AES-128 for HLS. How is it applied exactly? - encryption

Question about AES-128 encryption method mentioned here.
How exactly is this method applied over HLS media segments? Is it the MPEG-2 TS container that is encrypted (including TS/PES packet headers & PSI (!?) ) or elementary streams inside it, before packetizing them into PES payloads?

The AES-128 encryption method is encrypting the entire TS container including headers. It may seem strange if you're familiar with other systems like DVB simulcrypt, but it's very simple (or simplistic).
The SAMPLE-AES encryption method, on the other hand, only encrypts the audio and part of the video data.
Beyond that, many implementations use a nonstandard approach where the encryption method is set to NONE and a different encryption mechanism is used.

Related

Why do we still use base64 but only in limited contexts, like SMTP?

I'm trying to explain base64 to someone, but I'm not grasping the fundamental need for it. And/or it seems like all network protocols would need it, meaning base64 wouldn't be a special thing.
My understanding is that base64 is used to convert binary data to text data so that the protocol sending the text data can use certain bytes as control characters.
This suggests we'll still be using base64 as long as we're sending text data.
But why do I only see base64 being used for SMTP and a few other contexts? Don't most commonly-used protocols need to:
support sending of arbitrary binary data
reserve some bytes for themselves as control chars
Maybe I should specify that I'm thinking of TCP/IP, FTP, SSH, etc. Yet base64 is not used in those protocols, TMK. Why not? How are those protocols solving the same problems? Which then begs the reverse question: why doesn't SMTP use that solution instead of base64?
Note: obviously I have tried looking at WP, other Stack-O questions about base64, etc, and not found an answer to this specific question.

Using AES with the same output

I have a little background of cryptography so forgive me if this is a silly question. Is there a secure way to encrypt a text using AES that produces the same output with the same input?
Edit
What i want is to store emails in a external analytics provider using AES256 or HMAC 256 (this is a company requirement). But i need to be able to decipher them lately and to distinguish between same emails without deciphering them. I know i can do this with two entries, one with AES and another using HMAC. But can i do this with AES alone and still be secure?
Yes and no. There is a mode called ECB, "electronic code book", that will always produce the same output (cipher text) for a given input (plain text) block.
However, unless you only send each plain text block one time, ECB is not secure. At first, an adversary who intercepts an encrypted message won't be able to decipher it. But, just like old time code books, as they continue to monitor encrypted messages and combine that with knowledge of the context in which they were sent, they can eventually break much of your code.
Use of ECB is generally discouraged. For most messaging applications, an AEAD mode like GCM is recommended.

Using AES encryption across javascript and c#

I'm trying to encrypt a string in javascript and then decrypt it back in server using c#. I thought of using System.Security.Cryptography.Rijndael on server side and some AES implementation like this or this on client-side.
I don't know much about cryptography, so basically I generate a key and send it to client and encrypt my text with that key and send it back to server.
My problem is that Javascript AES implementations use a key to encrypt a text but c# Rijndael class uses a key and a vector. where does that vector come from?
AES is just a block cipher, which is a cryptographic primitive. Its purpose is to encrypt one single block of data (16 bytes).
Encryption requires a lot more than that. You need a method to encrypt an arbitrary amount of data, and hopefully in a way that doesn't give away any information. To do this, you need to break the amount of data into blocks, pad the last part to a full block, and then somehow encrypt each block in a clever way. Doing that is the responsibility of the encryption mode.
The most trivial mode (electronic cookbook, ECB), just encrypts each block with the same key, but that's horribly dangerous. Other modes require some sort of initialization state, which needs to be random but can be publicly known.
To encrypt and decrypt your data, you must know both the block cipher and the encryption mode, on both sides, and you must find a way to generate the initial state on the encrypting side and to recover it on the decrpyting side to initialize the encoder and the decoder, respectively.
In a nutshell: You need a lot more information about what you're doing!
This isn't perhaps exactly what you are looking for. But I can think that what you actually need to do is implement SSL.
http://en.wikipedia.org/wiki/Secure_Sockets_Layer
This might solve your problem without needing to get involved with coding cryptography.

How to identify encryption algorithm used in ciphertext?

Is there any ways to try to guess encryption algorithm used to encrypt the ciphertext?
Yes. There are some differences:
Is it a block cipher or not can be guessed from the length.
Block length
Entropy of the output (are all characters equally present? / can patterns be found?)
Recurrences (CBC or not...)
The entropy of the string is probably the best hint. A simple method to determine it is probably trying to compress it. Some methods can be found here: http://www.random.org/statistics/ They use them to make sure their numbers are as random as possible.
I've got no idea if it's really possible to determine the encryption using these methods.
Tools to see it:
PEiD with the Krypto Analyzer (KANAL) plugin
IDA Pro with the Findcrypt plugin
OllyDbg with the SnD Crypto Scanner
x3chun's Crypto Searcher
Keygener Assistant
Hash & Crypto Detector (HCD)
Draft Crypto Analyzer (DRACA)
but all to executables.
found here : http://fwhacking.blogspot.com.br/2011/03/bfcrypt-crypto-scanner.html
Quite often this information is readily available - in a good encryption scheme, only the key needs to be secret, not the algorithm used.
There are analyses you can can perform to test for particular encryptions, consult a textbook on cryptanalysis for details!
You can try fbcrypt which will scan for known hash & crypto signatures: http://fwhacking.blogspot.com/2011/03/bfcrypt-crypto-scanner.html
For now it supports MD5, CRC32, Blowfish, DES and SHA256, but more will be added soon. Anyway as the source is available you can also add your own.
It depends if you're talking about "raw encrypted data" (in that case you can use methods such as listed by "gs" in the other answer) or an encrypted file in some standard format (the most common are CMS/PKCS#7 and OpenPGP); in the latter case the encryption algorithm is explicitly indicated in the metadata contained in the very file.
For CMS you need an ASN.1 decoder such as command-line dumpasn1 program or my own web-based Javascript decoder while for OpenPGP you can use pgpdump.

How to write AES/CBC/PKCS5Padding encryption and decryption with Initialization Vector Parameter for BlackBerry

How to write a BlackBerry program for AES/CBC with Initialization Parameter ecncryption and Decryption
and this encryption and decryption should work independent on Programming language
Ex= If I encrypt some data using BlackBery I must be able to decrypt the same data using Java Program.
Thanks
Deepak
The decryption half of your question is answered here: decrypting data with AES/CBC/PKCS5Padding using blackberry
It should be easy to figure out encryption using the same pattern (use Encryptor instead of Decryptor engines, etc).
Have you read this KB article? http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/348583/800332/800779/How_to_-_Use_Basic_Encryption.html?nodeid=800640&vernum=0
You will also need to use net.rim.device.api.crypto.CBCEncryptorEngine on top of the AESEncryptorEngine (and similar for decryption).
CBCEngine allows you upto 16 bytes for across platform. so donot use CBC. try to use the default supported cipher engine.
I think ECB will be great if you use.
Thanks
Sunil Kumar sahoo
Actually, you write your own code for AES algorithm and CBC mode, it is quite simple, around some hundreds of code lines. And, there should be reference implementation in Java language.

Resources