We are using the api CryptProtectData and CryptUnprotectData from the Crypt32.lib for encryption and decryption in our C++ application.
Is this lib and the Api FIPS 140-2 compliant?
Related
WebRTC uses DTLS for encryption of SCTP (data). Furthermore it uses DTLS for key exchange of SRTP (media). But I do not quite understand, whether it also uses DTLS for encryption of SRTP. So my question: Does WebRTC use DTLS solely for key exchange (DTLS-SRTP) or does it encrypt SRTP additionally to its internal encryption mechanism (at least optionally)?
Why I am asking:
RFC 6904 as well as RFC 3711 state that SRTP provides authentication, but not encryption, of the headers of RTP packets. So only the payload of SRTP is encrypted by design.
What confuses me:
Many sources claim WebRTC to be fully end-to-end encrypted.
I am especially interested in the implementation of WebRTC in gstreamer.
DTLS is used for the handshake, but then the keys are extracted and a SRTP context is initialized.
I am not familiar with GStreamer, but in Pion WebRTC we connect via DTLS here. The WebRTC clients negotiate which side is a DTLS Server and which is a DTLS Client via the SDP.
When the DTLS handshake is complete you then export the keying material, you can see that here
If you are interested in seeing how SRTP works you can check out pion/srtp. It is pretty simple though, it is just AES and then you generate an authentication tag. You can see it all here
I am trying to build TCP Chat application in C#. So far I managed to build working Chat application and to crypt messages that should be sent through the app with AES algorithm.
Now I would like to encrypt the password used for AES with RSA algorithm.
Does openssl have a "raw" (non-EVP) interface to do AES GCM encryption and decryption? I'm looking for something comparable to AES_cbc_encrypt() or DES_ede3_cbc_encrypt(), but for AES GCM. I found the openssl EVP interfaces for AES GCM but I can't find any information on any non-EVP interface.
I understand the EVP interface has many advantages for general purpose use, but I'm doing some tests where a non-EVP interface would be easier to use.
Once I was looking for it and I couldn't find any non-EVP implementation of it. According to the OpenSSL site 'the enc program does not support authenticated encryption modes like CCM and GCM'.
But it seems AES GCM only supported in TLS v1.2 (according to 'https://www.openssl.org/docs/manmaster/apps/ciphers.html').
I developed a secure SMS-exchange application that uses RSA (1024-bit) for session key exchange and Twofish (128bit) for SMS encryption. I used Bouncy Castle API. At this point, I need the application to be able to verify (other) users’ public key. I want this done by verification of users’ X. 509 digital certificate as in regular PKI. How do I go about generating an X.509 digital certificate that can be used on mobile phones (on the j2me application)?
Environment:
1. Websphere 7
2. Microsoft platform
Both are exposed to public using an instance of IBM WebSEAL and TAM infrastructure.
Application running on Websphere uses IBM TAI++ mechanism to provide SSO to client.
Application running on microsoft implements SSO by talking to user repository (proprietary SSO).
WebSEAL allows LOW ciphers, Both application allow only HIGH ciphers
Issue:
App running on Websphere 7 is responding to the requests from client using LOW encryption, however, application on microsoft is failing handshake for LOW ciphers.
If the app on Websphere is accessed with direct URL (not through WebSEAL), it successfully fails the LOW cipher requests.
How to restrict allowed ciphers to HIGH only?