I have created a pair of private/public keys using SecKeyGeneratePair. I am successfully able to use the public key to encode and private key to decode. However, I need to save the public key and pass it to another user. That user then needs to create a SecKeyRef object using that public key to encode a text and send it back. I can then use the private key to decode it.
This all works within a single application where the public key and private keys are already loaded in SecKeyRef. I have used the Apple recommended code to get publicKeyBits. But, no matter which I call I have tried, I haven't been successful in creating a SecKeyRef to do my encoding/decoding.
My questions are:
How do I save my public key and how do I pass it on?
How do I create a new SecKeyRef object using that public key in a new instance of a client?
Related
I wanted to save the public and private keys obtained by RSA to Userdefaults. but every time it enters the app, it generates a new key and rewrites it to Userdefaults. but what should I do so that it doesn't save to userdefaults again and again ?
Building an api around a db and as part of this we'll be calling another api and joining data in that api to the database for viewing but not storing the data in the current database. My question is if this.
In my data model I have
public class server
{
public Int32 ServerID {get;set;}
public string ServerName {get;set;}
...
}
If I add api columns with to the server object
public string ServerMemory
That of course returns and invalid column name because this is data from the api that is not in the database table.
I see a few options
Create a view within the database structure which has some blank columns and reference that within my data model.
Create another object within my data model and then reference it using virtual using something like the method mentioned here: https://jeremiahflaga.github.io/2020/02/16/entity-framework-6-error-invalid-column-name-_id/
Create another object and a cast to cast the Server object to this other object.
Is there another simpler way to reference a foreign field within an object in a data model?
Thank you.
I found this so anyone else who needs to add a column to a datamodel that does not exist in the database
using System.ComponentModel.DataAnnotations.Schema;
then you can use this:
[NotMapped]
public virtual string RoleDesc { get; set; }
Still curious if this is the best way. I guess that really revolves around your goals.
I need to store two strings as one secret value in key vault.
account="aa" key="1254"
But all SetSecretAsync syntaxes accept one string as secret value..
I am not sure if tags can be revelevant here.
Please help!
You could use Newtonsoft Json.NET to serialize an object to a JSON string:
var account = new Account { account = "aa", key = "1254" };
string json = JsonConvert.SerializeObject(account);
This string will contain this:
{"account":"aa","key":"1254"}
which can be stored as the secret.
When you subsequently load the secret, you could then use Json.NET to deserialize the string back into an object:
var account = JsonConvert.DeserializeObject<Account>(json);
As for tags, you could use a tag to indicate what's contained within the secret, and this could be useful if you'll be storing different object types within secrets (not just accounts, for instance). Tags are just key-value pairs, so you could create a tag like so:
secret.Tags = new Dictionary<string, string>
{
["Type"] = "Account"
};
But if you're always going to be storing accounts, then this isn't strictly necessary.
I have a simple post method in a MVC controller that checks whether the ModelState is valid then calls another method passing an instance of the model as a paramter. This model contains sensitive data that is easily obtained by looking at Fiddler. My goal is to somehow mask or encrypt this data so that it cannot be seen in an http trace.
I have seen posts suggesting to use Session or Temp variables but that is not an option in my case.
This is what the code looks like:
[HttpPost]
[ActionName("Search")]
[AccessControl(Xri)]
public ActionResult SearchPost(string string1, ViewModel model)
{
model.NoResults = false;
if (ModelState.IsValid)
{
if (ModelState.IsValid) return RedirectToAction("TargetAction", model);
}
}
[AccessControl(Xri)]
public ActionResult TargetAction(string arg, ViewModel viewModel)
{
.
.
.
}
Fiddler shows the following:
/TargetAction?id=01010101&date=08%2F14%2F2013%2000%3A00%3A00&To=08%2F21%2F2013%2000%3A00%3A00¶m1=somevalue¶m2=somevalue2
Is there a way to mask the url parameters shown here?
You're going to need to get SSL running on your server.
Without a server certificate from a trusted authority, there is very little you can do to encrypt the data over the wire. Why? Because you'd need to send encryption/decryption details in clear text before you start sending the data so that your client (likely JavaScript) could decode it.
Using a certificate and operating on 443 gives you built-in functionality from the server/browser that is hard to beat in a custom implementation.
If you just want to obscure the data (and put it beyond the level of most web users) you could always base64 encode the data, rather than encrypting it. Just be clear that you are NOT encrypting data and it is still possible to decode it. This approach is not a form of encryption.
If you decide to take that approach regardless, here are a few resources:
Client-side Encoding/Decoding
MSDN Reference on Encoding to Base64
Cheers.
You have two options for doing this:
Store the data on the server and give the user a token (e.g. a GUID) to pass along to retrieve the data. Since using the Session or TempData is not an option, you could store the viewmodel in the database, and then redirect the user with the token in the URL to retrieve it on the next request.
The other option would be to have the user pass the viewmodel in the URL as you're currently doing, but pass it in an encrypted format. For example, you could
serialize the model to JSON, encrypt it using one of .NET's built in encryption algorithms, and then redirect to the next action passing the encrypted string as your view model. Then you could change the target action to something like:
[AccessControl(Xri)]
public ActionResult TargetAction(string arg, string encryptedViewModel)
{
var decryptedString = Decrypt(encryptedViewModel) ; // supply the decrypt function to match your encryption
var viewModel = JsonConvert.DeserializeObject(decryptedString);
}
I have a simple web app that has a login page, the front end domain has a simple model with:
string username {get;set;}
string password {get;set;}
However it is encrypted with sha256 before it is sent over to the data domain object, originally the data domain was:
string username {get;set;}
string password {get;set;}
So I would take the password from the ui, encrypt it then using the Encoding.GetString() method, get back a string for persisting. However when I try to persist the data it just seems to give an exception, which I believe to be down to the characters in the string not being valid.
After looking around some people have recommended storing it as a varbinary(32) and using a byte[] password {get;set;} within the data layer, however I couldn't get Nhibernate to map it correctly.
So can anyone tell me the best practise on storing hashed passwords with Nhibernate and SqlServer or MySql. (The app supports both dbs)
You shouldn't use Encoding.GetString() on a SHA value since it will produce text that may not store correctly, or worse, give an exception. Rather use something like Convert.ToBase64String.