[prev in list] [next in list] [prev in thread] [next in thread]
List: bouncycastle-crypto-dev
Subject: Re: [dev-crypto] RE: Identity symmetric key id used to encrypt
From: David Hook <dgh () lockboxlabs ! com>
Date: 2011-06-23 0:36:55
Message-ID: 1308789415.4176.5.camel () konkolo
[Download RAW message or body]
There's a couple of problems, the first one is you're posting to the
wrong list, you should be posting to dev-crypto-csharp@bouncycastle.org
Most of the people on this list only deal with the Java API.
The other thing is you need to make sure the mode you're using in C# is
the same as the mode that was used in C (at the moment I think you're
assuming ECB), and you need to make sure you're converting the key
correctly (if the key is a hex string what you are doing will not work).
Regards,
David
On Tue, 2011-06-21 at 09:32 -0400, Tzippa Levine wrote:
> I was looking at this thread.
> I am wondering if its in response to my question.
> I wrote a question regarding blowfish.
> I am hoping one of you can help me out.
> I tried a few different approaches but was not successful
>
> Here is my original question:
> Please I am not so familiar with encryption and I need to get this
> decryption working so if you could help me out I would greatly
> appreciate it.
>
>
> I know in C its block by block encryption and in .net its string(byte
> array) encrytion.
> I get an error trying to decrypt regarding the padding.
> I dont think that is the issue.
> Here is the decryption code:
> public static String Decrypt(String encValue)
> {
>
> if ( encValue.StartsWith("A"))
> {
> string newstringa = encValue.Substring(1,
> encValue.Length - 1);
> encValue = newstringa;
> }
>
>
> // Byte[] decValueAsBytes = BlowFish(false,newstring);//
> Convert.FromBase64String(newstring));
> Byte[] decValueAsBytes = BlowFish(false,
> Convert.FromBase64String(encValue));
> String decValue =
> ASCIIEncoding.ASCII.GetString(decValueAsBytes);
> return decValue;
> }
> Maybe changing between string and bytes is causing issues.
> private static Byte[] BlowFish(Boolean doEncrypt, Byte[] input)
> {
> BC.Paddings.PaddedBufferedBlockCipher _cipher;
> _cipher = new BC.Paddings.PaddedBufferedBlockCipher(new
> BC.Engines.BlowfishEngine());
>
> Byte[] keyAsBytes =
> System.Text.ASCIIEncoding.ASCII.GetBytes(key);
> _cipher.Init(doEncrypt, new
> BC.Parameters.KeyParameter(keyAsBytes));
>
> return _cipher.DoFinal(input);
> }
> the _cipher.DoFinal(input) line gives a pad corruption error.
> Please if you can advise if there are any differences I need to be
> aware of between openssl (c) and bouncycastle(.net) and how can I fix
> this issue.
> Thank you
>
>
>
> On Tue, Jun 21, 2011 at 2:45 AM, Mohan Radhakrishnan
> <mohanr@fss.co.in> wrote:
> Hi,
>
> I will use the SHA-1 hash.
>
> If the files are big then I have to write the files to
> the XML
> doc's encrypted date tag in parts so that the entire file is
> not loaded
> into memory. But it looks like it has to be done in one shot.
> That could
> be a performance problem here.
>
>
> Thanks,
> Mohan
>
> -----Original Message-----
> From: Arshad Noor [mailto:arshad.noor@strongauth.com]
> Sent: Saturday, June 18, 2011 4:54 AM
> To: Mohan Radhakrishnan
> Cc: dev-crypto@bouncycastle.org
> Subject: Re: [dev-crypto] RE: Identity symmetric key id used
> to encrypt
>
> For what purpose? As an identifier or for integrity checks?
> If its the former, then you're likely to run into collisions;
> if its the latter, why bother cutting of the SHA-1 when you
> have to do it again to get the checksum? You may as well just
> use the SHA-1 hash for the integrity check directly.
>
> Arshad Noor
> StrongAuth, Inc.
>
> On 06/15/2011 11:44 PM, Mohan Radhakrishnan wrote:
> > I am not planning to wrap the EK but maybe something like
> this from
> > http://www.w3.org/TR/xmlenc-core/ could help ???
> >
> > 5.6.1 CMS Key Checksum
> > Some key wrap algorithms make use of a key checksum as
> defined in CMS
> > [CMS-Wrap]. The algorithm that provides an integrity check
> value for
> the
> > key being wrapped is:
> >
> > 1.Compute the 20 octet SHA-1 hash on the key being wrapped.
> > 2.Use the first 8 octets of this hash as the checksum value.
> >
> > Thanks,
> > Mohan
> >
> >
> > -----Original Message-----
> > From: Mohan Radhakrishnan
> > Sent: Thursday, June 16, 2011 12:05 PM
> > To: dev-crypto@bouncycastle.org
> > Subject: RE: [dev-crypto] RE: Identity symmetric key id used
> to
> encrypt
> >
> > Hi,
> > That is useful for us. I am investigating.
> > I think I might need to hash the key id in the XML so
> that there
> is
> > a guard against key id change after the cipher data is
> stored as XML.
> >
> > There are secondary file system access controls in place
> anyway but
> this
> > might be required.
> >
> > Thanks,
> > Mohan
> >
> > -----Original Message-----
> > From: Arshad Noor [mailto:arshad.noor@strongauth.com]
> > Sent: Tuesday, June 14, 2011 10:59 PM
> > To: Mohan Radhakrishnan
> > Cc: dev-crypto@bouncycastle.org
> > Subject: Re: [dev-crypto] RE: Identity symmetric key id used
> to
> encrypt
> >
> > Mohan,
> >
> > There are a number of different ways you can approach this:
> >
> > 1) Use XMLEncryption to wrap meta-data and ciphertext into a
> single
> > file; you can now figure out all details about the
> encryption
> > used in that file just by parsing the XML;
> > 2) You can do the same thing as XMLEncryption with PKCS7
> blobs (to
> > the best of my understanding; I have personally never
> programmed
> > to PKCS7, so I'm not 100% sure about this);
> > 3) You can create your own (non-portable) data-structure and
> keep
> > the meta-data with the ciphertext.
> >
> > We have been using XMLEncryption in our solutions for years
> without
> > any ill-effects. Hope that helps.
> >
> > Arshad Noor
> > StrongAuth, Inc.
> >
> > On 06/14/2011 12:03 AM, Mohan Radhakrishnan wrote:
> >> Hi,
> >> I will try to rephrase my questions.
> >>
> >> We receive and send numerous files. A local backup is AES
> encrypted.
> > There might not be any time to open the files, add a key
> check value
> and
> > close the files to denote which key encrypted what file.
> Moreover
> adding
> > a KCV like that to each file could confuse the operations
> personnel.
> >>
> >> 1. Can I keep track of which files were encrypted by which
> AES key
> > using a cryptographic method ?
> >> 2. Is a key derivation function helpful ? Note I am already
> using a
> > 32-bit key which cannot be changed in the near future. So
> even if a
> KDF
> > is implemented the function should be able to generate the
> key I
> already
> > have ?
> >> 3. How does using one key for authentication and one for
> encryption
> > helpful in this scenario ?
> >>
> >> Maybe this is not possible without understanding more
> advanced
> > concepts and in that case I will read up.
> >>
> >> If AES keys cannot be tracked like this then I might start
> using GPG
> > keyrings which I believe are more easily tracked.
> >>
> >> Thanks,
> >> Mohan
> >>
> >> -----Original Message-----
> >> From: Mohan Radhakrishnan
> >> Sent: Tuesday, June 07, 2011 11:51 AM
> >> To: dev-crypto@bouncycastle.org
> >> Subject: RE: [dev-crypto] RE: Identity symmetric key id
> used to
> > encrypt
> >>
> >>
> >> Hi,
> >>
> >> 1. KCV adds to the file with financial transactions.
> No idea
> how
> > adding meta-data works .
> >> 2. Is there documentation to read about how Key
> derivation
> > functions in the case of AES keys work ?
> >>
> >>
> >> Thanks,
> >> Mohan
> >>
> >> -----Original Message-----
> >> From: Maarten Bodewes [mailto:maarten.bodewes@gmail.com]
> >> Sent: Monday, June 06, 2011 10:44 PM
> >> To: Mohan Radhakrishnan
> >> Cc: dev-crypto@bouncycastle.org
> >> Subject: Re: [dev-crypto] RE: Identity symmetric key id
> used to
> > encrypt
> >>
> >> On Mon, Jun 6, 2011 at 6:34 AM, Mohan
> Radhakrishnan<mohanr@fss.co.in>
> > wrote:
> >>>
> >>> Am I assuming wrongly that the key itself is encrypted and
> stored
> > along with
> >>> the encrypted data in the case of PGP encryption ?
> >>>
> >> Nope, as it is highly inefficient to perform encryption of
> the data
> >> using asymmetric crypto, most of the time the symmetric key
> is
> >> encrypted instead.
> >>
> >>>
> >>> This might be a common issue faced by many. We
> have
> > multiple types
> >>> of files being encrypted by AES keys in JCEKS keystore.
> Earlier
> when
> > we
> >>> used BC's GPG API I came across a way to identify which
> key
> encrypted
> > what
> >>> data. Something like this is being discussed
> >>>
> >
> here.http://bouncy-castle.1462172.n4.nabble.com/OpenPGP-examples-decrypt
> > ion-issues-td1594831.html
> >>>
> >>> Are there are algorithms used for identifying which AES
> key
> encrypted
> > what
> >>> data ?
> >>>
> >> I would suggest you do it the other way around: why not use
> a master
> >> key and use something like the file path within a key
> derivation
> >> function?
> >>
> >> If the data may be bigger than the original, you could
> store a KCV in
> >> front of your data. A KCV is simply one block of zero's
> encrypted
> >> (ECB) with the key. If you want to be even safer you might
> want to
> use
> >> a key derivation function to create two keys, one for
> authentication
> >> and one for decryption. Similarly, you could prepend the
> data, or add
> >> meta-data if your filesystem allows it.
> >>
> >> ... stuff cut ...
> >>>
> >>> I don't want to introduce any spurious identifier manually
> into the
> > cipher
> >>> text. There should be a way to do this that does not
> require use to
> > remember
> >>> or write down everything ?
> >>>
> >>
> >> Hmm, only for very special means of "should" I'm afraid.
> >>
> >> Regards,
> >> Maarten
> >>
> >
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic