During API automation, I do have a requirement to encrypt the password and decrypt runtime just before using it in Karate.
Is there any specific inbuilt method available to do so?
If it is not available, can anyone please guide me on how to do this?
There's nothing built into Karate because you can easily plug in anything via Java interop: https://github.com/intuit/karate#http-basic-authentication-example
You can find plenty of Java code examples that will do what you want.
Related
I have been tasked to integrate a Classic ASP website with the SageOne API. As part of their authentication you are required to provide a HMAC-SHA1 signature. I've found how to do this with SHA256 here: hash_hmac in using pure classic ASP, which worked in that it produced the hash, but was not valid for the API. I've found similar code for SHA1 here: https://precompiled.wordpress.com/2007/11/26/hmac-sha1-encryptie-onder-classic-asp/ but unfortunately the link to the required wsc file is no longer valid. I've not been able to find it elsewhere. Has anyone come across this file elsewhere? Or could anyone point me towards an alternative way of doing this?
Your sha1.wsc can be found at https://github.com/chakphanu/labs/blob/master/classic-asp-s3/sha1.wsc
I will not include it here as I don't want to examine the license requirements.
I was looking for a solution to sign XML using unexportable private key (this require passphrase/secret password to be informed by user input for create the hash using it) contained in usb token (smartcard etc) for a web application. I have made a c# class library to make this but obviously the code is executed in server-side, so I can't access the usbtoken/smartcard of the client over internet, unless it's plugged in the server pc (so my solution may be installed in local network of my customers and the usbtoken plugged in server's usb. It's working like that today but I want to change this for the customer use its token in his machine)
I have created a code using SignedXml, X509Certificates and other classes, to achieve this, but I was looking for equivalents in silverlight class library for encapsulate all this things and execute it in client side, but unfortunately SignedXml can't be used in Silverlight (not exists..).
I have created an ActiveX for doing this successfully but my solution now only works in Internet Explorer/Windows, and it's not very easy to maintain because of my business logics.
Anyone can help me with this please? Any suggestions are very welcome.
If I can port my activex solution to silverlight, or if its possible to do that using other MS Technology that can be executed in other browser/OS.
Sorry for bad English, not a native speaker. Thank you.
Java applet is a better option than the ActiveX.
Silverlight won't give you access to certificate storages, and its development has stopped (Silverlight 5 is officially the last version).
Our company offers a ready to use solution for distributed cryptography which includes ActiveX, Java applet and Flash module for client-side activities. This solution is discussed in details in this answer.
I need a simple,small and efficient program for the following thing to do.
A small interface to choose a file from my PC.
Press encrypt/De-crypt button to do select whichever you need.
If encrypt is pressed, generate a random key and encrypt with some algorithm based on that key.
If decrypt is pressed decrypt the file using some algorithm.
I am planning to do it in visual C++. Can anyone please suggest a small program in VC++ to do this? or please tell me the library name where I can get all the functions to do the above.
If you think that there is some better language or framework available to do instead of VC++, please suggest. Thanks. I would very much grateful to you for this help.
Visually C++ can call clr code when compiled with these options. Once you have done that, you can use this api or the far more secure version that Microsoft published here. I'd use the second because then you get authenticated encryption for free. Otherwise you need to hmac the data and check it on the other end, which is a pain. In either case, make sure you use a random IV each time ( by default when you instantiate aes in .net , it creates a random IV so just use that). Prepend it to the message and retrieve it when you decrypt
I've a dataconfiguration.config encrypted file for an application on ASP.NET Framework 3.5
I need to change my connection string, how can i decrypted and read this file?
Security it's not an issue, I'm on a development enviroment.
Any tip will be preciated.
Thanks.
A common way to encrypt ASP.NET configuration sections (such as ConnectionStrings) is to use Protected Configuration. However if your file does not read as XML, this method was not used or was not the only level of encryption used. It sounds like maybe there was a third party tool involved.
If I were you, I would probably create a new config file, and find everywhere in the project the old config file was referenced to point things at the new file.
If that is not possible, maybe you'd have better luck posting a question in a general cryptography category or doing some searches on the subject. I know some encryption can be identified by look at the encrypted data. Some encryption schemes are designed specifically to hide that though. Good luck.
My application is using Qt 4.6 to access sqlite. Now I have a requirement to encrypt sqlite database. On searching i do find SEE but this is licensed.
My problem is: I want to encrypt sqlite database using QT or some open source solution that is compatible with Qt. Do tell me some link or tutorial if you know.
Sqlcipher SQLite extension is what you need. Look into QTCentre about building sqlite version which supports encryption out of the box. The main benefit of this version that it provides standard qt sql interface via custom plugin. Also, it is BSD-like licenced.
Not sure if this is a good solution, but how about encrypting the file before opening the database and encrypting it again after closing it?
In any case, I don't think there's any way to make the data 100% secure. There will always be a moment where the data will be unencrypted (when your app reads it) and anybody could retrieve it at that time.