Is there any way to create in Lotus Domino an encrypted string which will be used as a variable in a URL then decrypted it on a PHP site? I'm not familiar with Lotus Domino if can be used something like openssl_encrypt or one of the method similar to PHP mcrytp and a "salt" key?
Lotus Domino supports programming in Java. If there is Java code that you can use to do encryption that is compatible with your PHP, then the answer will be yes. That will depend on the details of what you can do in PHP, and I'm not familiar with that enough to know for sure, but this question and answser here on StackOverflow strongly suggests to me that the answer is yes -- as long as you get all the little details of encryption modes, padding, encoding, etc. right.
Related
I have a Java application (an ESB - Enterprise Service Bus) which deals with customer sensitive data and have a requirement of supporting Data encryption at rest in order to prevent data abuse.
The application stores customer data for processing on the file system and application interacts with it through java.io.File API. So basically, I need to encrypt the file before it is persisted on the file system by the application and then decrypt it before application reads it so that it can be parsed and processed.
Are there any good frameworks or libraries that can help me implement Data encryption at rest? I am planning to use PGP encryption/decryption for implementing Data encryption at rest.
I am looking for best and recommended approach for implementing Data encryption at rest within my Java application and any help shall be appreciated.
Why on Earth would you think pgp is the right tool for this? Seems to me that you only need a symmetric key solution, so pgp feels like the wrong answer.
Cryptography in Java is a minefield. Easy to do things wrong, hard to do things right.
Having said that, you have a better chance to not screwing up if you use BouncyCastle rather than something else. They have example code that shows you how to do various operations.
For encrypting data at rest, I recommend you use AES in either CBC mode or CTR mode. If using CBC mode, make sure you choose your IV in a cryptographic secure way (unpredictable). Also, never re-use an IV for any mode of operation.
You should also consider whether you need message integrity. General guidance about symmetric encryption here.
Even though people often get crypto wrong, the bigger problem is key management. That's a whole new can of worms (and don't be fooled into thinking pgp provides a solution to this: all it does is shifts the problem to somewhere else).
I am currently using Solr to perform search services over some sensitive records.
As Solr/lucene provides fast searching by storing inverted indexes of the sensitive information in plain text on a disk there is a requirement to encrypt these index files so that unauthorized people can't have access to them by bypassing the system's security.
I found there are similar patches open on Apache JIRA AES encrypted directory and Codec for index-level encryption.
AES encrypted directory looks promising but this patch has been implemented for lucene 3.1 as I am using the newer version, I am not sure if this patch can be used with lucene version 5 or higher.
I was wondering if there is a way to implement a security measure that encrypts the indexes or if it is possible to write some custom plugin which can encrypt/decrypt the indexes on I/O level(i.e FsDirectory)?
The discussion in the comment section of LUCENE-6966 you have shared is really interesting. I would reason with this quote of Robert Muir that there is nothing baked into Solr and probably will never be.
More importantly, with file-level encryption, data would reside in an unencrypted form in memory which is not acceptable to our security team and, therefore, a non-starter for us.
This speaks volumes. You should fire your security team! You are wasting your time worrying about this: if you are using lucene, your data will be in memory, in plaintext, in ways you cannot control, and there is nothing you can do about that!
Trying to guarantee anything better than "at rest" is serious business, sounds like your team is over their head.
So you should consider to encrypt the storage Solr is using on OS level. This should be transparent for Solr. But if someone comes into your system, he should not be able to copy the Solr data.
This is also the conclusion the article Encrypting Solr/Lucene indexes from Erick Erickson of Lucidwors draws in the end
The short form is that this is one of those ideas that doesn't stand up to scrutiny. If you're concerned about security at this level, it's probably best to consider other options, from securing your communications channels to using an encrypting file system to physically divorcing your system from public networks. Of course, you should never, ever, let your working Solr installation be accessible directly from the outside world, just consider the following: http://server:port/solr/update?stream.body=<delete><query>*:*</query></delete>!
I have been reading a little bit about Encryption.
I'm currently in a project where I'll need to Encrypt/Decrypt data based on a key (user password), but the problem is:
- I'll need to encrypt/decrypt in several client applications built with different languages. Example:
- PHP
- C++
- Java
etc.
What should I do? is there any good (and free) lib that was written to different languages?
thank you
you don't need to have one-and-the-same-lib for different platforms...
as long as the choosen ciphers & keys & modes of operation are the same, it shouldn't really matter.
for example i've had no problems with AES encrypting in c# using the crypto service provider which ships with the .net framework and decrypting using the openssl module for php ...
there sometimes are some hurdles, like byteorder, encoding, etc. but if you take a closer look there's no black magic ...
I'm trying to develop my own encryption algorithm for J2ME mobile application with MIDP2.0.
But I don't have any experience in encryption algorithm, Guys please give ideas for me.
I would like to encrypt document and I need to maintain that document in resource directory, Thats why I need encryption from hacking others.
Don't. Crypto is highly specialised, and the smallest mistake can result in a weak cypher. There are plenty of good crypto algorithms out there, such as AES, Salsa20 and others. Use one of them. That also saves you the trouble of writing your own code since there are libraries available.
Read Bruce Schneier on amateur cryptography: Memo to the Amateur Cipher Designer and when you have read it, drop any thoughts of designing your own cypher and use one of the standard cyphers. AES-CTR + HMAC or AES-GCM are my personal preferences, YMMV.
a) I completely agree with rossum. Don't write your own encryption. It's really bad idea (one wrong step and it won't be secure at all).
b) I believe there is Bouncy castle encryption library (http://www.bouncycastle.org/latest_releases.html) which supports J2ME.
c) I recommend to read following article which gives information and examples for encryption/decryption of data on j2me (http://www.ibm.com/developerworks/java/tutorials/wi-encrypt/index.html)
I need an SQLite implementation that allows me to have the db file encrypted on disk, for security reasons. I noticed that SQLite only works with regular files, and that there's no implementation that supports streams available (oddly enough, as many people seem to want one). If I had such an implementation, I could easily pass it a stream that encrypts/decrypts the file first.
After googling and reading about the matter, it seems like a custom VFS might solve the problem, implementing only the file methods to open, read, write etc. to a stream instead of a regular file (the other methods may keep the default behavior).
My question then is as follows:
1. Does that sound like the correct approach?
2. Is there really no such implementation available??
Thanks.
If you just need an encrypted sqlite database there is The SQLite Encryption Extension. If not- ignore my answer.