secret-key

问题 My aim is to write a Java program to encrypt a text file ( cipher text ) using AES algorithm . And then, write another program to decrypt that encrypted file ( cipher text ) to get the plain text back. I want to use same key (same key, generate once, save it somewhere, and use it in both encryption and decryption program) for encryption and decryption process. If I generate key and do the encryption and decryption line by line in the same program then it works perfectly. Here is the working

问题 I am deploying my Rails app to GAE, whose codes are stored in github. Obviously, I need to hide my secret key and database password. In Heroku, I can set them in environment variables very easily and nicely using Heroku GUI, so it won't appear in any source code or database. What about GAE? I cannot set them in app.yaml because: .gitignore is not an option: Even I hide app.yaml file or alternative json file by .gitignore, I have to save it in my local computer. It means that Only I can deploy

问题 public static string Encrypt(string toEncrypt, string secretKey) { byte[] keyArray; byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(toEncrypt); var md5Serv = System.Security.Cryptography.MD5.Create(); keyArray = md5Serv.ComputeHash(UTF8Encoding.UTF8.GetBytes(secretKey)); md5Serv.Dispose(); var tdes = System.Security.Cryptography.TripleDES.Create(); //set the secret key for the tripleDES algorithm tdes.Key = keyArray; //mode of operation. there are other 4 modes. //We choose ECB(Electronic

问题 I am about to use the following script to encrypt and decrypt some data. I am using it because my current encryption does not work on our new server. We are currently using mcrypt so I want to change to openssl. In our database we use aes encryption which uses a 128bit key so I know what a key is, but I do not know what an openssl iv is? And why would I need a key and an iv. The code I am about to use is this, which I found on a website because I don't understand encryption very well.

问题 I am using Rails 4.1.1 and ruby 2.0.0 I've currently ignored my secrets.yml file to my gitignore for github. secrets.yml development: secret_key_base: numb3r57ndl3tt3r5 test: secret_key_base: differentnumbersandletters13531515 production: secret_key_base: <%= ENV["SECRET_KEY_BASE'] %> If this production key is dynamic, where does it read it from? Where do we provide that info? How does that info get to heroku without getting to github? I already have a secret key environment variable in my

问题 it is the first time I ask for something so sorry if I'm not enough precise! I tried to upload my rails app on heroku using enabling the user-env-compile to manage my secret keys but I have an error "No such feature: user-env-compile". I checked on Heroku devcenter and seems that user-env-compile has been deprecated and replaced by the ENV_DIR argument. Here the link: https://devcenter.heroku.com/articles/labs-user-env-compile I cant really get what to do! can someone explain better to me

问题 Is the following java code sufficient for clearing the secret key in memory (setting all of its byte value to 0)? zerorize(SecretKey key) { byte[] rawKey = key.getEncoded(); Arrays.fill(rawKey, (byte) 0); } In other words, does the getEncoded method return a copy or reference to the actual key? If a copy is returned, then how can I clear the secret key as a security measure? 回答1: Before trying to clear the key, you should check first if the implementation of the SecretKey interface also

问题 I'm currently working on a client-server application in Java. Due to the requirements for the application I need to encrypt the traffic between client and server and decided to use a hybrid encryption approach where the server generates a public/private RSA key pair and the client generates an AES session key which will be encrypted using the RSA public key. As I'm completely new to encryption in Java I didn't start implementing it directly into my application so I don't crash anything. I set

问题 Thank you for taking the time to read this, I am a young developer, with some professional experience in web projects and server-side coding, but I am now building my first mobile application and after an in-depth research online I have not been able to clarify some questions I had about securing the data transfers from a mobile application. Here is what I think I understand correctly : By implementing an SSL certificate (and optionally SSL-pinning on the client) you prevent to a large extent

问题 I'm looking for a means to programmatically tell Notes to generate a secret key (like File, Security, User Security, Notes Data, Documents). Is there such? It does not appear so. The goal is to be able to have a template that auto-provisions all of the secret keys necessary for that application to operate. 回答1: As Richard mentions there is no direct way to fully automate this, but you can automate some of it. In Domino 9 it is possible to create secret keys via the Domino console. So you