I am working with a piece of hardware that encrypts data using Triple Des DUKPT (ANSI Standard). I have access to the KSN and the encrypted track2 data from this I need the data to be decrypted.
Can somebody help me by providing the DUKPT C++ code/library?
Regards
user1
I started this quest a long time ago here: Decrypting DUKPT Encrypted Track Data
Here is a .Net implementation: https://github.com/sgbj/Dukpt.NET
Here is a java implementation from jPOS: https://github.com/jpos/jPOS/blob/master/jpos/src/main/java/org/jpos/security/jceadapter/JCESecurityModule.java#L1843-1856
Good luck!
Related
I have a problem like this, I'm using Pentaho COmmunity edition for some reporting and analysis purposes. In my side I have a table with encrypted values which were encrypted using a secret key. When I fetch data using Pentaho those values comes as encrypted values. How can I get the decrypted values. Is there a work around.
If the encryption is DES, AES or TripleDES you can use the "Symmetric Cryptography" step in the transformation. There is also a PGP decryption step if that's what you have.
Anything else probably needs a custom Java step that loads the needed libraries and executes the decrypt.
I have a Java application (an ESB - Enterprise Service Bus) which deals with customer sensitive data and have a requirement of supporting Data encryption at rest in order to prevent data abuse.
The application stores customer data for processing on the file system and application interacts with it through java.io.File API. So basically, I need to encrypt the file before it is persisted on the file system by the application and then decrypt it before application reads it so that it can be parsed and processed.
Are there any good frameworks or libraries that can help me implement Data encryption at rest? I am planning to use PGP encryption/decryption for implementing Data encryption at rest.
I am looking for best and recommended approach for implementing Data encryption at rest within my Java application and any help shall be appreciated.
Why on Earth would you think pgp is the right tool for this? Seems to me that you only need a symmetric key solution, so pgp feels like the wrong answer.
Cryptography in Java is a minefield. Easy to do things wrong, hard to do things right.
Having said that, you have a better chance to not screwing up if you use BouncyCastle rather than something else. They have example code that shows you how to do various operations.
For encrypting data at rest, I recommend you use AES in either CBC mode or CTR mode. If using CBC mode, make sure you choose your IV in a cryptographic secure way (unpredictable). Also, never re-use an IV for any mode of operation.
You should also consider whether you need message integrity. General guidance about symmetric encryption here.
Even though people often get crypto wrong, the bigger problem is key management. That's a whole new can of worms (and don't be fooled into thinking pgp provides a solution to this: all it does is shifts the problem to somewhere else).
I'm looking for the logic to decrypt (not only decode) QR Codes. Recently I have seen several applications that encrypt QR codes like QuickMark. For example this QR decrypts to "StackOverflow" with the password "pass":
I you use a normal QR Reader without decryption we get (this is the actual output of the QR above):
PE:r������Q�\�9:
Whats the login behind encrypting and decrypting QR Codes?
Is there a code sample or library (in any language or pseudo-code) that already performs these operations?
From my research I've found that the encryption is not simply achieved by running a cryptographic function like SHA and simply encoding that into a QR... I have tried unencrypting the content "r������Q�\�9:" (without the PE:) with tools like this Online Encrypt Decrypt String and with several algorithms, using the passphrase "pass" but I can't see the text "StackOverflow".
From QR Encryption: Encrypted QR codes, which are not very common, have a few implementations. An Android app, for example, manages encryption and decryption of QR codes using the DES algorithm (56 bits).
You will need to know the encryption password or key. The only hope is a simple/common password for a brute-force attack, other than that the there is little hope to decrypt the data, even though DES is a weak algorithm.
SHA* is not encryption, it is a cryptographic hash code which are one-way functions, that is there is no way to un-scramble them back to the original.
Encryption is used to allow those authorized to have access. The Japanese immigration system uses encrypted QR codes when issuing visa in passports.
I want to be able to store some data on disk after being downloaded from a server that will be fairly resistant to hacking!
What I was going to do was encrypt the data with a private key on the server and decrypt it with the public key in the client, but the data is going to be arbitrary length and will be larger then a RSA private key.
My thinking was doing it this way would mean that if a hacker managed to decompile the code and get the encryption key they would be able to decrypt it but they wouldn't actually be able to modify the data as they would still need to the private key to encrypt it again after modification for the client to load!
So i thought of a combination of asymmetric encryption with symmetric encryption to store the data. So a symmetric encryption key would be asymmetrically encoded by the server and stored along side the symmetrically encrypted data then the client would decrypt the symmetric encryption key with its public key then decrypt the data!
But then I realised a hacker would just need to decompile the code, get the public key, decrypt the symmetric decryption key, decrypt the data, modify it then re-encrypt with the symmetric decryption key and he has hacked the system.
My question is does anyone have a suggestion in how I could go about storing this data on the client without it being hackable without knowing the private key! The data needs to be decrypt-able offline without any connection to a server required! So this rules out getting the data/keys from the server all the time!
There is no secure way to store data on the client. When data is on the client, a dedicated mind has all the tools and all the time in the universe to crack the best encryption that you can come up with.
There are two solutions:
Trust your client.
Stream the data.
Comments: If your client is also your enemy, then there is no way you can make business with them. The movie industry learned this, the music industry learned this, the book industry is learning it and the games industry is following. These people spent billions in clever DRM technologies and they all failed.
You want the customer's money? Then treat them accordingly.
Streaming is about the only workaround that balances trust and security. Streaming means that at any time, only a small fraction of the data is on the client at any time and combining the fragments into a whole data set is complex.
I want to do searching on encrypted data. Which means that there is the need to have the same ciphertext every time I encrypt the same plaintext. I.e. think of a list of encrypted names and I want to find all "Kevin"'s in it. I would now encrypt "Kevin" and search the database for the encrypted text. All hits will be "Kevin"'s — but still only the one who has the password knows.
Now my question: What about security if I use the same salt and IV (to get the effect described above) all the time? Is the encryption still secure? Or is there any other method to do searching on encrypted data?
If you want to do a deterministic encryption then you should use an encryption mode
that has been designed for deterministic encryption (and not modify an encryption mode designed for something else).
One possibility is the SIV encryption mode described in
RFC 5297.
(Of course, deterministic encryption has its drawbacks, but discussing this is not part of this question.)