Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Is it possible to force gpg to do in-place encryption? In other words, to overwrite the source (unencrypted) file with encrypted data?
This is how ccrypt(1) operates by default.
The answer is basically no, not without custom code.
gpg can operate on pipes, so if there were an easy way to destructively send data to a pipe, this might be doable. But there isn't.
Another idea to keep from using up the disk quickly is encrypt chunks at a time (in custom software).
while !eof:
read()
encrypt()
write()
seek()
It appears that ccrypt is able to operate in-place because the encrypted data is the same length as the decrypted data (I know little of crypto, but this might just be a general property of block ciphers). GPG/PGP does stuff like compressing and adding headers, so the output data won't be the same length. If it is shorter, no problem (the above custom code should work). If it is longer, more work would need to be done to place overflow somewhere else.
This custom code adds complexity (and obscurity) to encryption and decryption.
gpg does it by opening a new file using the original filename and appending a .gpg extension, then writing the encrypted data out to the new file. if everything works fine, it deletes the original file.
I don't think you'd want to use actual in-place encryption, where it would read a byte, crypt it, write it back out to the file, etc... what happens if something kills the gpg process half-way through? You've now got a corrupted file, with half of the plaintext dangling in the breeze.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I would love to make my own data encryption method like Base64 and such. (preferably in Python.)
Would it be secure if I assigned "a" to for say a random number between 1-100 and a random letter or such. (for example 53f) and other letters are combinations and its random. But then how would I make a decoder, sorry for the long question haha. Thanks!
Do not start by making your own encryption method. Start by reading Bruce Schneier's Memo to the Amateur Cipher Designer.
Then write your own versions of the simpler existing ciphers: Caesar, Vigenere, (both of historical interest) RC4, Feistel. That will help you with the structure of ciphers, particularly RC4 -- a stream cipher and Feistel -- a block cipher framework.
Base64 is not a cipher, as has been pointed out. It is a useful exercise to write your own Base64 encoder/decoder, though most modern languages include one in their library anyway. That exercise helps you practice bit manipulations.
When you have done all that, find an implementation of AES that you are happy using. Any cipher you devise will not be as secure as AES.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have a list of numbers. I will be calling a service(let's say accountant service) which is going to perform some operation on these list of numbers and will return me the final result.
I don't want to pass my data in plain format. I want to encrypt numbers in such a way if service performs any arithmetic operation and return me the result, I will be able to decrypt it back with actual result.
Yes. You can use something called Homomorphic encryption, which "is a form of encryption that allows computation on ciphertexts, generating an encrypted result which, when decrypted, matches the result of the operations as if they had been performed on the plaintext." With this type of encryption, they can be Partially homomorphic or Fully homomorphic. A fully homomorphic encryption can support arbitrary computation (also called "bignum arithmetic" or "Arbitrary-precision arithmetic"), whereas partially homomorphic algorithms cannot. As stated on the cryptography stack exchange by user mikeazo in this thread,
ElGamal is a semantically secure, multiplicativey homomorphic cipher. Paillier is a semantically secure, additively homomorphic cipher.
The user also elaborates further and mentions a significant downside of this form of encryption:
Homomorphic ciphers typically do not, in and of themselves, do not provide verifiable computing. In words, you encrypt your data, send it to the cloud and let the cloud compute on it for you. How do you know the cloud performed the correct computation? To get this sort of guarantee, other machinery is needed.
In your case, you would be sending it through an (I am assuming) reputable API, so this may not be a concern of yours.
From my research, your best bet will probably be Gentry's cryptosystem. To use this (in a program), HElib should work fine.
In the future, crypto.stackexchange.com would probably be a better place for this type of question
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
We want to store our passwords for FTP, websites, databases, etc. You can compare our software to keypass but we wanted to do our own solution.
The passwords will be encrypted and stored in a database. We can't use checksums because we need to show the passwords in plaintext.
The problem is that we couldn't find a good solution to store the private key. If it's written in the code, you can get it quite easily. If it's hidden in a dll, you can't hide it effectively, because the machine has to use it. All users of our software have full access to the source code, the database with the encripted passwords and are admins on their PCs, so they could read the code when it's used.
We thought about storing the private keys in a seperate database which is accessed with another password but the key will be used anyway.
So, we're not getting anywhere. We are aware that there is no 100% save solution for this but there got to be an almost safe one.
First i would advise against writing your own solution, there are so many ways to do it wrong, and you need to invest a lot of time to know about all important points.
You don't need to store a key anywhere, just use the key to encrypt the data then forget the key. For decrypting you use the key as entered, if the key is correct you get back the data, otherwise you get back scrambled content.
Because users do not like to type strong keys and prefere passwords, you should use a key-derivation function like BCrypt or PBKDF2 (Password-Based-Key-Derivation-Function-2), which can translate a password to a key.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am making a program in Qt5.2.1 and in it I am using a text file to store some data. I would like to encrypt it and decrypt it inside the program and display the text stored in the file in a QPlainTextEdit ( or any other similar widget).
I searched and came across Qcryptographichash but i have no idea how to use it. I read somewhere that it does not provide a very secure encryption but that doesn't matter ( I am not expecting hackers to try and read this file).
So, could anyone guide me in the right direction, maybe even give me some code. :D
QCryptographic hash creates a hash from given data. That is a one-way process, so the it will not do what you want, namely encrypt the data in a form that can be retrieved via decryption.
You can read more about the difference between encryption and hashes here.
You need to research into possible encryption algorithms. To my knowledge, that's not something that is part of Qt.
It's a large area of on-going research; there are so many to choose from, as you can see here.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
This question is partly theoretical and partly practical. A perfect answer would answer theoretically why, and practically how.
Question
Given an encrypted file, and a non-encrypted version of the same file, can the encryption key be recovered? More specifically how might one achieve this?
Background
I have some backup files from a colleagues old machine. They have been stored in an encrypted 7zip file. The file table has not been encrypted, so it should be possible to isolate individual files. What I don't have is the actual encryption key (due to a storage medium failure). I do however have some unencrypted files which are also in the container. How can I use these to recover the whole archive?
As others have said, this is a "Known Plaintext Attack". All good cyphers are proof against such an attack. Any cypher which cannot withstand such an attack never gets off the starting blocks.
The best suggestion is to find out the specific encryption method used and look for specific weaknesses in that particular method. Alternatively, ask people who knew the key if they can remember even part of the original password. "It began with a D" will reduce the work you need to do to brute force it by a factor of 26 or 52.