Does OAuth0 Java APIs support AES encryption?
I am looking Auth0 Java APIs and I could not find AES encryption.
No, OAuth does not support AES encryption. You can find the supported algorithms in the JSON Web Algorithms (JWA) specification (section 3.1)
Related
As far as I can tell, AWS KMS Data Keys are AES-GCM keys.
(source: https://d0.awsstatic.com/whitepapers/KMS-Cryptographic-Details.pdf page 13)
Does that mean I must use AES-GCM to encrypt data with them or will a AES-CBC algorithm work too? I am trying to use these KMS keys to encrypt data on iOS without including external dependencies.
I found CommonCrypto, and wrote some code that seems to work with the KMS data keys, but as far as I know CommonCrypto only supports AES-CBC.
I also can't seem to write working code in any language to then decrypt the cipher text generated. Is this because the output of my GCM key + CBC algorithm is garbage? Why doesn't my encryption code complain?
Also, is it possible to do AES-GCM encryption on iOS without CryptoKit?
AES-GCM internally uses CTR mode, which turns a block cipher into a stream cipher and doesn't need padding. AES-GCM mode is an authenticated encryption mode which provides not only confidentiality but also, integrity and authentication.
CBC mode whereas requires padding and it is removed from TLS. Outdated and highly problematic, BEAST, bit flipping attack, padding oracle attacks, etc.
note: GCM is not perfect. GCM IV reuse is can be catastrophic.
GCM and CBC are completely different encryption schemes. You cannot decrypt an AES-GCM encrypted ciphertext with AES-CBC vice-versa. You can put any block cipher instead of AES in the previous sentence.
You have to stick the same encryption algorithm and schemes.
As stated in AWS documenation
All symmetric key encrypt commands used within HSMs use the Advanced Encryption Standards (AES) 4, in Galois Counter Mode (GCM) [5] using 256- bit keys. The analogous calls to decrypt use the inverse function.
You have to use AES-GCM.
I need to implement jcryption in IOS. I have gone through the library it uses Rijndael encryption internally to encrypt the data.
I have tried AES256EncryptWithKey but it is not giving me expected encryption key.
Any help on this would be nice. Thanks
Rijndael with a 128-bit block size is AES. Use Common Crypto on iOS, it uses the hardware encryption engine. There are several ObjC AES answers here on SO, see iOS AES Encryption.
For a detailed answer you will need to provide your usage information on jCryption.
Also notice that jCryption has been discontinued. If you are trying to use jCryption in place of HTTPS the correct solution is to use HTTPS, see jCryption.
I've worked with Java cryptography for many years. Now, we have a requirement to write an iOS application that will send encrypted payloads from the mobile device to a Java service. I've begun working with the iOS crypto support (CommonCrypto, etc.) and have found it a bit more difficult. The JCE has a very clean, concise API, so I've clearly gotten spoiled. In contrast, iOS cryptography is a far more difficult API to work with.
Are there any simplified crypto libraries or wrappers around CommonCrypto that provide a more concise API? In particular, we need:
Key generation (both symmetric and asymmetric)
Encryption/decryption of data
Digital signatures (SHA1withRSA, for example)
Hashing
RSA, 3DES, and AES support
I know I've seen a sample class or two that wraps AES encryption, for example. I'm looking for something a bit richer and more full-featured. Anyone have any suggestions?
You can use openSSL inside your iOS app, for ease of use you can use the SSCrypto library by septicus.
From the septicus site:
SSCrypto.framework provides a simple wrapper around OpenSSL library
functions for encryption, decryption (both symmetric and RSA) and
checksums. It also encodes and decodes base64 data and can generate
both private and public RSA keys. A test tool is included in the
project. Click here to see the main.m file that comes with SSCrypto
for examples of it's use.
I want to encrypt a parameter(which consist of sensitive data) while sending to server(WCF Service) using SHA1 algorithm, On server end I'll decrypt the string and use it.
This way i can ensure any third party won't read my sensitive data so easily.
How do I encrypt the string in windows phone 7 using SHA1 algorithm and decrypt the same in my WCF service.
Encrypted string may come to server from iPhone, android or WP7; How do I ensure that every client will produce the same result in server.
Update:
Can I use AES algorithm for above requirement?
How do I encrypt the string in windows phone 7 using SHA1 algorithm and decrypt the same
You don't. SHA-1 is a hashing algorithm. It's one way - you can't "decrypt" it. You should choose a symmetric or public/private key algorithm based on your requirements. Read the .NET cryptographic services documentation as a starting point - I'd expect pretty much any of the algorithms supported by .NET to also be supported on other platforms.
Alternatively, just use HTTPS instead of HTTP... that would satisfy your initial highlighted requirement without you having to do much work at all (beyond the server-side deployment of appropriate HTTPS certs).
Agree with Jon's post but with additional thoughts.
I cannot comment yet (need more street cred) so I will post it here.
Your question does not state if you are transmitting this from a native app, or a browser (using an Ajaxian mechanism). But I will presume native. Really though the answer is the same with the difference being implementation.
The easiest approach IMO would be to use the tools and APIs to be a HTTPS (SSL/TLS) client which will give you over the wire confidentiality. The details of what quality of service the SSL connection provides is for you to configure from the "cipher suites") available. AES is available.
Is there a support for zip with encryption on the iPad? Also, looks like there are security flaws in using zip with encryption. Could you someone give some information on this?
Thanks,
Praveen
ZIP's default encryption indeed has security problems (weak encryption used). WinZIP and PKZip independently offered their own stronger encryption mechanisms. WinZIP offered only symmetric (AES-based) encryption, while PKZip also offers certificate-based encryption (but only within their own products - third-parties are allowed to only decrypt files encrypted with certificates).
Zip old-style decryption is definitely weak, however new implementations (WinZIP and others) can use AES for encryption. And, as well there is a lot of open source implementations (InfoZIP for instance) which can be used on iPhone, and support that encryption type.