Here’s how to do it properly in CBC mode, including PKCS#7 padding: import base64 from Crypto.Cipher import AES from Crypto.Hash import SHA256 from Crypto import Random def encrypt(key, source, encode=True): key = SHA256.new(key).digest() # use SHA-256 over our key to get a proper-sized AES key IV = Random.new().read(AES.block_size) # generate IV encryptor = AES.new(key, AES.MODE_CBC, … Read more
You don’t want to specify PKCS#7 padding for block cipher use. You want to specify PKCS#5 padding. PKCS#5 is specified for use with block ciphers while PKCS#7 is not (it’s use for different places like in S/MIME). I will point out that PKCS#5 and PKCS#7 actually specify exactly the same type of padding (they are … Read more
The way that the Google plugin is set up, it will be really hard for you to hide the content of the google-services.json file. The only viable way would be to re-implement yourself what the plugin already does for you, which I wouldn’t recommend. When using the plugin the way Google intends you to, it … Read more
You don’t need PyCrypto or PyMe, fine though those packages may be – you will have all kinds of problems building under Windows. Instead, why not avoid the rabbit-holes and do what I did? Use gnupg 1.4.9. You don’t need to do a full installation on end-user machines – just gpg.exe and iconv.dll from the … Read more
You can use btoa() and atob(). btoa() is like base64_encode() and atob() like base64_decode(). Here is an example: btoa(‘Some text’); // U29tZSB0ZXh0 atob(‘U29tZSB0ZXh0’); // Some text Keep in mind that this is not a secure way to keep secrets. Base64 is a binary-to-text encoding scheme that represents binary data in an ASCII string format by … Read more
You don’t decrypt authentication passwords! Hash them using something like the SHA256 provider and when you have to challenge, hash the input from the user and see if the two hashes match. byte[] data = System.Text.Encoding.ASCII.GetBytes(inputString); data = new System.Security.Cryptography.SHA256Managed().ComputeHash(data); String hash = System.Text.Encoding.ASCII.GetString(data); Leaving passwords reversible is a really horrible model. Edit2: I thought … Read more
In most asymmetrical crypto system implementation, the only fact that is ensured is that you cannot find the private key from the public key. The other way round, finding the public key from the private key is trivial in most case. For instance, in RSA, you can create public key from private key with: openssl … Read more
This message digital envelope routines: EVP_DecryptFInal_ex: bad decrypt can also occur when you encrypt and decrypt with an incompatible versions of openssl. The issue I was having was that I was encrypting on Windows which had version 1.1.0 and then decrypting on a generic Linux system which had 1.0.2g. It is not a very helpful … Read more
I have always understood NOT TO USE MySQL’s built in encryption fuctionality because the point of encryption of data at rest (in the SQL) is that if the server is compromised, the data is not at [as much] risk. The problem with the MySQL built in functionality is that it doesn’t apply to when the … Read more
I believe the difference is the padding, not the actual encrypted data. Have you tried to decrypt the strings? I believe they will show up as the same. Why is the padding different? because they are either implementing it differently, or because one is provided a file, while the other a string, which in the … Read more