Does openssl have a "raw" (non-EVP) interface to do AES GCM encryption and decryption? I'm looking for something comparable to AES_cbc_encrypt() or DES_ede3_cbc_encrypt(), but for AES GCM. I found the openssl EVP interfaces for AES GCM but I can't find any information on any non-EVP interface.
I understand the EVP interface has many advantages for general purpose use, but I'm doing some tests where a non-EVP interface would be easier to use.
Once I was looking for it and I couldn't find any non-EVP implementation of it. According to the OpenSSL site 'the enc program does not support authenticated encryption modes like CCM and GCM'.
But it seems AES GCM only supported in TLS v1.2 (according to 'https://www.openssl.org/docs/manmaster/apps/ciphers.html').
Related
I having searched the web,
I am unable to find any comprehensive
introduction into the crypto library of
Solidity.
I am most interested in doing asymmetrical decryption / verifying signatures.
But I am unable to find any way short of implementing RSA decryption
myself, to implement such a verification.
And the first rule of cryptography for a programmer is: Do not implement a cipher yourself.
Because of the limited execution environment, implementing some crypto libraries in Solidity would be too expensive. Also, there are not many use cases for deciphers outside of built-in ones.
I have a challenging question. How can I define new ciphersuites such as an encryption scheme A with AES256 (Hybrid) in combination with a Signature scheme B in order to operate it with Bouncycastle TLS 1.3 or TLS 1.2.
I do not want to use predefined ones from bouncycastle.
What are the steps towards doing this? Is there a fast way?
The same also for JCE?
Many thanks for your great help.
I am using cryptography concepts in my application. Some Encryption and decryption techniques and salt values are hard coded and IV values are using those techniques. Before I publish the app I need to obfuscate to my code. I am using XCode 6.2 version with updated OS. Please share with me techniques about how to do it.
Neither "decryption techniques " nor iv need to be kept secret, only the encryption key. Good security requires using proven methods and cryptographic primitives not secret methods. Developer created cryptographic methods are usually insecure and lack peer review for flaws, the standard methods have been well researched and vetted for security flaws.
Shipping with the key embedded in the code is a problem, the key should be randomly generated (or in some similar process) at first-run and stored in the Keychain.
I am using AES for encryption on a java system and decrypting it back on a javascript platform. What is the best way for a secure key exchange over such system ?
As #owlstead said, there is no such thing as "best way": analyze your security and performance requirements and choose a well-tried protocol as SSL/TLS.
Note: AES is indeed a symmetric crypto-system, for key exchange we usually start with an asymmetric protocol to agree on a symmetric key. Then this key is used to protect the following communication with a symmetric protocol.
I am going to do a Finalyear-project on two-factor authentication,where the second factor as digital certificate with the username/password.I have an idea of doing it for the web applications,how to do this with Java with sample digital certs. and is there any way that i can make use of any Cryptographic algorithms? what are the drawbacks associated with digital certficates?Please give me some details.
The easy approach is to use x.509 certificates. Oracle's Java™ PKI Programmer's Guide looks like it provides an excellent overview of the Java APIs necessary to use x.509 certificates. Many Java developers use the Bouncycastle package for additional cryptographic APIs.
The nice part of using x.509 certificates is that nearly everything supports them. You can easily plug x.509 client certificates into most web browsers and most web servers can be easily configured to accept them. Setting up your own Certificate Authority is pretty easy with the TinyCA program. (The openssl command line tools aren't awful, but TinyCA makes it point-and-click easy to get everything right.)
The biggest downside to x.509 is probably the awkwardness involved in setting up your own CA -- so many programs have a list of CA Root Certificates that are baked into the program and supplying your own Root Certificate can be annoying -- somehow you have to transport that file to your clients in a manner that prevents tampering. (A task that would be easier if your CA root were already in the software.)