I have presented that move in “Why doesn’t Git use more modern SHA?” in Aug. 2018 The reasons were discussed here by Brian M. Carlson: I’ve implemented and tested the following algorithms, all of which are 256-bit (in alphabetical order): BLAKE2b (libb2) BLAKE2bp (libb2) KangarooTwelve (imported from the Keccak Code Package) SHA-256 (OpenSSL) SHA-512/256 (OpenSSL) … Read more
Use M2Crypto. Here’s how to verify for RSA and any other algorithm supported by OpenSSL: pem = “””—–BEGIN PUBLIC KEY—– MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfG4IuFO2h/LdDNmonwGNw5srW nUEWzoBrPRF1NM8LqpOMD45FAPtZ1NmPtHGo0BAS1UsyJEGXx0NPJ8Gw1z+huLrl XnAVX5B4ec6cJfKKmpL/l94WhP2v8F3OGWrnaEX1mLMoxe124Pcfamt0SPCGkeal VvXw13PLINE/YptjkQIDAQAB —–END PUBLIC KEY—–“”” # your example key from M2Crypto import BIO, RSA, EVP bio = BIO.MemoryBuffer(pem) rsa = RSA.load_pub_key_bio(bio) pubkey = EVP.PKey() pubkey.assign_rsa(rsa) # if you need a different digest than … Read more
Here you go. I found it somewhere on the internet. Works well for me. /// <summary> /// Encrypts a given password and returns the encrypted data /// as a base64 string. /// </summary> /// <param name=”plainText”>An unencrypted string that needs /// to be secured.</param> /// <returns>A base64 encoded string that represents the encrypted /// binary … Read more
Once I have a list of providers, as described in JB Nizet’s post, I still don’t have a list of algorithms. I found that each Provider functions as a Properties object, and the Properties encode the algorithm names. I’m not entirely clear on if this is the correct way to look for them or not, … Read more
In fact they do agree. As Hans Doggen already noted PHP outputs the message digest using hexadecimal notation unless you set the raw output parameter to true. If you want to use the same notation in Java you can use something like for (byte b : digest) { System.out.format(“%02x”, b); } System.out.println(); to format the … Read more
UUIDs/GUIDs are specified by RFC4122. Although Version 4 UUIDs are created from random numbers Section 6 makes an explicit statement on security: Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example. A predictable random number source will exacerbate the … Read more
There is no need to make the crypto so complicated, here is a basic encrypt/decrypt method. The iv and key must be the correct length. The value context is either kCCEncrypt or kCCDecrypt. + (NSData *)doCipher:(NSData *)dataIn iv:(NSData *)iv key:(NSData *)symmetricKey context:(CCOperation)encryptOrDecrypt error:(NSError **)error { CCCryptorStatus ccStatus = kCCSuccess; size_t cryptBytes = 0; NSMutableData *dataOut … Read more
You cannot decrypt the result of a One Way Hash. What you should do instead is compare a hash of the entered password versus the stored hash in the database. Example: var password = “1234”; var hashedPassword = Sha256encrypt(password); var allowLogin = hashedPassword == storedPassword; //storedPassword from Database, etc. This is only the very basics … Read more
Here is what worked for me: <?php $str=”Content”; if (strlen($str) % 16) { $str = str_pad($str, strlen($str) + 16 – strlen($str) % 16, “\0”); } $key = ‘KEY’; if (strlen($key) % 16) { $key = str_pad($key, strlen($key) + 16 – strlen($key) % 16, “\0”); } $res1 = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $str, MCRYPT_MODE_ECB); echo strToHex($res1) . ‘ … Read more
So I have figured out the format of a CngKey exported in ECCPublicKeyBlob and ECCPrivateKeyBlob. This should allow others to interop between other key formats and CngKey for Elliptcal Curve signing and such. ECCPrivateKeyBlob is formatted (for P256) as follows [KEY TYPE (4 bytes)][KEY LENGTH (4 bytes)][PUBLIC KEY (64 bytes)][PRIVATE KEY (32 Bytes)] KEY TYPE … Read more