Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
Is there any smartcard system capable of performing RSA encryption?
The purpose is to create digital signatures (e.g. based on SHA-1 hashes) of arbitrary binary data without exposing the private key.
Signature verification would be nice to have but is not required as the verification is performed by a distinct system.
To create digital signatures signing is used (not encryption). Most hardware (both smartcards and USB tokens) which can hold private keys will also perform cryptographic operations with those keys without revealing them -- that's the core purpose of this hardware.
As Eugene told, that's the key point of smart cards; the optimum scenario in respect to key confidentiality is, that the key is generated on the card itself and so never needs to leave it. Note that encryption would involve the public key, while for a digital signature obviously the private key is required. It is also important to consider, that the I/O bandwith of smart cards is restricted. A typical approach is due to performance reasons, to hash outside the card - either completely or upto the last block of text to be signed, especially if large amounts of data need to be signed.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 months ago.
Improve this question
I have an embedded system (Netburner 5441x) that consumes public-private RSA keypairs. I have ported OpenSSL into the system but the processor cannot make keypairs fast enough for the application. So the next logical step is to have the embedded system, which has Ethernet, get keys from a PC based server.
I've read about half the PKCS#N documents and it looks like it's all about object formats. Is there an accepted network protocol for transferring public-private keypairs? Would you just open a secure socket and send the PKCS objects with no other framing? Use a shared Key Encryption Key, or have the client send a public RSA key for key encryption by the server?
Is there a standard?
Edit 13Jun22 in response to StackOverflow blocking the question: This question is not asking for recommendation of a book etc., but whether a standard exists for a particular unusual use case. If such a standard existed, that citation would answer the question. Respectfully request removal of the block.
According to the Information Security Stack Exchange, there is no accepted answer for this unusual use case. The best practice seems to be setting up a web service that serves passphrase encoded key files over HTTPS, which implies SSL protection.
https://security.stackexchange.com/questions/262533/what-is-the-right-way-to-transfer-public-private-keypairs-over-intranet
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I recovered a deleted text file from a bitlocker encrypted drive using "EaseUS Data Recovery" tool. The recovered file seems to be the raw encrypted bits. Is there a way to decrypt that file since i have the bitlocker password and recovery key? I am aware that you can decrypt a whole drive, but that is not going to work. I just need a way to decrypt that one file.
I doubt it is possible. The real encryption key is stored on the harddisk; the bitlocker password (or recovery key) only give you access to use that key for decrypting. That real key (which you would need) is never visible / accessible outside the hard disk controller and its memory.
You can verify that by changing your bitlocker password - it takes only milliseconds, because it only is hashed and written onto the hard disk; the encrypted files themselves are never touched, as they still use the same old key.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
Can videocalls and textchats be end-to-end encrypted in ConnectyCube?
I could not find any indication on that on the website.
For example in Twilio, there is the following description:
end-to-end encryption: All media is routed Peer-to-Peer or via Twilio’s Global TURN infrastructure and secured using DTLS/SRTP. Twilio can never decrypt the media shared in a Peer-to-Peer Room.
End-to-end encryption for video calling
ConnectyCube uses WebRTC which provides secure video calls out of the box via DTLS/SRTP which is mandatory in WebRTC.
Encryption is a mandatory feature of WebRTC and is enforced on all components - all media streams sent over WebRTC are securely encrypted, enacted through standardised and well-known encryption protocols.
So the same what is applied to Twilio can be applied to ConnectyCube.
There are lots of very useful information about WebRTC security is available at http://webrtc-security.github.io document
End-to-end encryption for messaging
ConnectyCube provides pluggable system so any end-to-end encryption libraries and solutions can be integrated on top of the ConnectyCube messaging system, for example:
OTR
OMEMO that adapts Signal Protocol to the XMPP world.
OLM
Here is a guide how to use OTR on top of ConnectyCube https://developers.connectycube.com/guides/end-to-end-encryption-otr
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Id like to encrypt a file and share it. I'd like the file to be decrypted just one time. I was wondering if there are security or encryption protocols that can be used to implement a 1 time use scenario. In simple terms the decryption key would only be good one time.
No it's not possible, with any kind of computer and any kind of OS.
What you want is called a DRM, and your file would need to be read by a program you've coded that would destroy the file (and the decoding key) after reading. But in order to protect the decyphering program from being copied, you'd have to sign the application against your OS, and make your OS protect that file from deletion. And in order to protect your OS from being copied with the file within, you'd have to use a computer that has a chip in the CPU making everything uncopiable... That's called trusted computing.
And though it may theoretically work, it would still be possible to keep a copy of your file, and use a super computer for up to 1000 years (or one hour, depending on your algorithm and the size of your key) to find your decription key, and thus access your precious content.
For the story, sony has tried putting DRMs in their CDs, and that's what they end up creating.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am looking to provide some properiatary software with the raspberry pi as the platform (but this could be with any embedded board). I'm looking for a way for the file system to only be visible on that device.
Is this possible? How?
You could encrypt the whole disk or the volume using LUKS or dm-crypt if your distribution supports it. It's also possible to encrypt files or directories on the disk while leaving the file-system mountable (but scrambled). If you go the latter route, it would be a good coding experience to write your own software that encrypts files and then de-crypts them when a key is entered.
Either way, you'll run into an issue: Before using the clear data, someone has to input the key. If the key is stored on the card, nothing prevents an attacker reading the key from a stolen card. If it's input by a person, that person needs to manually enter the key after every boot.