I am trying to encrypt data in Android Studio (Java) and send that encrypted data using TCP communication to LabVIEW where it needs to be decrypted. Both Android and LabVIEW have predefined functions for encrypting and decrypting data using the blowfish algorithm but the Formats don't match and thus i am not able to decrypt the data at LabVIEW.I am new to this field and would really appreciate the help. Thanks.
we would like to step-up our credit card security on our web server.
Currently we are using AES which is a Symmetric-key algorithm.
we are not too happy, since if compromised the thief will have access to the decryption key.
We are thinking of switching to asymmetric cryptography (Public-key cryptography) so the decryption key will not be stored on this web server. but it seems to me that this type of encryption are not as secure as the symmetric one.
Q1: Does it make sense 2 combine the 2?
I would do as follows.
on web-server
Encrypt credit card with symmetric encryption Encrypt it again with
asymmetric encryption - public key
in Secure environment.
Decrypt w/ asymmetric encryption - public key
Decrypt w/ symmetric encryption
Q2: is it indeed true that asymmetric cryptography is less secure than Symmetric-key algorithm?
I'm working on a project that take the GPS location every 5 seconds and send it to the server, but i need to make a little of security, so i need to encrypt the location in android device and decrypt it in server side, so i'm searching for a simple algorithm to do this
Thanks in advance
The ideas for you to try:
Send your data over HTTPS. It will add the layer of security you need and it's one of the simplest methods available.
Use Java Encryption API with asymmetric cryptographic algorithm like RSA. You should probably avoid using AES or similar symmetric algorithm because you should not store passphrase in your Android app - it could be quite easily compromised.
I am trying to use asymmetric encryption to encrypt firmware. The bootloader will decrypt and update the flash. This is on a embedded device with 32 bit CPU executing at 60MHz.
I want to use ECC due to its varies advantages. I am new to encryption and my understanding os ECC as implemented in ECIES is to use ECC for the key generation and use AES for actual data encryption. Due to code and ram size, I cannot support multiple encryption algorithms.
Is there a implementation of ECC that can be used just like AES. All I am looking for is to use a "Private key" to encrypt firmware and the bootloader uses "Public Key" to decrypt it.
Thanks.
I'm not sure that you completely understand what ECIES consists of:
http://en.wikipedia.org/wiki/Integrated_Encryption_Scheme
That's quite a bit of work, and it requires a whole lot of primitives, including at least one symmetric primitive, it seems to me. That might as well be AES.
Let's start from the last sentence of the question:
All I am looking for is to use a "Private key" to encrypt firmware and the bootloader uses "Public Key" to decrypt it.
There's some confusion in terminology here. Private keys are used to decrypt (or sign) and public keys are used to encrypt (or verify). If I understand correctly, what you want is for the bootloader to verify a signature on the firmware so that only a firmware that was properly signed by yourself will be accepted by the bootloader.
There are various asymmetric signature schemes which can be used for this purpose, including some which are based on eliptic curve cryptography. For example you could use the OpenSSL implementation of ECDSA (see http://www.openssl.org/docs/crypto/ecdsa.html).
I'm afraid there's not enough information in the question to properly choose the best signature scheme (and possibly an encryption scheme as well if there is a need to keep the firmware secret). In any case, good cryptography is not enough to make a system secure and other considerations such as secure implementation are no less important.
If this is is something that is important for you to protect and that you are worried that hackers may try to break, I would strongly advise procuring the services of a security professional. Using cryptography correctly is a very tricky business that requires a full understanding of the system - otherwise you may find yourself in a situation like this
If you look for "authentication" you have to use asymmetric algorithm like EC, this usually done because if the user or process want to update the "firmware" he should identify him self to the bootloader by his "signature" to check who request this update.
After that is done, the bootloader will load the symmetric key from a secure memory to decrypt what you want to do.
So, you have a symmetric key for encryption (AES), and asymmetric two keys for authentication (=Who are you?).
Note: there is no advantages of EC on 32 bit CPU executing at 60MHz for Encryption, unless your application need asymmetric for Encryption NOT authentication, this happen due to line between the user and bootloader is not secure.
Therefore, you could use bootloader's "public key" to encrypt firmware and the bootloader uses its "private Key" to decrypt it, however, the implementation cost a lot due to the high computing for asymmetric algorithm.
Look for "lightweight cryptography", it is typical for your application.
I'm connecting mi cell phone application in J2ME to a web service and I have to send a SHA256 hash to it in order to validate some data received. I also need to be capable to store some information encrypted into the cell phone. I was thinking to use AES (rinjdael) symmetric encryption.
Anyone knows about any code example using AES encryption in J2ME ?
I would advise looking into the open source bouncycastle library.
It has been successfully used for cryptography on J2ME.