Is there a way given a file of a public and a private key to en- and decrypt a String using dart? I'm talking about a high level interface for this because the existing libraries like cipher only enable low level access and a manual extraction of modulus and public exponent.
In the meantime, I wrote my own RSA implementation.
If anybody else needs something like this (high level
access to encryption and decryption methods), here
is the link:
https://github.com/Adracus/rsa
Related
The requirement is, there would be two devices(alice and bob)generates public and private keys using diffie hellman. public keys would get exchanged bewteen both the devices (alice and bob) and generate a secret key with their private keys.
This is for iOS, either in Objective C or Swift. I have tried with raorafat(GitHub code) and other source codes; however, no solution was really drawn for my requirement.
One thing if I share my public key to server how would server deal with my public key to generate symmetric key.
You can use Apple's CommonCrypto library from Swift. For example of using CCDH, see https://opensource.apple.com/source/CommonCrypto/CommonCrypto-60118.50.1/test/CommonCrypto/CommonDHtest.c.auto.html
You can import it using
import CommonCrypto
in your Swift project.
I am implementing PSUOAuth2 for OpenBank Apigee - DevPortal (Drupal-8).
In creation of JSON Web Signature, few arguments are unclear to me.
(Check out specification here).
First is the private key, can I use any general private key or is there a specific private key to be used. (I checked in Apigee Interface, there is possibility to download a Public Key Certificate but no private key as they are never distributed).
Second in JOSE Header Object to be constructed there is a parameter called kid (described as ''certificate id" in specification).
I need to use SHA-512 in my code to hash passwords.
Now I use o.s.s.authentication.encoding.PasswordEncoder while it is initialized to ShaPasswordEncoder(512).
In addition, o.s.s.authentication.encoding.PasswordEncoder supports method
String encodePassword(String rawPass, Object salt) that allow to store salt separately from the password.
Unfortunately, o.s.s.authentication.encoding.PasswordEncoder is deprecated.
Also, o.s.s.crypto.password.StandardPasswordEncoder supports only SHA-256.
In addition it is final class and does not allow its overloading to support SHA-512.
How to use SHA-512 with o.s.s.crypto.password.StandardPasswordEncoder?
Why there is no public method that allows to pass salt stored externally?
Well I must admit that it is not the most coherent part in Spring Security ... DaoAuthenticationProvider.getPasswordEncoder() returns a o.s.s.authentication.encoding.PasswordEncoder which is deprecated according to the javadoc !
The trick is that DaoAuthenticationProvider.getPasswordEncoder() takes an Object as parameter, and this Object may be a o.s.s.authentication.encoding.PasswordEncoder ... but do not try to do a get !
As per my understanding, o.s.s.crypto.password.StandardPasswordEncoder is an example with medium security and a fixed SHA-256. If you want a higher level of security, you can use a o.s.s.crypto.password.BCryptPasswordEncoder which uses the robust BCrypt algorythm with a configurable level. After viewing the sources, I can confirm than both use salt and store it internally in encoded password.
Perhaps somebody from Spring Security team could explain the reasons for those (discutable) choices regarding the impossibility to change digest algorythm but I cannot ; maybe it is simply because for using SHA it is enough to stick to the (not deprecated) ShaPasswordEncoder. I simply noted this remark in StandardPasswordEncoder : If you are developing a new system, BCryptPasswordEncoder is a better choice both in terms of security and interoperability with other languages.
So, either you follow the advice of the author of StandardPasswordEncoder, and use directly BCryptPasswordEncoder, or you will have to roll your own.
It is enough to copy the source of StandardPasswordEncoder, to stick to the org.springframework.security.crypto.password package, because there are package private imports, and modify the 2 argument constructor to be public as :
public ConfigurablePasswordEncoder(String algorithm, CharSequence secret) { ... }
All this is more a collections of workarounds than a clean solution, but I never found a better way !
As a conclusion, I would say that only the interface o.s.s.authentication.encoding.PasswordEncoder is deprecated, because it stores the salt outside of the encoded password. So it should not be used for further developpement of password encoders. But its implementation classes are not deprecated (neither in last 3.2 release version, nor in 4.0.0M2) and you can safely keep on using ShaPasswordEncoder if it meets your requirements.
My idea is to avoid magic string keys in my Asp.Net MVC application.
To do so, I want to create string constant keys to be shared in the application.
For example, I can write TempData[MyConst.Message] instead of TempData["Message"].
public class MyConst
{
public const string Message = "Message";
}
My questions are: Is it a good idea to do this way?
Instead of custom classes put your strings in a resx file. VS will generate a class for you and it will be easier for you to translate them into a different language in the future should the need arise.
There is nothing specific you need to do for MVC.
Take a look here:
http://msdn.microsoft.com/en-us/library/fw69ke6f(v=vs.80).aspx
http://support.microsoft.com/kb/917414
http://msdn.microsoft.com/en-us/library/ms227427.aspx
For 'internal' usage I would prefer Enums over strings.
I need to use the JSON parser in my iPhone application. We have API's which are used to parse the data.
I just want to know, how can we do without using any API ?
Thank you.
Use the APIs.
Use the APIs.
Use the APIs.
They're quick, they've been tested to work, and you don't have to think about them.
If you're still committed to writing a JSON parser (and/or if this is an academic pursuit), then you're likely to benefit from researching the JSON specification and brushing up on [your platform of choice]'s string operations and regular expressions library. Then, as #alexanderb suggests, create a small library of classes and/or functions to support you.
Yes, you can. Since JSON is a simple string, you could create your own parser that is able to serialize string to target object.
For instance, you have JSON like that
{ description: "my description", value: 10 }
You can extract description value, by regex and return object of class, like
class Target
{
string Description;
int value;
}
But, of cause it always a good idea to use time-proven JSON parsers.
Copy the 8k of these 238 lines (+/- comments) into your code:
http://code.google.com/p/json-sans-eval/source/browse/trunk/src/json_sans_eval.js?r=12