I have a utility that is using the BouncyCastle.Crypto dll (version 1.7.4, runtime version 1.1.4), in order to decrypt a file that is given to it by another system.
I just updated the pgp key (and provided the encryptor with the new public key). The new key uses 4096 bit RSA encryption and has a 24 character password, which are the only differences I can think of between the new key and the old key. The old key used I believe 2048 bit encryption with a 7 character password.
When I attempt to decrypt a file the process is now failing when calling the PgpSecretKey.ExtractPrivateKey(char[] passPhrase) function, provided by BouncyCastle. The error is "Checksum mismatch at 0 of 20."
The weird part is that the first time I tested it worked fine, then with no changes it began failing. I have tried with multiple encrypted files.
Since it's such an old version of BouncyCastle and this particular permutation of the ExtractPrivateKey function is no longer in use I am finding it difficult to locate relevant information. Any thoughts are appreciated.
I got that error once "Checksum mismatch at 0 of 20." . My issue was due to a wrong pass phrase. Hope this should help someone.
Related
We are trying to automate certain processes with Chilkat.
In particular we are trying to generate a PKCS7 document that contains the following features:
A signed xml document. This signing is done via smartcard and the
output must include the signature. For this point, we are using the
crypt2 object with :
EncodingMode, HashAlgorithm and charset attributes
SetSigningCert, OpaqueSignStringENC methods
We need also to include the signer's digital signature certificate in X.509 ASN encoding.
This second point is where we are having some problems.
We have obtained a valid signed document according to the 2 points through the createp7m method for manual testing but the point of our program is to automate the process in memory. Therefore, we are trying to use the OpaqueSignStringENC("original xml to sign") but we believe the point (2) is not being taken into account.
I don't know if anyone has encountered a similar problem. I just recently started working with encryption, certificates...sorry if I am explaining myself incorrectly.
Thanks everyone for your help and time
I have relatively less idea about encryption but i have done research on encryption in spring boot in application.properties file but i have not found any material based on multiple password encryption.If someone could provide some material or some direction as to how i would proceed will be helpful
Basically you got to do 3 things.
1. Encrypt your password using jasypt.This can be done using command line tool as indicated here or using a simple java program as indicated here. You need a password along with the string you need to encrypt. password is something like a secret key(or salt) which is used to encrypt the string you want to encrypt.
2. Add this to your application properties or yml jasypt.encryptor.password=password_used_in_the_previous_step
3. And add the encrypted password you got from step 1 like this ENC(Your_Encrypted_Password)
Add the necessary dependencies.
Here is a good example.
https://github.com/ulisesbocchio/jasypt-spring-boot.
I found that Meteor default use sha-256 to hash password. but I am confused that same password for each account after hashing become different string stored in the database. Anyone would tell the detail implementation, thx
Per the Meteor docs, accounts-password uses bcrypt.
If you look at the source code of loginWithPassword, you should be able to find out where the salt is stored. As a second source, read MasterAM's answer to Laravel & Meteor password hashing which indicates that Meteor from 2011 on uses $2y$ hash strings, i.e. PHP CRYPT_BLOWFISH, which uses
CRYPT_BLOWFISH - Blowfish hashing with a salt as follows: "$2a$", "$2x$" or "$2y$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z". Using characters outside of this range in the salt will cause crypt() to return a zero-length string. The two digit cost parameter is the base-2 logarithm of the iteration count for the underlying Blowfish-based hashing algorithmeter and must be in range 04-31, values outside this range will cause crypt() to fail. Versions of PHP before 5.3.7 only support "$2a$" as the salt prefix: PHP 5.3.7 introduced the new prefixes to fix a security weakness in the Blowfish implementation. Please refer to ยป this document for full details of the security fix, but to summarise, developers targeting only PHP 5.3.7 and later should use "$2y$" in preference to "$2a$".
Thus, look for the $2y$ string in the database, and extract the salt from it.
I need to create a private key using openssl in Qt and then use that key to sign a zip file? I dont even have a clue on how to do this! Can somebody help me to do this?
Creating a key is a multi-step process: create a "certificate signing request" CSR, give the CSR to the "certificate authority" CA, the CA will sign the certificate and return to you a public certificate. (You do this once at first program execution.) You add the certificate and private key to your certificate store (once per program execution), and then you can finally sign the file (probably using an EVP_* function). (Once per zip file.)
Good luck :) OpenSSL is a beast. I suggest using a helper tool such as TinyCA if you're also going to be your own CA. (There's nothing wrong with learning the openssl command line for CA functions, it is just a ton of extra work that doesn't get you much closer to your immediate goal. Still worth looking at.)
I've got a site using .netCART. It's running fine in production with Windows Server 2003 and .NET 2.0. On the new server (Windows Server 2008) everything is working except for credit card decryption in the store admin. No errors are being sent, no exceptions thrown, just the encrypted string being output to the screen instead of a decrypted credit card number.
Dim strCCEncrypt As String
strCCEncrypt = Trim(DataRow.Item("CreditCard"))
strCCEncrypt = tools.Decrypt(strCCEncrypt) 'tools is a .netCART utility
Has anyone had experience with .netCART, or seen this issue before?
EDIT:
After much investigating yesterday, it seems as though the problem is tied to the App Pool (which is running in classic pipeline mode on .NET 2.0), and Decryption. Can anyone tell me what the processes or services are that are tied to the default app pool which help handle decryption?
Don't know where your specific problem is, but that code snippet is equivalent to this:
Dim CCEncrypt As String = tools.Decrypt(DataRow("CreditCard").ToString().Trim())
To explain the changes:
You can skip the .Item part because it's an indexer for DataRow
But you should call .ToString(), in case of other types or DbNulls
Then use the string type's .Trim() method rather than the VB Trim() function. Trim() and other old string functions exist solely for backwards compatibility. You're better off becoming accustom to the methods attached to the string type.
In .Net, it's no big deal to declare a variable and assign to it on the same line
And in .Net, Microsoft's style guidelines specifically recommend against any hungarian-notation type warts on variable names.
The end result of this problem was that I used Reflector to get the method out, provide the key manually to perform the decryption, since the decrypt method shown above just provided a call to a method that took the key.
Check the machinekey element in your web.config. Is it possible the credit cards were encrypted with a different key than you are trying to decrypt them with?