I have to send a username and password from my iphone app to a ASP server page, and I will encrypt them using: http://iphonedevelopment.blogspot.com/2009/02/strong-encryption-for-cocoa-cocoa-touch.html. What is the best way to decrypt these strings on the ASP page? I found some examples, but since the encryption will happen on two completely unrelated sides, I think I need to hard code the key in on both sides, and I can't find any examples that don't have use generated keys.
Thanks!
Yes, key management is a big problem. You will have to have the keys on both sides, on iOS you can save the key in the Keychain, that is secure but the process to get it there securely is more difficult.
The other main issue is getting all the parameters the same on both sides. Of particular interest are
encryption key value and size
mode: CBC, ECB, etc. (you should probably be using CBC)
initialization vector (iv) is needed for most modes
padding method: PKCS7, etc. (AES is a block cypher and needs input
in a multiple of block size)
Why not store the passwords in the database with SHA1, then use HMAC with a client specified key for the communication?
Have the server generate a random key and send it with the login request. The client computes the SHA1 hash of the password, then computes the HMAC SHA1 hash of that using the server-specified key. The server then verifies that the result is correct.
On the client end:
// password is the plaintext password
// keyb64 is a random key specified by the server, encoded in base64.
string ComputeSecureHash(string password, string keyb64)
{
byte[] data = Encoding.UTF8.GetBytes(password);
byte[] key = Convert.FromBase64String(keyb64);
byte[] hash;
byte[] machash;
// compute a plain SHA1 hash of the specified data
using (SHA1Managed sha1 = new SHA1Managed())
{
hash = sha1.ComputeHash(data);
}
// now compute a HMAC hash of that hash, using the random key.
using (HMACSHA1 sha1mac = new HMACSHA1(key))
{
machash = sha1mac.ComputeHash(hash);
}
return Convert.ToBase64String(machash);
}
On the server end:
// hash is the string produced by the function above
// realHash is the SHA1 hash of the real password, which you've fetched from the db
// key is the key you generated for this login session
bool VerifyHash(string hash, byte[] realHash, byte[] key)
{
byte[] machash;
using (HMACSHA1 sha1mac = new HMACSHA1(key))
{
machash = sha1mac.ComputeHash(realHash);
}
return (Convert.ToBase64String(machash) == hash);
}
This allows you to authenticate over a plaintext medium without having the password cracked.
Related
My application is acting as a switchboard to transfer very sensitive messages between two parties and I'm trying to figure out how I can do this without "looking" at the message they're trying to send.
I have a HSM, and I've generated a keypair for the sender - they're going to encrypt the message with their public key that I gave them, and I can decrypt the message using the private key I have in the HSM.
I'm going to then pass that message on by encrypting it with the public key of the ultimate receiver, which I have.
Is there any way to chain these two operations inside the HSM, without having the decrypted message anywhere near my application memory? I would like the plaintext content to never leave the boundaries of the HSM.
I know that some HSMs have a CodeSafe / SEE machine feature that lets me write embedded system code and run it inside the HSM, before I get into that I'd like to see if there's a way using the general PKCS / JCE / CNG APIs to do this safely.
If all you need is to re-encrypt the same secret under a different key, you can use C_Unwrap to create a temporal HSM object with value of the translated secret and then use C_Wrap to encrypt the value of this temporal HSM object for all the recipients.
This way the secret will never leave HSM.
Something like this (verified to be working on SafeNet Luna 7 with RSA-OAEP):
// Your private key for 'decrypting' secret. Must have key unwrapping allowed
CK_OBJECT_HANDLE hsmPrivateKey = ... ;
// Encrypted secret
byte[] wrappedKey = ... ; //
// Template for temporal generic secret key with value of the secret
CK_ATTRIBUTE[] tempTemplate = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA.CLASS, CKO.SECRET_KEY),
new CK_ATTRIBUTE(CKA.KEY_TYPE, CKK.GENERIC_SECRET),
new CK_ATTRIBUTE(CKA.TOKEN, false),
new CK_ATTRIBUTE(CKA.PRIVATE, true),
new CK_ATTRIBUTE(CKA.EXTRACTABLE, true),
new CK_ATTRIBUTE(CKA.SENSITIVE, true),
new CK_ATTRIBUTE(CKA.ENCRYPT, false),
new CK_ATTRIBUTE(CKA.DECRYPT, false),
new CK_ATTRIBUTE(CKA.WRAP, false),
new CK_ATTRIBUTE(CKA.UNWRAP, false),
new CK_ATTRIBUTE(CKA.SIGN, false),
new CK_ATTRIBUTE(CKA.VERIFY, false),
new CK_ATTRIBUTE(CKA.DERIVE, false)
};
// Unwrapping/decryption mechanism
CK_MECHANISM mechanism = ... ;
// Handle for temporal generic secret key with value of the secret
CK_OBJECT_HANDLE temporalValueHandle = new CK_OBJECT_HANDLE();
// Unwrap/decrypt the secret into temporal key
CryptokiEx.C_UnwrapKey(session, mechanism, hsmPrivateKey, wrappedKey, wrappedKey.length, tempTemplate, tempTemplate.length, temporalValueHandle);
// Wrap/encrypt the secret for recipients. Recipient public keys must have key wrapping allowed
for(CK_OBJECT_HANDLE recipientPublicKey : ... ) {
LongRef resSize = new LongRef(0);
CryptokiEx.C_WrapKey(session, mechanism, recipientPublicKey, temporalValueHandle, null, resSize);
byte[] rewrappedKey = new byte[CryptokiUtils.safeIntCast(resSize.value)];
CryptokiEx.C_WrapKey(session, mechanism, recipientPublicKey, temporalValueHandle, rewrappedKey, resSize);
System.out.println("Re-wrapped key: " + bytesToHexString(rewrappedKey));
}
// Delete temporal generic secret key
CryptokiEx.C_DestroyObject(session, temporalValueHandle);
Good luck!
I am trying to learn and implement JWE in java for a problem statement. I am trying to understand how does the Content Encryption Key is generated using a certain algorithm(let's say RSA-PKCS1_1.5).
I have knowledge on how to generate a pair of the key using the key generator, then using the public key for encryption and private key for decryption. Also, I am aware of how to create a simple JWT token by giving claims and also how to sign them.
I am trying to follow the steps:
The message encryption process is as follows:
Generate a random Content Encryption Key (CEK). The CEK MUST have a length at least equal to that of the required encryption keys and MUST be generated randomly.
Encrypt the CEK for the recipient
Generate a random IV (if required for the algorithm).
Compress the Plaintext if a zip parameter was included.
Serialize the (compressed) Plaintext into a bitstring M.
Encrypt M using the CEK and IV to form the bitstring C.
Set the Encoded JWE Ciphertext equal to the base64url encoded representation of C.
Create a JWE Header containing the encryption parameters used.
Base64url encode the bytes of the UTF-8 representation of the JWE Header to create the Encoded JWE Header.
The three encoded parts, taken together, are the result of the encryption.
public static void main(String[] args)
throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
//ASYMMETRIC ENCRYPTION
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keys = keyPairGenerator.generateKeyPair();
byte[] publicKey = keys.getPublic().getEncoded();
byte[] privateKey = keys.getPrivate().getEncoded();
System.out.println("PUBLIC KEY ::: " + Base64.encodeBase64String(publicKey));
System.out.println("PRIVATE KEY ::: " + Base64.encodeBase64String(privateKey));
Cipher cipher = Cipher.getInstance("RSA");
//PUBLIC KEY IS GETTING USED IN ENCRYPTING PLAIN TEXT
cipher.init(Cipher.ENCRYPT_MODE, keys.getPublic());
byte[] encryptedBytes = cipher.doFinal("Test String".getBytes());
//PRIVATE KEY IS GETTING USED IN DECRYPTING CIPHER TEXT
cipher.init(Cipher.DECRYPT_MODE, keys.getPrivate());
byte[] decryptedBytes = cipher.doFinal(encryptedBytes);
System.out.println("encrypted data ::: " + BaseEncoding.base64().encode(encryptedBytes));
System.out.println("decrypted text ::: " + new String(decryptedBytes));
}
Key Management Mode
The key management mode is used to determine the CEK. Each algorithm uses one of these modes.
Hereafter the list of available modes and algorithm associations:
Key Encryption: RSA1_5, RSA-OAEP, RSA-OAEP-256, RSA-OAEP-384, RSA-OAEP-512
Key Wrapping: A128KW, A192KW, A256KW, PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, A128GCMKW, A192GCMKW, A256GCMKW
Direct Key Agreement: ECDH-ES
Key Agreement with Key Wrapping: ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW
Direct Encryption: dir
How to determine the CEK?
With Key Encryption, Key Wrapping and Key Agreement with Key Wrapping, the CEK is a random byte string. Its size depends on the Content Encryption Algorithm.
With Direct Key Agreement, the CEK is the agreed upon key computed using the sender and receiver keys.
With Direct Encryption, the CEK is the shared symmetric key.
I'm creating a mobile application that connects to a web service. It needs to login to the system using a password. The password is stored on the server as a MD5 hashed password that was hashed using this method:
Byte[] Initial = <Key goes here>
MD5CryptoServiceProvider Provider = new MD5CryptoServiceProvider();
List<Byte> Encoding = new List<Byte>(Initial);
Encoding.AddRange(ASCIIEncoding.ASCII.GetBytes(inputString));
return Convert.ToBase64String(Provider.ComputeHash(Encoding.ToArray()));
The key and code to hash the password on the web application cannot be used in my Xamarin PCL project because it's not possible to use the 'MD5CryptoServiceProvider' in Xamarin PCL.
I need to create an equivalent method in the xamarin application to hash the password, before it's compared to the web service version.
To do this I have chose PCLCrypto but I can't seem to find anywhere to include the same key that was used to originally encrypt the password.
This is the Xamarin code:
Byte[] Initial = <the same key as was used to originally cache it>
// step 1, calculate MD5 hash from input
var hasher = WinRTCrypto.HashAlgorithmProvider.OpenAlgorithm(HashAlgorithm.Md5);
byte[] inputBytes = Encoding.UTF8.GetBytes(inputString);
byte[] hash = hasher.HashData(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("X2"));
}
return sb.ToString();
Thanks in advance for your help.
I have a solution but i use plateform specific code.
In xamarin.forms part you implement an interface like for example:
public interface SpecificCodes
{
Boolean comparePasswords(String userPassword,String DBPassword);
}
In xamarin.android you create a class which implements interface
[assembly:Dependency(typeof(MyProject.Droid.Code.SpecificPartsAndroid))]
namespace MyProject.Droid.Code
{
...
public class SpecificPartsAndroid: SpecificCodes
{
public Boolean comparePasswords(String userPassword, String DBPassword)
{
byte[] dig = hash(new Java.Lang.String(userPassword).GetBytes("UTF-8"),"MD5");
byte[] res=Base64.Decode(DBPassword,Base64Flags.Default);
return String.Compare(dig.ToString(),res.ToString())==0?true:false;
}
private static byte[] hash (byte[] toHash, String algorithm)
{
MessageDigest md = MessageDigest.GetInstance(algorithm);
return md.Digest(toHash);
}
}
}
In xamarin.ios do the same
And then to call your function use the code below in Xamarin.forms
DependencyService.Get<SpecificCodes>().comparePasswords(pwdUser, pwdHashed);
Hope it helps
Just using a hash function is not sufficient and just adding a salt does little to improve the security. Instead iIterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use functions such as PBKDF2, password_hash, Bcrypt and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force.
Protecting your users is important, please use secure password methods.
See How to securely hash passwords, The Theory on Security Stackexchange.
See OWASP (Open Web Application Security Project) Password Storage Cheat Sheet.
See Modern, Secure, Salted Password Hashing Made Simple
See Toward Better Password Requirements by Jim Fenton:
I am developing a website by using ASP.NET. I want to implement login authentication for my users. I am using SALT HASH method to securely save users' passwords to the DB. By looking at various codes I wrote a code like below to generate the SALT and the Hashed passwords to store in Database.
private string hashedPassword;
private string Salt;
private string SaltPlusPassword;
private const byte saltSize = 24;
byte[] saltArray;
byte[] hashedPasswordArray;
byte[] bytes;
public void Save_Login(string passWord)
{
using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
{
saltArray = new byte[saltSize];
rng.GetBytes(saltArray);
}
Salt = Convert.ToBase64String(saltArray);
SaltPlusPassword = String.Format("{0}{1}", Salt, passWord);
using (SHA256 sha = SHA256.Create())
{
bytes = Encoding.UTF8.GetBytes(SaltPlusPassword);
hashedPasswordArray = sha.ComputeHash(bytes);
}
hashedPassword = Convert.ToBase64String(hashedPasswordArray);
}
//Salt will be save to DB
//hashedPassword will be save to DB.
So I have few questions.
1) I read in an article that saying "make your salt is at least as long as the hash function's output" ok. What are the sizes for saltArray, hashedPasswordArray and bytes arrays which are declared in my code? I used saltArray size as 24. Is it ok?
2) What will happen if I use ?
bytes = Encoding.Unicode.GetBytes(SaltPlusPassword);
instead of
bytes = Encoding.UTF8.GetBytes(SaltPlusPassword);
3) What is the datatype should I use to store salt and the hashed password in the DB? ( My db is MYSQL )
4) Is there any performance difference if I use SHA256Managed instead of SHA256? Which is best?
5) Finally am I doing this in the right way? What are the weaknesses in above code? What are your suggestions?
Rather than deal with all these issues, why not use the built in identity management tools provided by ASP.NET. See here
http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity
Much more common and robust.
Is this how hashed password stored in SQL Server should look like?
alt text http://img28.imageshack.us/img28/2545/88871034.gif
This is function I use to hash password (I found it in some tutorial)
public string EncryptPassword(string password)
{
//we use codepage 1252 because that is what sql server uses
byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password);
byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes);
return Encoding.GetEncoding(1252).GetString(hashBytes);
}
EDIT
I tried to use sha-1 and now strings seem to look like as they are suppose to:
public string EncryptPassword(string password)
{
return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1");
}
// example output: 39A43BDB7827112409EFED3473F804E9E01DB4A8
Result from the image above looks like broken string, but this sha-1 looks normal....
Will this be secure enough?
Your're close, but not quite there.
For a secure hash, you will need a salt value in another column. Second, try to stay away from MD5 as a hashing provider. It's not as secure as SHA-1 or SHA-2. SHA-1 is included in .NET just like MD5 is.