While using PyKCS11, I extracted a public key from a smartcard. Now, I need to hash that key with sha256. However, the public key object contains a lot of values:
CKA_ALWAYS_SENSITIVE: True
CKA_CLASS: CKO_PUBLIC_KEY
CKA_DECRYPT: False
CKA_DERIVE: False
CKA_ENCRYPT: False
(...)
CKA_KEY_TYPE: CKK_RSA
CKA_MODIFIABLE: False
CKA_MODULUS: (200, 163, 157, 146, 3, (...))
To hash the key (using hashlib) it is required only one of the attributes (it doesn't accept iterables).
What attribute should I use? I was thinking about CK_VALUE or CK_MODULUS, but the documentation on PyKCS11 doesn't make it very clear which one is correct.
Thanks
What you need to hash depends on what you require.
Generally the modulus is hashed, not the encoding of the entire key. Hashing the modulus will result in the same value for both the public and private key so that you can identify both as being from the same pair. The result or the leftmost bytes of the result are often used as key check value or KCV.
The modulus should be unique for each key pair. If it isn't your random number generator is likely broken or not well seeded (it can't hurt to check this if you generate multiple keys). So a hash over the modulus will uniquely identify your public key, even if the exponent wasn't hashed.
Related
After I imported SJCL AES key using new sjcl.cipher.aes(rawKey), how can I get rawKey value back from the key instance?
As far as I know it is not easily possible.
Looking at the code, the key is immediatly transformed using the S-Box. The result ist stored in this._key, so you could get that result and then use the reverse S-Box to restore rawKey. This should work, but just storing the key in a variable is of course way simpler.
In Jedis, I want to set some key and value with expiring time by a single invocation.
I can do this by combination of set() and expire() but it needs two invocations.
I found the following method:
set(final String key, final String value, final String nxxx, final String expx, final long time)
But I have to choose nx (Only set the key if it does not already exist.) or xx (Only set the key if it already exist.).
I want to cover both cases.
Any suggestion? Or any reason to be written like this?
Redis has a SETEX command, which sets the key with an expiry.
jedis.setex(key, expireAfter, value);
This question is so misleading. nx and xx are indeed for different use cases and mutually exclusive. If you want to simply overwrite any expiry, simply don't pass in none of below:
NX -- Set the key only when the key doesn't exist
XX -- Set the key only when the key has existed
I use this function in order to encode an input:
Public Function encodeStrings(ByVal MyPass As String, ByVal MyUName As String) As String
Dim ENPass As String = Nothing
Dim password As String = (MyPass + MyUName)
Dim mhash As HashAlgorithm = New SHA1CryptoServiceProvider
Dim bytValue() As Byte = System.Text.Encoding.UTF8.GetBytes(password)
Dim bytHash() As Byte = mhash.ComputeHash(bytValue)
mhash.Clear()
ENPass = Convert.ToBase64String(bytHash)
Return ENPass
End Function
Now I need to decode this variable and get back the original string.
Does anyone know how to do that? I'm using VB.NET in my project.
No, there is no way to decode it. The SHA1CryptoServiceProvider implements a hashing algorithm. According to the MSDN:
Computes the SHA1 hash value for the input data...
SHA-1 is, by definition a hashing algorithm. According to the Wikipedia article:
In cryptography, SHA-1 is a cryptographic hash function designed by the United States National Security Agency and published by the United States NIST as a U.S. Federal Information Processing Standard. SHA-1 produces a 160-bit (20-byte) hash value. A SHA-1 hash value is typically expressed as a hexadecimal number, 40 digits long.
That is why it inherits from the HashAlgorithm base-class rather than the SymmetricAlgorithm base-class. Since it uses a hashing algorithm, that means that it is one-way encoded. The original string will always result in the same encrypted value, but there is no way to decrypt it to get back to the original value, since many different strings could result in that same encrypted value (although, with cryptographic hashing algorithms, such as SHA1, that is unfeasible).
If you think about it, that's the only thing that makes sense. If the SHA-1 algorithm always results in a hash code which is 20 bytes long, then that means you could encode a 1 gigabyte string and it would still only be 20 bytes long as an SHA-1 encrypted hash value. Surely you don't think that those 20 bytes contain all of the data that was originally stored in that 1 GB string. If that were the case, zipping files would be far more effective :)
Typically, when a cryptographic hashing algorithm is being used, it would be for something like storing a password. In that case, the issue is not how to decrypt the password, but rather, to encrypt the newly entered password and then compare the two encrypted values to see if they are the same. If the two encrypted values are the same, then you know that the user entered the right password. If the two encrypted values are not the same, then you know that it is incorrect (but you still don't know what the right password would be).
If you need a 2-way encryption algorithm, you need to use one which inherits from SymmetricAlgorithm, such as the AesCryptoServiceProvider class.
I tried adding some sample score-value pairs to redis sorted set using below code:
String key = "set";
redis.zadd(key, 5, "1034");
redis.zadd(key, 2, "1030");
redis.zadd(key, 1, "1089");
and tried retrieving it using byteArray and BitSet
byte[] byteArr = redis.get(key.getBytes());
BitSet bitSet = fromByteArrayReverse(byteArr);
System.out.println(bitset.toString()));
also i tried executing
System.out.println(redis.get(key.getBytes()));
which is supposed to give me an address of the byte-array
But for both of these commands i get the error
" ERR Operation against a key holding the wrong kind of value"
So can anyone please tell me why does this error occur in the first place and also the correct redis command/code to retrieve values from a redis sorted-set??
What you want is calling
ZSCORE key "1034"
Or in the case of wanting only elements between two particular scores
ZRANGEBYSCORE key lower upper
Since you also have "rank" (position or index, as in a list) you can also ask for example for the first three elements in your set
ZRANGEBYRANK key 0 2
The error you are getting is because once you assign a value to a key, that value defines the type of the internal structure on redis, and you can only use commands for that particular structure (or generic key commands such as DEL and so on). In your case you are trying to mix sorted sets with byte operations and it doesn't match.
To see all sorted set commands, please refer to http://redis.io/commands#sorted_set
Is there any documentation on what the bignums in the body are?
Like here is an example pubkey.
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBMgigwcBaB3sqogC/yVPANQJKjMwOvrdOKhBIVlI2eOIq6FEyzNI8cbRDbHo5muipun922bLoV+p/dPZ2/8wJ+zugLM8eCdsr+VbYZ3T5wb7bjd2swePOWtffnsXnHiP8aWyRj64vd/mRPR1gYErg8vb7vM5c4B2ANKHs/rP65Bw== rsa-key-20100514
It contains 3 bignums with the sizes 7, 1, 128. Now I am assuming the 128 is the key while the 7 is the shared. But what about the other one? Also the privkey contains a lot more bignums which I have no idea what they are.
Edit:
So apparently what I am looking for is the format of the private key blob. I have searched and all I have found are references to the name and not the actual format.
The number with size 1 is the "version". What you observe is the encoding of a structure which contains the key elements. The structure follows ASN.1 conventions and encoding rules. In the case of RSA, the contents of the public and private keys are specified by PKCS#1 (see annex C for the ASN.1 specification, and section 3 for the human readable text).