I have been using Google Keyczar for encrypting data in my JAVA app. And I want to change the crypto solution to Google Tink.
But the problem is the already encrypted data by Keyczar. Can I decrypt them by Tink?
If yes, I want to change the crypto solution from Keyczar to Tink. If no, I have to think about another solution.
Thank you.
I did it.
Keyczar is using AES. So I use TinyAES.
Keyczar is also using HMAC. So I use HMAC of avr-crypto-lib.
Just one thing is I have to extract the key from Keyczar key.
Related
I want to encrypt an image using PHP and decrypt it in an Android app. I found someone suggest to use MCrypt. However, I noticed that ImageMagick, which I use to convert pdf into jpg, seemed to have ability for encryption. Can I use ImageMagick to encrypt the jpg at the server side and decrypt it using JAVA? Thanks very much.
As per documentation
"ImageMagick only scrambles the image pixels. The image metadata remains untouched and readable by anyone with access to the image file.
ImageMagick uses the AES cipher in Counter mode. We use the the first half of your passphrase to derive the nonce. The second half is the cipher key."
To decrypt the image on the client side, you would have to keep the image header as is and decrypt the remainder of the file using the password with which it was encrypted with. That will require custom coding with knowledge of the image format internals. You will also have to find out how the nonce is derived from the passphrase.
You can alternatively use a SSL connection between the client and server or use any cryptographic scheme available in both PHP and Java either with symetric key or public key encryption as per your requirements.
I'm trying to rewrite some Java (Android) code in ObjC on the iPhone. The code will do a basic web service call and needs to set some headers with authentication information.
One part of that information is an encrypted hash of the data I am sending over.
The Java version calculates an SHA256 signature using an RSA private key that is generated on the phone. The private key is generated using a seed that I have available.
The (simplified) java code is as follows:
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
Signature sig = Signature.getInstance("SHA256WithRSAEncryption");
// I get the private key bytes from an outside source
EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(privateKeyBytes);
sig.initSign(keyFactory.generatePrivate(privateKeySpec));
sig.update(/* insert my data here */);
return sig.sign();
Now I'm trying to recreate this in iOS and ObjC. Doing the SHA256 signature calculation is easy, but I don't see how to create a private RSA key easily. I would prefer to use the built-in API's if there are any available, but if I must use a third party library like OpenSSL then I can live with that as well.
Most people (citation needed) elect to go with the third party OpenSSL library, not only because rolling your own crypto is hard, but also because their is a good chance you'll create bad crypto if you're not already experienced with it.
That said, nothing prevents you from writing your own SHA256 hash, in straight C or C++ if you like, although I think you'll find your PRNG options lacking and find yourself spending altogether way too much time on entropy pools and the like.
If you do come across a good SHA256 primitive without all the extra baggage of OpenSSL, I'd love to learn about it too! But so far I haven't seen one.
I would like to store encrypted data in my db as well as its signature so that I could read it back at another time. How do I store the symmetric key used for encryption safely?
Store it on the file system and never version track it!
I think I found the answer to my question here: Where do you store your secret key in a Java Web Application?
Please let me know if there's a better way of doing things.
TLDR: Store it on the file system.
I have an application that stores data locally on the iPhone.
I want to encrypt data so i am confused which method should i use.
I have used Core Data framework in application.
NSFileManager (NSFileProtectionKey), CoreData (NSFileProtectionKey), NSData (NSDataWritingOptions) are the options or is there some other method as well.
Please suggest me something
Thanks
Use the Keychain Service.
But you need to now that to encrypt the data you need a private key or a passphrase.
I would then say, encryption make only sense, when the user needs to authenticate when using your application. Then you could encrypt the data with the entered password.
Here you could AES256 encrypt data with the a PBKDF2 like function for generating a encryption key (thanks to Robert).
But providing a code sample would go to far. Read in yourself! :)
But also know: since iOS 4 the "disk" space is already encrypted with the Device PIN!
I am using the encryptor gem from https://github.com/shuber/encryptor and need to be able to have a url safe values. Is there an algo. that support this?
I decided to base64 encode the encryption result.