Basically im encrypting a message in PHP using openssl. I have already generated a valid key pair (both saved to PEM files).
In vb.net im trying to use the private key to decrypt the message saved in the mysql database, but i cant seem to find a way to incorporate the private key into the decryption examples. All the examples i have found all concentrate on generating a key pair.
Anyone have any ideas?
Thanks in advance
Related
In a digital certificate issued to a domain, using an RSA cipher, I would like to find the prime number used in the encryption. In firefox you get the public key size and the public exponent e used in RSA. Is it then possible to find the modulus?
I have been told it is possible to find all the components of the RSA public key in the certificate.
Firefox does show the modulus. It shows it in hexadecimal, though, because it's a really big number and most people don't want it as a number.
If you click in the box it expands to the full text, then with some careful mousing you can select from the beginning to the end (the other way around seems to close the box).
The current stackoverflow.com modulus is E2:20:10:03:D8:01:7E:F7:14:BA:E3:4C:CC:36:96:38:03:E0:60:2E:95:17:E6:CA:06:1C:55:DB:F2:45:8C:C6:9C:12:39:B3:11:F2:C1:1A:CE:BD:1F:57:BA:DF:76:39:2C:F0:D5:B1:9D:55:DE:81:BE:C5:FE:B5:68:93:2D:59:83:F1:FB:9F:3E:BC:79:75:00:EC:D4:D8:F6:F4:8F:44:5A:B8:B2:24:D6:9A:90:84:BC:A3:8C:08:07:7B:15:48:32:96:AC:C3:16:39:BF:3B:B4:11:FF:94:CC:0D:26:73:61:A7:B8:C9:BC:28:0E:EB:32:E7:A0:10:A7:16:F4:1A:02:F8:89:FF:FD:97:3B:C3:6C:34:9F:62:E7:B1:C9:0C:5C:90:1B:63:55:60:92:80:AA:67:36:0F:17:AF:F7:A2:6C:13:F2:BB:7E:6E:79:E6:18:25:A5:8D:32:88:54:64:07:8A:B0:67:7D:07:5B:3B:27:DA:7E:73:A1:69:E5:D6:A1:F6:BC:0E:86:56:E8:72:9B:29:9B:08:A4:24:97:93:CC:33:91:C1:02:07:DC:C0:EC:4D:02:1E:31:4A:EA:71:2C:A4:85:93:6D:47:48:F4:91:FF:76:59:98:27:BD:A2:C7:81:BB:DA:A7:A8:E5:B2:63:9B:CB:68:47:5E:F8:F3.
Throwing that at a big number converter, such as https://www.mobilefish.com/services/big_number/big_number.php, and converting hex to decimal, gives 28545667559270722536328739022786592253819358506259770100402101435896071697903628977420219545326987103272186552420452973169159370835343752815436439028214107596377595573672473455033151197271343902899123866538498523276704745196410920898299228024215266960005847032342465925829796610222069401784309268841026345683372697803322805210779147292332915465882324168923726887448041529546541821503314352568777720204912372696110914871608165395895300061714914624066001642195838915022687649853436371063685464728624168828232056605406696894580332490208286479538969275877424497344433351991392941870270197646347642298881819314989427521779
Given a digitally signed PDF with a certificate I do not have the private key to, is it possible to alter the document, sign it with my certificate and keep the previous signature as 'history', that is, the old signature should not verify the integrity of the document, rather the user should just be able to see that it was once signed with this other certificate?
If it's your intention to remove the old signature (created with someone else's private key), alter the document, and add a new signature (using your own private key), then yes, that's possible.
If it's your intention to keep the old signature, and add a second (a so-called approval) signature (using your own private key), then it depends on the nature of the first signature (if that signature "locks" the document, it's not possible) whether or not you can alter the document in-between.
Moreover, altering the document will almost always invalidate the original signature. See Which operations are allowed on a digitally signed PDF? to find out which changes are possible (e.g. filling out a form field) and which changes are impossible (e.g. adding an extra page).
A not so elegant workaround that is used to tackle this by at least one of our customers, is to wrap the signed PDF in a PDF portfolio, and to add a cover page with additional info. A PDF portfolio is like a ZIP file that can be opened in Adobe Reader (and some other PDF viewers). That ZIP file can contain all kinds of other documents, including unaltered signed PDF's in which the signatures are kept intact.
I am working on an application in c# .Net where data needs to be encrypted and Since data privacy is my ultimate motive , I am doing it using AES Encryption and I use PasswordDervieBytes for determining the Secret Key. Now Since it uses SHA1 which is broken , I would like to know whether there is an in-built function which uses SHA256 for obtaining my secret key. I also know that RFC2898 can be used but then it also uses SHA1... So, Is there an In-built function which uses SHA256 algorithm ? Thank You in advance for your valuable answers !!
There is a SHA256Managed class that will hash the input. It will not encrypt it...
I am not sure if this is the correct place for this question as this might be more of a theory based question. But I was also interested in the C# implementation of the following. And how feasible it is
I am planning on using PGP for encryption and decryption of files. Is it possible to encrypt the file with two public keys (my public key and the receiver's public key) so that if i will be able to decrypt the file using either one of the private keys.
Is this scenario feasible?
Is so what is the direction I should take for a correct implementation of the same.
Any help would be highly appreciated
On high level (if you use any PGP API), yes, you can pass two or more public PGP keys to OpenPGP API (or software) and have the data encrypted. Then you would be able to use a PGP secret key that corresponds to any of used public PGP keys to decrypt the data.
On lower level - OpenPGP always generates a symmetric key for encryption of data, and then this key is encrypted using one or more public PGP keys, consequently there's no difference how many keys to use.
Now, what to use depends on what platform and development environment you are using (as this is a programming site we assume that you are going to encrypt data in code). For Linux and C there exists GnuPG library. For Java and C# there's some PGP support in BouncyCastle. Finally, OpenPGPBlackbox of our SecureBlackbox library provides full scope of OpenPGP functionality for a number of platforms and languages, including .NET, VCL, ActiveX and C++.
On a side note, the answer you've accepted is completely wrong so I strongly suggest de-accepting it.
Look at this wiki page:
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
What you will see that actual data is encrypted/decrypt with random key and this random key is encrypted/decrypted with according public/private key.
So, as result you don't have to encrypt a file (data) using two keys. You still encrypt the data with one random key. The only difference is that you encrypt this random key with multiple public keys (as example your's and receiver's).
As result, any of you will be able to decrypt random key using private key and decrypt data.
The question could also belong to crypto.stackexchange.com but it is ok here, too. I am not sure whether you have understood the principles of PGP. A public key is used to encrypt and the private key is used to decrypt. So if you encrypt it by using your public key the receiver uses his/her private key to decrypt and/or sign.
For more information I recommend you should read about the RSA or ElGamal algorithm. Hope it helps you:
http://en.wikipedia.org/wiki/RSA
http://en.wikipedia.org/wiki/ElGamal_encryption
http://en.wikipedia.org/wiki/ElGamal_signature_scheme
Both algorithms provide a good way where you could start. Or you maybe want to join some online courses provided by Stanford University:
https://www.coursera.org/course/crypto
https://www.coursera.org/course/crypto2
The only way I can see it working is to have a zip or tar archive containing two files: one encrypted with key 1, the other with key 2.
If the file is text, you could paste two, differently encrypted versions of the same original file into one document.
There is no way to encrypt a file so it is decryptable with two different keys that I know of.
I am developing an archiving system that stores documents in a database and provides various functionalities to the user. I have added a part to sign and verify any document in the database. However, I am stuck with the logic and wondering where should I place the signing function.
Hints about my aims:
No document should be uploaded on the database without a signatureIf a document is not changed it should retain its signatureIf the document does not own a signature .. it should be signed with uploader's signatureThe signature will not encrypt the file so it will still be readable after the signing process is applied
The initial solution I have used is to place the signing procedure in in the form that is called by the Upload button and store the signature of the file in a separate column in the Documents table in the database. However, that solution turned out to be invalid for my scenario as if an employee downloaded a file and then uploaded it again, then it will be signed by him and thus, the original signature will be lost. Also, the signature will be with no significance out side the system.
My main question:
Is there a way to store the signature inside the documents?
Hint: My system will deal only with PDF, JPEG, Tiff, MS Office and TXT Documents.
Subsidiary Request: It would be awesome if there's a way to store the signature in any type of files!
Is there a way to store the signature inside the documents?
A digital signature must be built using a hash of the document that is being signed. Since adding a signature to a document modifies the document (which invalidates the hash), there is no general solution to storing a digital signature inside a document.
Some document formats allow for digital signing and define what portion is to be excluded from the hash, but those formats that were listed—as far as I know—are not among them. (Though PGP could be used on TXT documents.)
Since signatures sign the hash of a document, you could simply create a table mapping hashes to signatures. Thus, downloading and re-uploading a document will not remove existing signatures, since the hash will remain the same. The usefulness of this approach depends, of course, on the semantic meaning of a signature in your system.