, and each implementation have made some choice on how to support that.
The first page you link to has chosen to just interpret an ASCII string as a binary key. This is a terrible choice as it (in addition to being incompatible with everything else) effectively eliminates 1-2 bits per bytes of the key, reducing the strength considerable.
In the RNCryptor example you specify the key with withPassword: key. Here the RNCryptor team have chosen to use a PBKDF2 key deriving function to make an actual AES key. This solves a different usecase, where you have an potential weak password that needs stretching to be secure for encryption. If you have an actual key, this is not the way to go.
In the case of AESCrypt you also seems to be providing a password as input. It's not clear how that would be transformed to an actual key.
There is one more value which you’ll have to set in AES which is iv. So try to find that iv in all three libraries. And also try to set same value for iv. And then you may be able to get same results from all libraries.
I've been puzzling on this on and off for months and can't find a solution.
The MTA claims to provide historical data in form of daily dumps in GTFS format here:
[http://web.mta.info/developers/MTA-Subway-Time-historical-data.html][1]
See for yourself by downloading the example they provide, in this case Sep, 17th , 2014:
[https://datamine-history.s3.amazonaws.com/gtfs-2014-09-17-09-31][1]
My problem? The file is gobbledygook. It does not follow GTFS specifications, has no extension, and when I open it using a text editor it looks like 7800 lines of this:
n
^C1.0^X �枪�^Eʞ>`
^C1.0^R^K
^A1^R^F^P����^E^R^K
^A2^R^F^P����^E^R^K
^A3^R^F^P����^E^R^K
^A4^R^F^P����^E^R^K
^A5^R^F^P����^E^R^K
^A6^R^F^P����^E^R^K
^AS^R^F^P����^E^R[
^F000001^ZQ
6
^N050400_1..S02R^Z^H20140917*^A1�>^V
^P01 0824 242/SFY^P^A^X^C^R^W^R^F^Pɚ��^E"^D140Sʚ>^F
^AA^R^AA^RR
^F000002"H
6
Per the MTA site (appears untrue)
All data is formatted in GTFS-realtime
Any idea on the steps necessary to transform this mystery file into usable GTFS data? Is there some encoding I am missing? I have looked for 10+ and been unable to come up with a solution.
Also, not to be a stickler but I am NOT referring to the MTA's realtime data feed, which is correctly formatted and usable. I am specifically referring to the historical data dumps I reference above (have received many "solutions" referring only to realtime data feed)
The file you link to is in GTFS-realtime format, not GTFS, and the page you linked to does a very bad job of explaining which format their data is actually in (though it is mentioned in your quote).
GTFS is used to store schedule data, like routes and scheduled arrival times.
GTFS-realtime is generally used to transfer actual transit performance data in real-time, like vehicle locations and expected or actual arrival times. It is a protobuf, a specification for compiled binary data publicized by Google, which means you can't usefully read it in a text editor, but you instead have to load it programmatically using the Google protobuf tools. It can be used as a historical data format in the way MTA is here, by making daily dumps of the GTFS-rt feed publicly available. It's called GTFS-realtime because various data fields in the realtime like route_id, trip_id, and stop_id are designed to link to the published GTFS schedules.
I confirmed the validity of the data you linked to by decompiling it using the gtfs-realtime.proto specification and the Google protobuf tools for Python. It begins:
header {
gtfs_realtime_version: "1.0"
timestamp: 1410960621
}
entity {
id: "000001"
trip_update {
trip {
trip_id: "050400_1..S02R"
start_date: "20140917"
route_id: "1"
}
stop_time_update {
arrival {
time: 1410960713
}
stop_id: "140S"
}
}
}
...
and continues in that vein for a total of 55833 lines (in the default string output format).
EDIT: the Python script used to convert the protobuf into string representation is very simple:
import gtfs_realtime_pb2 as gtfs_rt
f = open('gtfs-rt.pb', 'rb')
raw_str = f.read()
msg = gtfs_rt.FeedMessage()
msg.ParseFromString(raw_str)
print msg
This requires gtfs-realtime.proto to have been compiled into gtfs_realtime_pb2.py using protoc (following the instructions in the Python protobuf documentation under "Compiling Your Protocol Buffers") and placed in the same directory as the Python script. Furthermore, the binary protobuf downloaded from the MTA needs to be named gtfs-rt.pb and located in the same directory as the Python script.
I know as a programmer that is rare for someone to do, but I actually need it and can not at all so someone needs to convert this small function cryptography python for delphi.
function: `
from Crypto.Cipher import Blowfish
class Blowfish(object):
cipher = None
def __init__(self, key, mode = Blowfish.MODE_ECB):
self.cipher = Blowfish.new(key, mode)
def encrypt(self, texto):
encriptar = self.cipher.encrypt(texto)
return encriptar `
-
one example
key = 123key
text = hi man
result = ìûÕ]–•¢
I people much times because I tried to do in Delphi and always shows me different results then do better and ask for someone who understands python / delphi
thank so much!
For the comment on DCPcrypt, maybe your python library results the raw encrypted bytes, and the result of DCPcrypt (or other delphi library like Turbo Lockbox) gives you the result encoded in something like UU64 o MIME (this is done to easily transfer o store the result)
If you just want to implement Blowfish algorithm in Delphi, try DCPcrypt.
#Mili, you can't translate this code to delphi because does not exist a RTL library (or function) in delphi with blowfish support, dou you need use a third party component for this. i recommend you the
Delphi Encryption Compedium Part I v.5.2. you can try out this link for more components.
You can also try TurboPower LockBox 3.1.0 at http://lockbox.seanbdurkin.id.au/ .
This library also implements Blowfish.