I created (more or less rewrited from the net) the shortest possible program to encode and decode strings.
namespace crypto
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private static string Encrypt(string toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(toEncrypt);
System.Configuration.AppSettingsReader settingsReader = new AppSettingsReader();
string key = (string)settingsReader.GetValue("SecurityKey", typeof(String));
if (useHashing)
{
MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
hashmd5.Clear();
}
else
keyArray = UTF8Encoding.UTF8.GetBytes(key);
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
tdes.Key = keyArray;
tdes.Mode = CipherMode.ECB;
tdes.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = tdes.CreateEncryptor();
byte[] resultArray =
cTransform.TransformFinalBlock(toEncryptArray, 0,
toEncryptArray.Length);
tdes.Clear();
return Convert.ToBase64String(resultArray, 0, resultArray.Length);
}
private static string Decrypt(string cipherString, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = Convert.FromBase64String(cipherString);
System.Configuration.AppSettingsReader settingsReader = new AppSettingsReader();
string key = (string)settingsReader.GetValue("SecurityKey", typeof(String));
if (useHashing)
{
MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
hashmd5.Clear();
}
else
{
keyArray = UTF8Encoding.UTF8.GetBytes(key);
}
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
tdes.Key = keyArray;
tdes.Mode = CipherMode.ECB;
tdes.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = tdes.CreateDecryptor();
try
{
byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
return UTF8Encoding.UTF8.GetString(resultArray);
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
return null;
}
finally
{
tdes.Clear();
}
}
private void button1_Click(object sender, EventArgs e)
{
this.rtfENC.Text = Encrypt(this.rtfDEC.Text, true);
this.rtfDEC.Text = "";
}
private void button2_Click(object sender, EventArgs e)
{
this.rtfDEC.Text = Decrypt(this.rtfENC.Text, true);
this.rtfENC.Text = "";
}
}
It has only two methods Decrypt and Encrypt and it works as I expect. I wonder IF I could create program/script with exactly the same functionality in Linux. Or maybe the better question HOW to do it? Is bash suitable for it ? Do I need any special/external libraries, packages ? Would it be difficult?
The method is not very secure.
3DES should not be used for new work, use AES.
If deriving a key MD5 is not secure, use PKBKDF2.
Do not use ECB mode, it is not secure, use CBC with a random iv, prepend the iv to the encrypted data.
Use a key of exactly the correct length, do not rely on any default padding.
Most languages include at least a few cryptographic functions and AES is the current standard. If possible find one that is FIPS certified and that has hardware support, reasonably current Intel chips have such support as do the A- series chips. Hardware support can eaisly be 500 to 1000 times faster.
The issue with scripting languages, and to some extent overall, is keeping the encryption key secure.
Finally, encryption by itself and/or not used with best practices does not create much security, mnore of a illusion of security.
Related
Decryption logic is missing something can you please assist.
Output is not completely decrypted.
Java Encryption Logic:
public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, ShortBufferException, IllegalBlockSizeException, BadPaddingException {
try {
String in ="This is a text message";
byte[] input = in.toString().getBytes("utf-8");
String ENCRYPTION_KEY = "RW50ZXIgS2V5IEhlcmU=";
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] thedigest = md.digest(ENCRYPTION_KEY.getBytes("UTF-8"));
// SecretKeySpec skc = new SecretKeySpec(thedigest, "AES/ECB/PKCS5Padding");
SecretKeySpec skc = new SecretKeySpec(thedigest, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, skc);
byte[] cipherText = new byte[cipher.getOutputSize(input.length)];
int ctLength = cipher.update(input, 0, input.length, cipherText, 0);
ctLength += cipher.doFinal(cipherText, ctLength);
// String query = Base64.encodeToString(cipherText, Base64.DEFAULT);
String query = new String(java.util.Base64.getEncoder().encode(cipherText));
System.out.println("query " + query);
// String query = new String(encode(cipherText), StandardCharsets.ISO_8859_1);
} catch(UnsupportedEncodingException e) { // TODO Auto-generated catch block
e.printStackTrace();
}
}
Nodejs Decryption Logic:
let crypto = require('crypto');
var decipher = crypto.createDecipher('aes-256-ecb', "RW50ZXIgS2V5IEhlcmU=");
decipher.setAutoPadding(false);
console.log(decipher.update("EncyptedText", 'base64', 'utf8') + decipher.final('utf8'));
I am trying to port an existing .net encryption code to ruby. But stuck with the key not set error.
Bellow is the .net code to encrypt a string.
private static string Encrypt(string strToEncrypt, string saltValue, string password)
{
using (var csp = new AesCryptoServiceProvider())
{
ICryptoTransform e = GetCryptoTransform(csp, true, saltValue, password);
byte[] inputBuffer = Encoding.UTF8.GetBytes(strToEncrypt);
byte[] output = e.TransformFinalBlock(inputBuffer, 0, inputBuffer.Length);
string encrypted = Convert.ToBase64String(output);
return encrypted;
}
}
private static ICryptoTransform GetCryptoTransform(AesCryptoServiceProvider csp, bool encrypting, string saltValue, string password)
{
csp.Mode = CipherMode.CBC;
csp.Padding = PaddingMode.PKCS7;
var passWord = password;
var salt = saltValue;
//a random Init. Vector. just for testing
String iv = "e675f725e675f123";
var spec = new Rfc2898DeriveBytes(Encoding.UTF8.GetBytes(passWord), Encoding.UTF8.GetBytes(salt), 1000);
byte[] key = spec.GetBytes(16);
csp.IV = Encoding.UTF8.GetBytes(iv);
csp.Key = key;
if (encrypting)
{
return csp.CreateEncryptor();
}
return csp.CreateDecryptor();
}
I have used Ruby's OpenSSL::PKCS5 library to generate key and OpenSSL::Cipher to encrypt using AES algorithm like bellow.
def aes_encrypt(input_string)
cipher = OpenSSL::Cipher.new('AES-128-CBC')
cipher.encrypt
key = encryption_key
iv = cipher.random_iv
cipher.update(input_string) + cipher.final
end
def encryption_key
OpenSSL::PKCS5.pbkdf2_hmac_sha1(PASSWORD, SALT, 1000, 16)
end
Can anyone let know where I am missing? (Padding ?)
I am retrieving a text password as input from a file and applying AES encryption over that and later on, decrypting that.
When I did it for the first time, every 4 out of 5 times it was running correctly (encryption decryption successful) but 1 time, it was throwing BadPaddingException. Following is what I wrote :
//ABCD is class name
public static void enc(String fileName, String pwd) {
try {
Properties prop = new Properties();
InputStream input = ABCD.class.getClassLoader().getResourceAsStream(fileName);
prop.load(input);
input.close();
URL url = ABCD.class.getClassLoader().getResource(fileName);
FileOutputStream outputStream = new FileOutputStream(url.getPath());
KeyGenerator key = KeyGenerator.getInstance("AES");
key.init(128);
SecretKey aesKey = key.generateKey();
String newkey = new String(Base64.encode(aesKey.getEncoded()).getBytes("UTF-8"));
Cipher aesCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
aesCipher.init(Cipher.ENCRYPT_MODE, aesKey);
byte[] clear = pwd.getBytes("UTF-8");
byte[] cipher = aesCipher.doFinal(clear);
String encPwd = new String(cipher);
prop.setProperty("password", encPwd);
prop.setProperty("secKey", newkey);
prop.store(outputStream, null);
outputStream.close();
} catch (Exception e) {
System.out.println(e);
}
}
public static String dec(Properties prop, String fileName) {
String decPwd = ABCD.map.get(fileName);
try {
String newkey = prop.getProperty("secKey");
StringBuilder pwd;
byte[] newkeybuff = Base64.decode(newkey.getBytes("UTF-8"));
SecretKey key = new SecretKeySpec(newkeyuff, "AES");
Cipher aesCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
aesCipher.init(Cipher.DECRYPT_MODE, key);
pwd = new StringBuilder(prop.getProperty("password"));
byte[] cipher = aesCipher.doFinal(pwd.toString().getBytes());
decPwd = new String(cipher);
} catch (Exception e) {
System.out.println(e);
}
ABCD.map.put(fileName, decPwd);
return decPwd;
}
I needed to fix this. Somewhere, I read that BadPaddingExcpetion occurs since of the operations done with String, in place of where actually byte should be used. Hence, I changed my code to the following :
public static void enc(String fileName, String pwd) {
try {
Properties prop = new Properties();
InputStream input = ABCD.class.getClassLoader().getResourceAsStream(fileName);
prop.load(input);
input.close();
URL url = ABCD.class.getClassLoader().getResource(fileName);
FileOutputStream outputStream = new FileOutputStream(url.getPath());
KeyGenerator key = KeyGenerator.getInstance("AES");
key.init(128);
SecretKey aesKey = key.generateKey();
byte[] newkey=(Base64.encode(aesKey.getEncoded())).getBytes("UTF-8");
Cipher aesCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
aesCipher.init(Cipher.ENCRYPT_MODE, aesKey,new IvParameterSpec(new byte[16]));
byte[] clear = pwd.getBytes("UTF-8");
byte[] cipher = aesCipher.doFinal(clear);
prop.setProperty("password", Arrays.toString(cipher));
prop.setProperty("secKey", Arrays.toString(newkey));
prop.store(outputStream, null);
outputStream.flush();
outputStream.close();
} catch (Exception e) {
System.out.println(e);
}
}
public static String dec(Properties prop, String fileName) {
String decPwd = ABCD.map.get(fileName);
try {
byte[] newkey=prop.getProperty("secKey").getBytes("UTF-8");
byte[] pwd;
byte[] newkeybuff = Base64.decode(newkey);
SecretKeySpec key = new SecretKeySpec(newkeybuff, "AES");
Cipher aesCipher=Cipher.getInstance("AES/CBC/PKCS5Padding");
aesCipher.init(Cipher.DECRYPT_MODE, key,new IvParameterSpec(new byte[16]));
pwd = prop.getProperty("password").getBytes();
byte[] cipher = aesCipher.doFinal(pwd);
decPwd=new String(cipher);
System.out.println("Decrypted pwd " + decPwd);
}
catch (Exception e) {
System.out.println(e);
}
ABCD.map.put(fileName, decPwd);
return decPwd;
}
Now, I am getting InvalidKeyException. This time, I read that the size of the key should be 16 bytes. But I don't know how to apply this. Need a fix for this!
You should check your IV (Initialization Vector) which must be the same for encryption and decryption.
A padding error usually means the decryption failed.
Check that the key is a full length (16, 24 or 32 bytes), the IV is full length (16-bytes). If the key or IV is to short it will be padded with "something"and that man not be consistent, there is no standard for such padding.
getBytes("UTF-8") may return different length of bytes depending on the characters used.
Using new IvParameterSpec(new byte[16]) for the IV is incorrect, the IV should be a random bytes. A usual method of handling the IV is to create a random IV on encryption and prepend it to the encrypted data, it does not need to be secret and by prepending it will be available for decryption.
I want to encrypt my password and store to my DB, SQL Server 2008 R2.
For that I took the password from text box and encrypted using proper function and want to store in back end.
Tell me which datatype I have to use for encrypted password column.
Namespace:
using System.Security.Cryptography;
Encrypt Function:
public static string Encrypt(string Message)
{
string Password = Message;
byte[] Results;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(Password));
TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
TDESAlgorithm.Key = TDESKey;
TDESAlgorithm.Mode = CipherMode.ECB;
TDESAlgorithm.Padding = PaddingMode.PKCS7;
byte[] DataToEncrypt = UTF8.GetBytes(Message);
try
{
ICryptoTransform Encryptor = TDESAlgorithm.CreateEncryptor();
Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length);
}
finally
{
TDESAlgorithm.Clear();
HashProvider.Clear();
}
return Convert.ToBase64String(Results);
}
Decrypt Function:
public static string Decrypt(string Message)
{
string Password = Message;
byte[] Results;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(Password));
TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
TDESAlgorithm.Key = TDESKey;
TDESAlgorithm.Mode = CipherMode.ECB;
TDESAlgorithm.Padding = PaddingMode.PKCS7;
byte[] DataToDecrypt = Convert.FromBase64String(Message);
try
{
ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length);
}
finally
{
TDESAlgorithm.Clear();
HashProvider.Clear();
}
return UTF8.GetString(Results);
}
How to use??
For Encrypt:
string encryptpassword=Encrypt(txtPassword.Text.Trim());
For Decrypt:
string decryptpassword=Decrypt(txtPassword.Text.Trim());
NOTE : txtPassword is a textbox where you can enter a password
Please help this is so important for me.
I want encrypt and decrypt querystring with digital signature but I get this error:
Bad data error
Please help This is my encrypt code:
public partial class HashQueryString : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
try
{
RSACryptoServiceProvider senderCipher = new RSACryptoServiceProvider();
senderCipher.FromXmlString(SENDER_KEYS);
RSACryptoServiceProvider receiverCipher = new RSACryptoServiceProvider();
senderCipher.FromXmlString(RECEIVER_PUBLIC_KEY);
string plainText = "milad";
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
byte[] cipherTextBytes = receiverCipher.Encrypt(plainTextBytes, false);
SHA1Managed hashalg = new SHA1Managed();
byte[] hash = hashalg.ComputeHash(cipherTextBytes);
RSAPKCS1SignatureFormatter sigFormatter = new RSAPKCS1SignatureFormatter(senderCipher);
sigFormatter.SetHashAlgorithm("SHA1");
byte[] signature = sigFormatter.CreateSignature(hash);
string ciphertext = Convert.ToBase64String(cipherTextBytes);
string signatureText = Convert.ToBase64String(signature);
hlDecrypt.NavigateUrl = "/DeHashQueryString.aspx?secret=" + Server.UrlEncode(ciphertext) + "&signature=" + Server.UrlEncode(signatureText) + "";
}
catch (CryptographicException x)
{
MessageBox.Show(x.StackTrace+"");
}
}
}
And this is my decrypt code
public partial class DeHashQueryString : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
string secret = Request.QueryString["secret"];
if (secret == null)
{
throw new ApplicationException("Secret QueryString was not provided...");
}
string signature = Request.QueryString["signature"];
if (signature == null)
{
throw new ApplicationException("Signature was not found...");
}
byte[] cipherText = Convert.FromBase64String(secret);
byte[] signatureBytes = Convert.FromBase64String(signature);
SHA1Managed hashalg = new SHA1Managed();
byte[] computedhash = hashalg.ComputeHash(cipherText);
RSACryptoServiceProvider senderCipher = new RSACryptoServiceProvider();
senderCipher.FromXmlString(SENDER_PUBLIC_KEYS);
RSAPKCS1SignatureDeformatter sigDeFormatter = new RSAPKCS1SignatureDeformatter(senderCipher);
sigDeFormatter.SetHashAlgorithm("SHA1");
if (!sigDeFormatter.VerifySignature(computedhash, signatureBytes))
{
throw new ApplicationException("Signature did not match from sender...");
}
decrypt(cipherText, RECEIVER_KEY);
}
private void decrypt(byte[] cipherText,string key)
{
RSACryptoServiceProvider cipher =new RSACryptoServiceProvider();
cipher.FromXmlString(key);
string str = Convert.ToBase64String(cipherText);
byte[]plainTextBytes=cipher.Decrypt(Convert.FromBase64String(str), false);
Response.Write("My querystring was :" + Encoding.UTF8.GetString(plainTextBytes));
}
}
I write public/private key values completely
I delete public/private key value
This is receiver_public_key:
private const string RECEIVER_PUBLIC_KEY = "zUjNd9zRuTluiiwiLu47SiIgvGl8+YQPKuyklmwXzdH8WYP2VAWIR2rpRUIsNIv/2LMLlKM69KXCIkn9SQZ0XsetAQqUK0VKO9DLUtgkJ4loSq+V6BGhpdNzjKYObdXz00g12HukV/Wq4kslB9/ghgkCmQmC1mkxaCOPtQVcBfk=AQAB6Q+Ro8TpTeT0eid9KImBsesRHGejTPxb6BCOhxMXd6RlD0BMrNk+wU62f09sVy3O55AML5fKX79d6kWDFIRDTQ==4X1Z64BdfMFI7ffnneCIquObQ9A/mf40omjsnKuk+Sx2+VGQFc7VNaA9/hpeJ+cjAnUCM+LNDoNb8jAntq5fXQ==bcooyKZlZY164eSiYCtOzpq259OmqQik3xCVo+oJfxIRjXqz5CU/G99Rt22Z0wPAWXORWgY+jpZezpLKairYbQ==Wl15478VuCFdsMBgugx5uMJuPsb+NiCBx3R1HnRLMPB43YGqVJMHLu6A6Yx3n1Yp2Zo6v8BsnRxXhL93quZGoQ==kRyYgXh/aWJdk6w2AeootIwSuok6K2yfVR0kBXsEGMJzUafpZ9M6JFL+QpoeEbrxmkh3H4IhUcJiFF59Izxo7w==f+P0RdFnQwrZp/E41p4Kh/PdCyR4/IXeYTKOkzwCVHKW0TnaM5xCu6OKcmB4Y8A4g0uAUnii2RmPaYdI6b7ArdHwtBFfJA6Xrn6NZkLa/SP1DGCLxZI+B4+wY0oY1f6ZGwol4kPrvXysnclG9kUgb0YjVMZ9aqcwHZkkSuzTLhE=";
And this is sender_key:
"zUjNd9zRuTluiiwiLu47SiIgvGl8+YQPKuyklmwXzdH8WYP2VAWIR2rpRUIsNIv/2LMLlKM69KXCIkn9SQZ0XsetAQqUK0VKO9DLUtgkJ4loSq+V6BGhpdNzjKYObdXz00g12HukV/Wq4kslB9/ghgkCmQmC1mkxaCOPtQVcBfk=AQAB";