encryption-asymmetric | 易学教程

Can you do symmetric encryption on SAML attributes in SAML 2.0?

阅读更多关于 Can you do symmetric encryption on SAML attributes in SAML 2.0?

Can you do symmetric encryption on SAML attributes in SAML 2.0? We can seem to do asymmetric. What are pros and cons? Ian SAML 2.0 utilizes XML Encryption (Sect 5.2.1 and 5.2.2). With that said, Sect 4.2 of the SAML 2.0 Conformance docs specifies you must support the following to be SAML 2.0 compliant: Block Encryption: TRIPLE DES, AES-128, AES-256. Key Transport: RSA-v1.5, RSA-OAEP In other words, SAML 2.0 mandates you use asymmetric keys. So, the "cons" will be that you are not SAML 2.0 compliant if you utilize symmetric encryption of SAML Attributes which will lead to interopability issues

Does KeyStore entry will be lost when application is uninstalled?

阅读更多关于 Does KeyStore entry will be lost when application is uninstalled?

问题 I am generating an Asymmetric key pair in the Android key store as below: I have used the public key for symmetric key wrapping and storing the wrapped key to a file. When I try to unwrap symmetric key using the private key, I am able to do with in that instance. Once my application is re-installed, I am unable to get the key store entry with the alias. Please help? KeyPairGenerator kpg = KeyPairGenerator.getInstance( KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore"); kpg.initialize(new

Generate EC Diffie-Hellman public and private key pair

阅读更多关于 Generate EC Diffie-Hellman public and private key pair

I need to generate an EC Diffie Hellman key pair. I am using the secp256r1 named curve, and OpenSSL. This is what I have with me so far: unsigned char *ecdh(size_t *secret_len) { EVP_PKEY_CTX *pctx, *kctx; EVP_PKEY_CTX *ctx; unsigned char *secret; EVP_PKEY *pkey = NULL, *peerkey, *params = NULL; /* NB: assumes pkey, peerkey have been already set up */ /* Create the context for parameter generation */ if(NULL == (pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))) printf("Error in EC key generation\n"); /* Initialise the parameter generation */ if(1 != EVP_PKEY_paramgen_init(pctx)) printf("Error in

Bouncy Castle PGP Decryption Issue

阅读更多关于 Bouncy Castle PGP Decryption Issue

问题 I've had a application using Bouncy Castle for PGP decryption which has run without any issues for the past 8 months or so, and the past 2 days all of a sudden an issue has come up where the GetDataStream method is throwing an exception: Exception Message: "error setting asymmetric cipher". Inner Exception Message : "Not an RSA key". private static PgpObjectFactory getClearDataStream(PgpPrivateKey privateKey, PgpPublicKeyEncryptedData publicKeyED) { // Exception throws here. Stream

Opening an RSA private key from Ruby

阅读更多关于 Opening an RSA private key from Ruby

I think I know how to create custom encrypted RSA keys, but how can I read one encrypted like ssh-keygen does? I know I can do this: OpenSSL::PKey::RSA.new(File.read('private_key')) But then OpenSSL asks me for the passphrase... How can I pass it to OpenSSL as a parameter? And, how can I create one compatible to the ones generated by ssh-keygen? I do something like this to create private encrypted keys: pass = '123456' key = OpenSSL::PKey::RSA.new(1024) key = "0000000000000000#{key.to_der}" c = OpenSSL::Cipher::Cipher.new('aes-256-cbc') c.encrypt c.key = Digest::SHA1.hexdigest(pass).unpack('a2

Does KeyStore entry will be lost when application is uninstalled?

阅读更多关于 Does KeyStore entry will be lost when application is uninstalled?

I am generating an Asymmetric key pair in the Android key store as below: I have used the public key for symmetric key wrapping and storing the wrapped key to a file. When I try to unwrap symmetric key using the private key, I am able to do with in that instance. Once my application is re-installed, I am unable to get the key store entry with the alias. Please help? KeyPairGenerator kpg = KeyPairGenerator.getInstance( KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore"); kpg.initialize(new KeyGenParameterSpec.Builder( Constants.KEY_STORE_ALIAS_NAME, KeyProperties.PURPOSE_ENCRYPT | KeyProperties

SSL + Additional Layer of Encryption

阅读更多关于 SSL + Additional Layer of Encryption

问题 I'm wondering what to do in the case of a customer asking for a second layer of encryption on top of SSL? For example, I have an SSL tunnel, and the customer wants me to then use symmetric key encryption on data flowing through that tunnel. The symmetric key is session-based and sent from the server to the client over the original SSL tunnel. I am failing to see how this is more secure. If the SSL tunnel is compromised, then in theory, so is the symmetric key that is sent from the server to

Should one use Cryptographic message syntax (CMS) for this task?

阅读更多关于 Should one use Cryptographic message syntax (CMS) for this task?

问题 I've the task to transfer small binary messages (1 or 2 kb long) between a desktop application and mobile devices. The messages should be encrypted asymmetrically (RSA for instance). From what I've learned one should use a hybrid cryptosystem for this kind of task: Generate random symmetric key Encrypt plain text with symmetric key (using AES for instance) Encrypt symmetric key with public key Transmit cipher text and encrypted symmetric key I'd like to not invent an own format for storing

Ok, so I've encrypted my data now where do I hide the key?

阅读更多关于 Ok, so I've encrypted my data now where do I hide the key?

问题 I have a database that contains sensitive information. I can encrypt / decrypt the data on the read write operations. The problem is that I need to store the key in the application. If someone has hacked their way in such they have access to the database then they can also grab the application (java) decomplie it and pull the key. This seems like a speed bump at best. What other solutions are available? 回答1: The only thing you can do is make it difficult to extract the key from your

Delphi asymmetric encryption

阅读更多关于 Delphi asymmetric encryption

问题 I'm looking for a Delphi implementation of an asymmetric encryption algorithm without any dependencies on external DLLs. Is there any available? My goal is to encrypt/decrypt a string (or array of bytes) using a public/private key pair. 回答1: SecureBlackBox from Eldos offers a native, comprehensive solution - including certificate management and access to external crypto devices (i.e. USB tokens) 回答2: LockBox is now improved. It allows long keys for RSA, AES cipher and is in active development