Hey stackoverflow community,
I was wondering if anyone knew of any built-in Flex libraries that support encryption/decryption. I see that most people recommend AS3Crypto, are there other alternatives?
In particular, looking for one that supports DES encryption.
Thanks!
as3corelib offers some encryption functionality, you may find it a little more approachable than as3crypto library. Can browse as3corelib here
https://github.com/mikechambers/as3corelib/
Related
I am using AES-GCM from crypto-js presently. The intent would be to change to RSA for the asymmetric cryptography. Is the following statement correct https://community.postman.com/t/http-message-signing-using-rsa-sha256/1791
?
However, CryptoJS doesn’t support RSA, and it’s the only crypto
library available in the Postman Sandbox. So I’m sort of stuck, unless
I implement a RSA-SHA256 signing algorithm myself.
Now, I’ve noticed that crypto-js hasn’t had a single commit for a year
on GitHub,
I would really prefer to stick with the crypto-js library since it was difficult to use the built-in SubtleCrypto and now we have a framework built around the crypto-js libraries. That would basically have to be scrapped to go to SubtleCrypto. Pointers appreciated.
As #Topaco mentions the crypto-js is a symmetric encryption library only. I did pivot to tweet-nacl and it is working well.
I have a problem when attempting to implement AES/RSA encryption on J2ME,
that problem being that bouncycastle (a library that supports java and specially J2ME) is too big for implementation on a mobile phone solution (about 860 classes in total without the test and example classes).
I've googled around and the only alternative I can really find is JCE... which in itself is also too big.
Does anyone here know a way to implement it in a very small solution? Or a "tiny" library that I can use? (like for instance for TEA: http://www.winterwell.com/software/TEA.php)
If you are willing to do a little work you should be able to take the Bouncycastle J2ME source code as a starting point and with judicious use of copy and paste implement just RSA and AES very compactly.
UPDATE:
Just as an exercise I tried this myself. It took about 45 minutes of copying and light editing to produce 27 Bouncycastle classes that completely implemented AESEngine and RSAEngine exactly as they are in Bouncycastle J2ME sources. But I did no testing of them at all, namely because I don't really understand what to do with my Netbeans J2ME project that I created them in.
How about you try the lightweight API version? Go to Bouncy Castle's latest release page and download the J2ME build. Its just about 7MB - much lighter in size.
I need to use AES encryption in my embedded Erlang application, but OpenSSL is unavailable for my target system and so the crypto library from OTP can't be built. I probably could cross-compile OpenSSL as well, but I would prefer a pure Erlang solution to remove another dependency. Does one exist?
Looked at this a while ago and found no nice solution other than OpenSSL/crypto. Sorry.
Unless someone made a new library recently but I haven't heard about it since then.
It's more likely that someone has already solved the problem of easily installing OpenSSL on your target system. Would focus my energy on that instead.
The crypto module has been OpenSSL dependent for a long time. The pure Erlang version might not be impossible, but it will be very very slow and will not be practical in use.
We need a paid for supported Encryption / Decryption API for a project - AES >256?
I dont want the developers coding their own encryption / decryption even using the built in stuff. To many chances to go wrong.
Links to sites much valued.
UPDATE
Due to the fact as many have said - Its hard to understand if you are not familar with encryption, and get a small thing wrong and its busted...
I have seen answers and will be getting our own encryption/decryption from the builtin - but all the team will need to peer review.
For information BlowFish.Net is good, and performs faster than the builtin crypto routines, which when you start to look at encrypting/decrpyting data into a database can have some massive perf issues ...
http://www.codinghorror.com/blog/archives/001268.html
"even using the built in stuff"
The reason that it's built in is so that people have tested, reliable algorithms available to use that implement standards, not black box third party APIs that might not. What are the "chances to go wrong"?
Maybe you need to switch to Java, you can always opt to use third party JSSE providers there if you're paranoid about the built-in provider.
Bouncy Castle is a well respected and well developed .NET encryption library that is usually recommend for these sorts of questions. But what's wrong with using the System.Security.Cryptography Namespace? - it is extremely secure, very fast and doesn't require any external libraries. Here's an example of how to implement it.
Oh, and "using the built in stuff" will mean it is less likely to go wrong. Your developers won't be coding their own classes, just using the interfaces available which are easy to use and have been very rigorously tested.. Also, the "built in stuff" will be well supported by Microsoft, so if you want to upgrade to C# 4.0 (or C# 5.0 in the future?) you probably won't need to change your code at all.
If you were to use a 3rd party library you would most likely still run into the same issues, which basically boil down to not understanding the pitfalls of encryption.
Without a decent understanding you'll most probably make mistakes with key management, or using bad initialisation vectors or keys. These are issues you'll need to understand to tackle regardless of whether you use the inbuilt libraries (which are fine), or a 3rd party library.
If its something you feel worried about enough, the best recommendation is probably to bring in someone, or better yet - train up people to understand encryption.
Use the builtin 'stuff'. But make sure you use it in the correct mode.
After reading a bit more about how Gnutella and other P2P networks function, I wanted to start my own peer-to-peer system. I went in thinking that I would find plenty of tutorials and language-agnostic guidelines which could be applied, however I was met with a vague simplistic overview.
I could only find very small, precise P2P code which didn't do much more than use client/server architecture on all users, which wasn't really what I was looking for. I wanted something like Gnutella, but there doesn't seem to be any articles out in the open for joining the network.
RFC 4981, with its huge bibliography, could be a very good starting point.
I had to write a basic Gnutella client in C# using Web Services and I think the class notes on the P2P stuff are still available here and here.
You might have better success researching Bittorrent, I believe that the creator has written some papers, and it seems others are as well.
BitTyrant
Bittorent.org, see the developers section
I don't know what platform you are trying to use, but here is a decent article on the subject for .NET.
I've found the TheoryOrg Unofficial BitTorrent Specification to be the best online source for Bittorrent information. Also, the Monotorrent code is fairly simple and easy to understand. There's also a project called "GCT" which implements JGroups style P2P for LAN/Multicast environments, and its code is similarly easy to understand (if a bit buggy).
You can try to read Gnutella2 and try to implement messaging. For reading conceptual material you can read Distributed Systems by Andrew Tannenbaum.
You can have a look at JXTA. It's intention was to be a generic, platform agnostic p2p framework, in contrast to other p2p implementations which are usually for a very specific purpose (such as Gnutella).
Don't be fooled by it's Java appearance, there are binding available for C/C++/C#, but the core protocols are implemented in XML which should translate to any language.
You can also download a free book here.