I am wondering if there are any functionalities that are explicitly provided in openssl but not in crypto++, or vice versa.
I am trying to write a unified interface to both the libraries so that I can switch between using an underlying crypto library without modifying my calling source code. At this point, I want to figure out if there is anything substantial that can only be done in one of those libraries. I know that the basic hashing, encryption and signing functionalities are provided in both.
Any comments or points of wisdom will be appreciated. Thanks.
I am wondering if there are any functionalities that are explicitly provided in openssl but not in crypto++, or vice versa.
Yes, there are lots of differences between them.
OpenSSL is more similar to Peter Gutmann's Cryptlib and GNU's GnuTLS. Perhaps even Jack Lloyd's Botan. I don't think OpenSSL and Crypto++ is a good comparison.
Crypto++ provides more low level cryptographic primitives. Crypto++ provides nothing related to TLS and DTLS. Crypto++ is like a low level cryptographic Swiss army knife.
OpenSSL provides some low level cryptographic primitives, support for hardware modules, and working TLS and DTLS implementations. Because it supports hardware, it provides a PKCS 11 interface. Because it supports TLS and DTLS, it has richer socket support and an X509 parser.
There are many other similarities and differences. If you want to know a specific similarity or difference, then you need to ask about a specific feature.
You might also want to look at the OpenSSL wiki's Related Links page. It lists other, similar libraries.
Related
This is the article published by Microsoft for encrypting/decrypting data using RSA:
https://learn.microsoft.com/en-us/dotnet/standard/security/walkthrough-creating-a-cryptographic-application
As a relatively new person into the cryptography world and having read a comment on stackoverflow saying that cryptography should use a hybrid model, I researched that and it seems that hybrid models use AES and RSA for encryption and I was wondering if the example provided by Microsoft fits into the hybrid model since it uses both and if is constructed well enough and not just for novice devs just venturing into the world of cryptography.
I already have a working example where an app would encode and another would decode by loading the private key file, similar to the example.
I found an article here:
https://www.codeproject.com/Tips/834977/Using-RSA-and-AES-for-File-Encryption
He creates signatures and manifests and I'm wondering if this is what I'm looking for is Microsoft's example generally just enough, or weak?
PS: I removed the key container code and persistence as I don't want to persist or store my keys on the local machine, instead they are exported as standalone files to be stored in a DB maybe, so I'm not looking for opinions on that part at the moment.
and not just for novice devs just venturing into the world of cryptography
Well, at least it tries to define some kind of protocol, although very sparse. It also uses CBC mode (implicitly, never a good idea) and RSA with PKCS#1 v1.5 padding for encryption. Most people would opt for OAEP if RSA is used and use an authenticated cipher such as GCM.
I already have a working example where an app would encode and another would decode by loading the private key file, similar to the example.
Bad idea, the example is for file encryption, not for transport mode security, for which you need a secure transport protocol. Both the RSA implementation and CBC implementation are malleable, and are both susceptible to padding oracle attacks as well.
I don't want to persist or store my keys on the local machine
You need to establish trust, something that is missing from the example. And to establish trust you do need to persist your keys, especially if they have been randomly generated.
In the end, asking if something is secure depends on context: you need to know what your goals are and then check if the protocol provides enough protection to achieve these goals.
This is also my problem with these generic examples or wrapper classes; they make no sense to me, as the generic security that they seem to provide may not fit your use case; I'd rather design a protocol specific to the use case.
I'm watching a football game # https://watch.foxtel.com.au/ and I saw in the inspector the site loads the file:
https://watch.foxtel.com.au/app/static/js/npm.crypto-js.7f96017841bd7fff1e02.chunk.js
I think this relates to https://www.npmjs.com/package/crypto-js
Does that NPM package relate to cryptocurrency or cryptography?
Help appreciated.
crypto.js is purely a cryptography library, without a focus on cryptocurrency specifically.
Looking at the docs, indeed crypto.js does support ECDSA over secp256k1, and SHA256, the primary cryptographic primitives used in most Bitcoin derived cryptocurrencies.
I guess technically you could leverage its hashing functions to mine, and its ECDSA signature functions to create BTC transactions, but it certainly wouldn't be a library I would use writing an attack like that, there are many other libraries much better suited.
If you used crypto.js for cryptocurrency related work, one would have to build out all of the cryptocurrency specific stuff from first principles, (e.g. conversion of elliptic curve points (after scalar multiplication) to valid public keys, and on to base58 encoded Bitcoin addresses, etc).
It's much more likely it was used to leverage a cryptographic primitive for authentication or equivalent.
Update:
This actually just looks like the crypto module from Node, thus definitely not cryptocurrency related.
Any ideas/suggestions on how to implement the OpenPGP standard to use the HSM to handle cryptographic operations. PKCS11 is the standard to communicate with the HSM, and it is very primitive comparing to the OpenPGP standard.
I am using the Pkcs11Interop library to integrate with the HSM, and BouncyCastle to implement the OpenPGP standard. Does anyone have any experience integrate them together, or have some code examples?
For example, generating keys in an OpenPGP format correspond to some calls to the PKCS11 APIs and the steps may need to take a certain order. Is there any client library that may abstract all that and call a GenerateOpenpgpKeyPair which the HSM can understand (Ideal solution)? Otherwise, I would like to not have to rigorously go through the RFC4880 implementing every last detail and making sure that specific bytes are in the right positions. So ideally I'm looking for a OpenPGP formatting library where I can supply it with an AES key (encrypted with the recipient public key), as well as the AES encrypted signed message, and then the library would make sure that it fits the OpenPGP format.
I need to implement an authentication procedure between a reader an NFC tag but being my knowledge limited in this area I will appreciated some aid in order to understand few concepts.
Pardon in advance for rewrite the Bible but I could not summarize it more.
There are many tags families ( ICODE, MIFARE, NTAG...) but after doing a research I think NTAG 424 DNA matches my requirements(I need mainly authentication features).
It comes with AES encryption, CMAC protocol and 3-pass-authentication system and here is when I started to need assistance.
AES -> As I am concerned this is a block cipher to encrypt plain texts via permutations and mapping. Is a symmetric standard and it does not use the master key, instead session keys are used being them derivations from the master key. (Q01: What I do not know is where this keys are stored in the tag. Keys must be stored on specialized HW but no tag "specs" remark this, apart from MIFARE SAM labels.)
CMAC -> It is an alteration of CBC-MAC to make authentication secure for dynamically sized messages. If data is not confidential then MAC can be used on plain-texts to verify them, but to gain confidentiality and authentication features "Encrypt-than-mac" must be pursuit. Here also session keys are used, but not the same keys used in the encryption step.(Q02: The overall view of CMAC may be a protocol to implement verification along with confidentiality, this is my opinion and could be wrong.)
3-pass-protocol -> ISO/IEC 9798-2 norm where tag and reader are mutually verified. It may also use MAC along with session keys to achieve this task.(Q03: I think this is the upper layer of all the system to verify tags and readers. The "3 pass protocol" relays in MAC to be functional and, if confidentiality features are also needed, then CMAC might be used instead of single MAC. CMAC needs AES to be functional, applying session keys on each step. Please correct me if I am posting savages mistakes)
/*********/
P.S: I am aware that this is a coding related forum but surely I can find here someone with more knowledge than me about cryptography to answer this questions.
P.S.S: I totally do not know where master and session keys are kept in the Tag side. Have they need to be include by a separate HW along with the main NFC circuit ?
(Target)
This is to implement a mutual verification process between tag and reader, using the NTAG 424 DNA TagTamper label. (The target is to avoid 3ยบ parties copies, being authentication the predominant part instead of message confidentiality)
Lack of knowledge of cryptography and trying to understand how AES, CMAC and the mutual authentication are used on this NTAG.
(Extra Info)
NTAG 424 DNA TT: https://www.nxp.com/products/identification-security/rfid/nfc-hf/ntag/ntag-for-tags-labels/ntag-424-dna-424-dna-tagtamper-advanced-security-and-privacy-for-trusted-iot-applications:NTAG424DNA
ISO 9798-2: http://bcc.portal.gov.bd/sites/default/files/files/bcc.portal.gov.bd/page/adeaf3e5_cc55_4222_8767_f26bcaec3f70/ISO_IEC_9798-2.pdf
3-pass-authentication:https://prezi.com/p/rk6rhd03jjo5/3-pass-mutual-authentication/
Keys storage HW:https://www.microchip.com/design-centers/security-ics/cryptoauthentication
The NTAG424 chips are not particularly easy to use, but they offer some nice features which can be used for different security applications. However one important thing to note, is that although it heavily relies on encryption, from an implementation side, that is not the main challenge, because all of the aes encryption, cmac computation and so on is already available as some sort of package or library in most programming languages. Some examples are even given by nxp in their application note. For example in python you will be able to use the AES package from Crypto.Cipher import AES as stated in one of the examples of the application note.
My advice is to simply retrace their personalization example beginning at the initial authentication, and then work your way up to whatever you are trying to achieve. It is also possible to use these examples in order to test the encryption and the building of apdu commands. Most of the work is not hard, but sometimes the NXP documents can be a bit confusing.
One small note, if you are working with python, there is some code available on github which you might be able to reuse.
For iOS, I'm working on a library for DNA communication, NfcDnaKit:
https://github.com/johnnyb/nfc-dna-kit
I am studying Cryptography and I need to develop Java or C code to break DES(Data Encryption Standard). I am aware of the algorithm used in DES but I don't know how should I go about coding in Java or C. I have heard about the Java Cryptography Architecture but I am not sure how to use it ? Can someone provide me with a short tutorial for the same ?
Thanks
Depends on how you attempt to "break" DES... I assume you are trying to decrypt a given ciphertext (ciphertext-only attack).
Apart from a library that is capable to support DES en-/decryption what you should probably additionally look for is a library that supports cryptanalysis to get a feel for how to implement this. Brute-forcing would require no such library, it's as simple as iterating over the possible values for a 56 bit key and trying to decrypt your ciphertext. You can take virtually any programming language for this, as long as it supports DES.
If you want something more sophisticated, e.g. linear or differential cryptanalysis, a good introduction is Modern Cryptanalysis. The code samples in that book use Python. You, too, could consider using a high-level language such as Python or Ruby because it speeds up your development process compared to implementing things in let's say C, and you won't have to deal with nasty errors due to memory management, pointers etc. Both Python and Ruby do support DES encryption and decryption. The downside is that your code will probably be more performant in a lower-level language (provided you're doing it right) - so if speed is of the essence, C in combination with OpenSSL (or any other crypto library with DES support) would be a good choice.
Examples for cryptanalysis libraries
mediggo
EverCrack
crypTool
See the security section of the DES Wiki entry for references on DES attack vectors1.