I need to Encrypt/Decrypt PowerBuilder INI File Password.
Currently Passwords are stored in plain text.(Only Password needs to be encrypted)
Example:
UserId="TEST"
DBPassword="P#ssw0rd"
Wanted to know what are the options as per latest Security Standards.
Don't need public private key management strategies.
Application is on PB12.6
I have two free examples of encryption in PowerBuilder:
http://www.topwizprogramming.com/freecode_bcrypt.html
http://www.topwizprogramming.com/freecode_cryptoapi.html
BCrypt is a newer crypto library Microsoft introduced in Windows Vista. You should be able to find something suitable using one of these examples.
Related
I'm trying to perform user authentication against a wordpress/Mysql database in ktor. As far as I know, passwords are stored in the wp_users table after a hashing transformation, performed with phpass framework.
Starting from a plain text password, my aim is to compare this password with the hash stored in the database, to understand if I have to authenticate the user or not.
Is there any support between ktor and mysql/wordpress?
Obviously, Ktor itself knows nothing about Wordpress or any other PHP techonology.
Actually, it doesn't know about databases either. There is an Exposed ORM-framework, which is often used in Ktor projects for that. It supports MySQL databases, so it will be suitable in this case too.
But I believe you will have to write this integration by yourself, cause this is a rather exotic combination of technologies (Ktor+Wordpress), and highly unlikely someone else did it before.
I finally made it!
I found out from the documentation that wordpress uses a password hashing function called bcrypt. Then I searched github for a java implementation and I got into this repository by Wolf480pl.
By copying BCrypt.java and PHPass.java files into my project, I just wrote this simple kotlin function to check the match between the hash stored into the database (I used Exposed to connect to the mySQL db) and the plain text password:
fun passwordMatch(password: String, storedHash: String): Boolean {
val checker = PHPass(8)
return checker.checkPassword(password, storedHash)
}
Just that, it works!
If I declare and create some SQLite database inside FDConnectionDefs.ini as follows
[SQLITESAMPLE]
Database=sample.sdb
Password=masterkey
LockingMode=Normal
SharedCache=false;
DriverID=SQLite
it should be encrypted with aes-256 as standard settings. FDSQLiteSecurity1.CheckEncryption is returning aes-256
Later, if I add the param Encrypt=aes-256 to that definition my apps still work correctly.
But RAD Studio Data Explorer and FireDAC Explorer will only work with a setting
Encrypt=No(with aes-256 I get some corrupt datafile message from these two apps).
If I define the Encrypt=aes-256 param from the beginning all apps do work correct.
Maybe there is some other encryption mode standard defined, if I do not declare encryption mode from the beginning? I wonder about this.
The SQLite3 DB file is either encrypted, or not, from the beginning.
You will have to maunally backup the file from one encrypted state to another.
There is no "standard" free encryption on SQLite3.
Only a few variants:
FireDAC encryption
Closed Source SQLite Encryption Extension
SQLite-Crypt commercial
SQLCipher
WXSQLite3 variant
DISQLite3 commercial for Delphi
SynSQLite3 Delphi/FPC Open Source
and probably others... all incompatible!
I'm create SQLite databse with DB Browser for SQLite (non encrypted) and open with FireDAC in delphi.(Can retrive data Eg. Select * from abc).
How encrypt this SQLite database with FireDAC? When enter username, password and encrypt get message "Cipher DB is not encrypdet"
Note:
When create SQLite database from Delphi FireDac I can use encryption!
To encrypt a database, use a TFDSQLiteSecurity Component. You'll also need a TFDSQLitePhysSQLiteDriverLink component to go along with it.
If a database is unencrypted, then its password is ''. So use '' as the OldPassword and create the new password in that case. Passwords are formatted as algorithm:PassPhrase. See documentation on the choices, I use aes-256. Also, the database needs to be closed when you do this.
...
//Change password
FDSQLiteSecurity1.Password := OldPassword;
FDSQLiteSecurity1.ToPassword := NewPassword; // example: 'aes-256:mypassword123'
FDSQLiteSecurity1.ChangePassword;
...
//Remove Password
FDSQLiteSecurity1.Password := OldPassword;
FDSQLiteSecurity1.ToPassword := '';
FDSQLiteSecurity1.RemovePassword;
...
From the Documentation
SQLite Encrypted Database
Approach
One of the distinctive SQLite
features is the high-speed strong database encryption. It allows you
to make database file content confidential and enforce integrity
control on the database file. The encrypted database format is not
compatible with other similar SQLite encryption extensions. This means
that you cannot use an encrypted database, encrypted with non-FireDAC
libraries. If you need to do this, then you have to decrypt a database
with an original tool and encrypt it with FireDAC.
Recent Delphi versions come with an example project for working with encryption on Sqlite databases, see this documentation. I have not used this myself, btw.
It includes this section
Encrypt DB
Encrypt: Encrypts the database according to the Encryption mode and the password provided.
The sampe uses TFDSQLiteSecurity.SetPassword to encrypt the database with the password provided.
The database password is the combination of <encryption algorythm>:<password>.
I have faced several challenges when first time tried to encrypt SQLite database for use with Embarcadero FireDAC. Also all information is published by Embarcadero question pops up again and again on different forums. My case was solved based on community support, but when time has permitted simple Delphi application was assembled and available on Sourceforge. Hope it will make encryption/decryption slightly easier particularly for the newbie
https://sourceforge.net/projects/sqlite-sequrity-for-delphi/
As per my knowledge and research which i have done over the internet, it seems that currently OPENAM does not support SHA-256 encryption. I am using SAML authentication in my project, and currently using old openfed jar which does not support the SHA 256 encryption. I went through the latest jar also and found that openam does not support it.
FYI ..
Following is the snippet of QuerySignatureUtil.java :
final String querySigAlg;
final String alg = privateKey.getAlgorithm();
switch (alg) {
case "RSA":
//Defaulting to RSA-SHA1 for the sake of interoperability
querySigAlg = SystemPropertiesManager.get(SAML2Constants.QUERY_SIGNATURE_ALGORITHM_RSA,
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
break;
case "DSA":
//Defaulting to SHA1WithDSA as JDK7 does not support SHA256WithDSA
querySigAlg = SystemPropertiesManager.get(SAML2Constants.QUERY_SIGNATURE_ALGORITHM_DSA,
XMLSignature.ALGO_ID_SIGNATURE_DSA);
break;
case "EC":
querySigAlg = SystemPropertiesManager.get(SAML2Constants.QUERY_SIGNATURE_ALGORITHM_EC,
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512);
break;
default:
SAML2Utils.debug.error(classMethod + "Private Key algorithm not supported: " + alg);
throw new SAML2Exception(SAML2Utils.bundle.getString("algorithmNotSupported"));
}
While going through the internet i have found the ticket https://bugster.forgerock.org/jira/browse/OPENAM-8627
But it seems that it was done only for .NET fedlet.
Can someone
Well firstly, SHA-256 is not an encryption algorithm.
Digital signatures can use SHA256 as digest algorithm, yes. As you can see in the source of the QuerySignatureUtil, the actual algorithm is now configurable and can take lots of different values. The configuration retrieval is done with the SystemPropertiesManager calls in your snippet, and the config can come from two places:
For fedlet: the properties should be defined in FederationConfig.properties.
For the OpenAM server, the settings can be found under the Common Federation Configuration in the Global settings.
If you want to take a look at the digital signature implementation, then there are two classes of interest:
FMSigProvider: this class deals with proper XML signatures, all the digital signatures will be part of the XML document as per xmldsig spec.
QuerySignatureUtil: this class mainly deals with querystring signing, which has different set of rules than regular XML signatures. In this case the signature will not be part of the signed XML document, instead the signature will be put on the query string. The SAML binding spec that describes the HTTP-Redirect binding discusses this in more details.
If you want to control the DigestMethod value within the digital signature, then you need to have a look at OPENAM-7778, that was implemented in 13.5.0.
If you want to encrypt SAML messages using 256 bit encryption algorithms, then you will need to install the JCE jurisdiction files, after that, you should be able to configure http://www.w3.org/2001/04/xmlenc#aes256-cbc as XML encryption algorithm.
I am using OpenLDAP 2.4.38 windows version.
Apache DS for ldap explorer.
Configured password encryption mechanism SSHA in slapd.conf of OpenLDAP.
password-hash {SSHA}
Now when I change password using JNDI and check in Apache DS it shows password as plaintext.
Is this Apache DS's problem or OpenLDAP is really storing in plaintext even if I configured encryption mechanism as SSHA in OpenLDAP?
I got it worked ultimately. Just updating here in case someone trying in windows version need this. Need to add the following line in slapd.conf file. include actual-location/ppolicy.schema #this is optional for SSHA but mandatory for SHA256 or SHA512 etc.password-hash {SSHA}overlay ppolicyppolicy_hash_cleartext