Using AES encryption across javascript and c# - asp.net

I'm trying to encrypt a string in javascript and then decrypt it back in server using c#. I thought of using System.Security.Cryptography.Rijndael on server side and some AES implementation like this or this on client-side.
I don't know much about cryptography, so basically I generate a key and send it to client and encrypt my text with that key and send it back to server.
My problem is that Javascript AES implementations use a key to encrypt a text but c# Rijndael class uses a key and a vector. where does that vector come from?

AES is just a block cipher, which is a cryptographic primitive. Its purpose is to encrypt one single block of data (16 bytes).
Encryption requires a lot more than that. You need a method to encrypt an arbitrary amount of data, and hopefully in a way that doesn't give away any information. To do this, you need to break the amount of data into blocks, pad the last part to a full block, and then somehow encrypt each block in a clever way. Doing that is the responsibility of the encryption mode.
The most trivial mode (electronic cookbook, ECB), just encrypts each block with the same key, but that's horribly dangerous. Other modes require some sort of initialization state, which needs to be random but can be publicly known.
To encrypt and decrypt your data, you must know both the block cipher and the encryption mode, on both sides, and you must find a way to generate the initial state on the encrypting side and to recover it on the decrpyting side to initialize the encoder and the decoder, respectively.
In a nutshell: You need a lot more information about what you're doing!

This isn't perhaps exactly what you are looking for. But I can think that what you actually need to do is implement SSL.
http://en.wikipedia.org/wiki/Secure_Sockets_Layer
This might solve your problem without needing to get involved with coding cryptography.

Related

Using AES with the same output

I have a little background of cryptography so forgive me if this is a silly question. Is there a secure way to encrypt a text using AES that produces the same output with the same input?
Edit
What i want is to store emails in a external analytics provider using AES256 or HMAC 256 (this is a company requirement). But i need to be able to decipher them lately and to distinguish between same emails without deciphering them. I know i can do this with two entries, one with AES and another using HMAC. But can i do this with AES alone and still be secure?
Yes and no. There is a mode called ECB, "electronic code book", that will always produce the same output (cipher text) for a given input (plain text) block.
However, unless you only send each plain text block one time, ECB is not secure. At first, an adversary who intercepts an encrypted message won't be able to decipher it. But, just like old time code books, as they continue to monitor encrypted messages and combine that with knowledge of the context in which they were sent, they can eventually break much of your code.
Use of ECB is generally discouraged. For most messaging applications, an AEAD mode like GCM is recommended.

AES-128 for HLS. How is it applied exactly?

Question about AES-128 encryption method mentioned here.
How exactly is this method applied over HLS media segments? Is it the MPEG-2 TS container that is encrypted (including TS/PES packet headers & PSI (!?) ) or elementary streams inside it, before packetizing them into PES payloads?
The AES-128 encryption method is encrypting the entire TS container including headers. It may seem strange if you're familiar with other systems like DVB simulcrypt, but it's very simple (or simplistic).
The SAMPLE-AES encryption method, on the other hand, only encrypts the audio and part of the video data.
Beyond that, many implementations use a nonstandard approach where the encryption method is set to NONE and a different encryption mechanism is used.

encrypt on server decrypt on client

I'm building a simple trivia game that has "hangman" style clues (where letters are revealed as the player asks for hints). I don't want to flat out send the answer with the question any user with sufficient smarts could figure it out) - rather I'd like to encrypt answers on the server and decrypt them on the client. Security isn't of huge importance I just want to make the process harder then it's worth for players. I was wondering if anyone could recommend a strategy for doing this?
A simple approach, which might be sufficiently difficult for most users, would be to send the answer and encryption key to the web client (as hidden form fields), and use Javascript to decrypt it on the fly (inside the browser). A simple exclusive-or'ing of the answer string characters with the key string should be sufficient to "shroud" the answer without requiring large amounts of crypto processing on the client side. Using more than one key string might increase the difficulty of cracking it, too.
I'm assuming that you don't want to implement full commercial-grade crypto on the client side, and also assuming that you only want to hide the answers for a few minutes at most.

Encryption using SHA1

I am developing a large application and i need encryption when a data is traveling between two machines in different continents. I have never worked on encryption. I want a simple encryption which can be handled in PHP / Ruby / Python without any dependencies.
So i decided to use HMAC SHA1.
$pad=hash_hmac("sha1","The quick brown....","mykey");
This is what i found out after some research on the internet.
How hard it is to decrypt it if someone doesn't know the key? Also, any alternatives to this?
UPDATE - thanks for all the responses. Problem solved.
It's impossible to decrypt it, even if you know the key. HMAC SHA1 is a keyed hash algorithm, not encryption.
A hash is a cryptographic one-way function that always generates a value of the same length (I think SHA1 is 128-bits) regardless of the length of the input. The point of a hash is that, given the output value, it's computationally infeasible to find an input value to produce that output. A keyed hash is used to prevent rainbow table attacks. Even if you know the key you can't reverse the hash process.
For encryption you want to look at AES.
SHA1 is a one-way-hash function, by definition it is not decryptable by anyone. The question becomes if you have a plaintext T that hashes to H. How hard is it to find another T which also hashes to H.
According to Wikipedia, for SHA1, the best known brute force attack would take 2^51 evlautions to find a plain text that matches.
If you need actual encryption where you can reverse the process, you should take a look at AES256.
See:
http://en.wikipedia.org/wiki/Cryptographic_hash_function
For a general discussion on this.
Like Andrew said SHA1 is an hash algorithm and cannot be used for encryption (since you cannot get back the original value). The digest it produce can be used to validate the integrity of the data.
An HMAC is a construct above an hash algorithm that accept a key. However it's not for meant for encryption (again it can't be decrypted) but it allows you to sign the data, i.e. with the same key you'll be able to ensure the data was not tampered with during it's transfer.
Foe encryption you should look at using AES or, if applicable to your application, HTTPS (which will deal with more issues than you want to know about ;-)
SHA-1 , MD-5 are all one way Hashing algorithms.
They just generate a lengthy string. Each and every string when subjected to these functions will yield you a lengthy string which cannot be retained back.
They are far from encryptions.
If you are looking for encryption algorithms , go for AES (Advanced Encryption Standard) , DES (Data Encryption Standard) Algorithms.
As I say, this is a hash, so not an encryption/decryption problem. If you want to implement a straightforward encryption algorithm, I would recommend looking into XOR encryption. If the key is long enough (longer than the message) and your key sharing policy is suitably secure, this is a one time pad; otherwise, it can potentially be broken using statistical analysis.

How to prove inconstructable cryptographic scheme?

I realize this question might not be that programming related, and that it by many will sound like a silly question due to the intuitive logical fault of this idéa.
My question is: is it provable impossible to construct a cryptographic scheme (implementable with a turing-complete programming language) where the encrypted data can be decrypted, without exposing a decryption key to the decrypting party?
Of course, I can see the intuitive logical fault to such a scheme, but as so often with formal logic and math, a formal proof have to be constructed before assuming such a statement. Is such a proof present, or can it easely be constructed?
Thank you for advice on this one!
Edit: Thank you all for valuable input to this discussion!
YES!!! This already exists and are called zero knowledge protocols and zero knowledge proofs.
See http://en.wikipedia.org/wiki/Zero-knowledge_proof
However, you have to have a quite a good background in mathematics and crypto to understand the way it works and why it works.
One example of a zero knowledge protocol is Schnorr's ZK protocol
No; but I'm not sure you're asking what you want to be asking.
Obviously any person who is decrypting something (i.e. using a decryption key) must, obviously, have the key, otherwise they aren't decrypting it.
Are you asking about RSA, which has different keys for decrypting and encrypting? Or are you asking about a system where you may get a different (valid) result, based on the key you use?
If by "decrypted" you just mean arrive at the clear text in some way, then it is certainly possible to create such a cryptographic scheme. In fact it already exists:
Take an asymmetric encryption scheme, eg: RSA where you have the public key but not the private key. Now we get a message that's been encrypted with the public key (and therefore needs the private key to decrypt it). We can get the original message by "brute force" (yes, this'll take an enormously long time given a reasonable key/block size) going through all possible candidates and encrypting them ourselves until we get the same encrypted text. Once we get the same encrypted text we know what the decrypted text would be without ever having discovered the private key.
Yes.
Proof: Encryption can be considered as a black box, so you get an input and an output and you have no idea how the black box transforms the input to get the output.
To reverse engineer the black box, you "simply" need to enumerate all possible Turing machines until one of them does produce the same result as the one you seek.
The same applies when you want to reverse the encryption.
Granted, this will take much more time than the universe will probably live, but it's not impossible that the algorithm will find a match before time runs out.
In practice, the question is how to efficiently find the key that will decode the output. This is a much smaller problem (since you already know the algorithm).
It's called encoding.
But everyone with the encoding algorithm can "decrypt" the message. This is the only way of keyless encryption.

Resources