Is it possible to decrypt master password if I have data for encryption (text) and the result of encryption of this data (BLOB).
I want to decrypt Google Chrome master password that is used for encryption data. As I know chrome uses windows API CryptProtectData function. I have plaintext1 and ciphertext1. Also I have ciphertext2 and I want to decrypt plaintext2.
Related
I am developing an application that'll decrypt encrypted files when a user successfully logs in. From what I understand, OpenSSL does not have a built-in function for this. So what I plan to do is zip up a folder and encrypt the zip file when I want to encrypt the directory and the reverse when I want to decrypt it. I will use the aes-256-cbc algorithm. The problem is, a user could change their password in my application, so the new password will generate different key and IV pair meaning that I can't decrypt the folder. Does anyone have any suggestions? Login credentials are verified on the server and encrypted zip files are located on the computer running the client application.
The problem is, a user could change their password in my application, so the new password will generate different key and IV pair meaning that I can't decrypt the folder.
The practice is not to use the user credentials to encrypt the data. If the user forgets his credentials, the user is done for.
Login credentials are verified on the server and encrypted zip files are located on the computer
That's actually giving you an option. If you don't want to store the encryption key on the client side, the server could send the key back as a part of the response and the client application could use it to decrypt or encrypt the data.
I'm looking for USB token solution for asymmetrical decryption purpose. The server has encrypted sensitive data with periodically rotating data encryption key (DEK), which is stored alongside with the encrypted data, encrypted itself with pre-distributed public key of the USB token (KEK).
The user (web browser client) logins to the single page application with username and password. User then inserts the USB token, which will trigger the following sequence:
Retrieve the encrypted DEK's from the server
Decrypt the DEK's with USB token private key
Retrieve the data from the server with the DEK's
I have looked into solutions like Yubikey, but it seems to be more focused on the user authentication than cipher services. What is the correct product to implement hardware based cipher in portable format? Expensive HSM is out of question, as multiple users should posses an instance of the portable token. Also, each instance should contain the same private key.
Nice idea, however you are having a few issues
Decrypt the DEK's with USB token private key
Currently no browser supports using decrypting by pkcs#11 (smart card or usb token keystore protocol) directly.
The browsers can use a stored keypair to authenticate and that's it. (if I missed something, please correct me).
Though you could use some local utility(non-web) to decrypt using a smartcard (gpg, openssl,...)
Also, each instance should contain the same private key.
Most of the serious smart cards allow generating a new private key, but you not importing own key material (at least the ones I had). So it is difficult to create multiple smart cards with the same keypair
What you could do is encrypt the DEK for a set of public keys
If I want to encrypt data on a server, and send it to a client program which I have implemented and sent to the customer, is there anyway that I can store the decryption key and algorithm in the client program, without risking that reverse engineering my client program will enable the user to decrypt all the data I send.
That is, I want my client program to control what it decrypts and what not.
Thanks
Jeeji
You can hard-code the algorithm with no risk. The security must be based in the secrecy of the key, not of the algorithm.
To secretly store the decryption key, you can use a keystore.
I don't know which language you are using, but Java includes its own keystore, and for C you get a keystore through NSS. To open these keystores you will need a password that the user can type in when the client application starts up.
If your client runs on linux and gnome, then you could also use Gnome's keyring, in which case the user will not need to type the password to open the keyring (the log-in password is also used to open the keyring).
I am trying to send an email using gmail smtp server. As the from address and password is needed for authentication, I have to set the same in web.config. And I wish the same to be in an encrypted format.
Ofcourse I am able to encrypt the values using' C:\Program Files (x86)\Ektron\CMS400v(x)\Utilities\ EncryptEmailPassword.exe' and so that I can set the values as encrypted form in Web.config file.
But how can I decrypt the values to its original form in code behind for the smtp server to authenticate.
I understand that you want to encrypt login and password stored in Web.config, best way to use it implemented in asp.net mechanism for that rather then Ektron.
Here you have an example how to do it on connectionstring but you can use any section to encrypt just change connectionstring parameter to something else.
http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx
Short of de-compiling the Ektron code to obtain the keys, the encrypted text cannot be decrypted.
The Ektron encryption and app settings are for using the Ektron API to send emails. You don't need to decrypt because the Ektron library will do it for you.
As #Cezary states, one option is to not use Ektron email API and use ASP.Net.
I want to decrypt view state of one of page from my site .View state is encrypted.
I have both validation key and encryption key.
I have view state in encrypted string format. How to decrypt this string in c#
There are quite a few tools available for that like fiddler (this is a free add-on download for mozilla) or charles debugging tools.