I am implementing an encryption algorithm with a product. I would like to understand how bouncy castle handles the defaults like Initialization vector and so on. But I am not able to get any breakpoint working in intellij, I think it has got something to do with JCE provider.
Related
Error: java.io.IOException: Could not transmit message
Issue details: We are running our application with Jboss AS 5.1 and OpenJDK 7 (version 1.7.0_261), servers are Red Hat Linux CentOS 5.
We have a legacy application that makes several web service calls to NetSuite, after the recent NetSuite update of obsoleting the old cipher suites all our calls started failing. TLSv1.2 protocol is enabled (with -Dhttps.protocols=TLSv1.2 in run.conf), since it is Java 7 we added bouncy castle security jars to increase the supported cipher suites (as recommended in this comment by Igor: https://stackoverflow.com/a/49154932/2308058), with this, we were able to get the REST Web Service calls working but we are getting the error - org.bouncycastle.tls.TlsFatalAlertReceived: internal_error(80) for SOAP WS calls.
Other things we tried but nothing seem to bring us luck yet:
Explicitly adding cipher suites that are supported by NetSuite in run.conf with -Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Adding TLS protocol with tls.client.protocol in run.conf - -Djdk.tls.client.protocols=TLSv1.2
Added self-signed cert to keystore
Added NetSuite's cert to Java cacerts
SOAP calls are working fine with Java 8 but moving this legacy application to Java 8 and Wild Fly is a very heavy lift so we are looking for alternative options.
Any suggestions on getting this resolved would be very helpful, please! TIA!
TlsFatalAlertReceived means a fatal alert was received from the peer (i.e. NetSuite failed). internal_error would usually mean that something went wrong in the implementation itself, rather than any configuration match like cipher suites, however I don't know how careful NetSuite is about its choice of alerts. In any case, apart from guessing what the issue is, the real next step is to look at the NetSuite server logs to find what's failing.
We are using crypto package in our node js app. The thing is we do not want the developer to know about the encryption algorithm we implemented. However, the developer would be knowing the encryption algorithm and the encryption key as they can view the source code of the encryption algorithm.
So my question is: is it possible to compile the encryption algorithm into a file like dll(.NET) or jar file (java) and include it in the project (open source solution). If not, how to prevent developer from viewing the source code?
The final expectation is the developer will know we use crypto package, but do not know we use what algorithm and key we implemented.
Note: I do not expect solution of restricting file access to the user nor hosting it in another environment.
node-ffi is a Node.js addon for loading and calling dynamic libraries using pure JavaScript. It can be used to create bindings to native libraries without writing any C++ code.
https://github.com/node-ffi/node-ffi
The question pretty much sums it up. Are ECDSA and ECDH available for mono? If they are not, will they be?
No they are not available inside Mono BCL, nor Xamarin.iOS or Xamarin.Android.
There's a bug report for each of them, ECDSA and ECDH, so you might want to add yourself on c.c. to know when this will change. Right now there's no time table to include them.
Microsoft .NET supports both,
http://msdn.microsoft.com/en-us/library/system.security.cryptography.ecdsacng.aspx
http://msdn.microsoft.com/en-us/library/system.security.cryptography.ecdiffiehellmancng.aspx
From both Mono source code and documentation you can see that ECDSA and ECDH are not supported, as the corresponding classes are missing,
https://github.com/mono/mono/tree/master/mcs/class/System.Core/System.Security.Cryptography
http://docs.go-mono.com/?link=N%3aSystem.Security.Cryptography
For Xamarin.iOS and Xamarin.Android which are derived from Mono, you might check if there are any native library to call.
You can try to use "The Legion of the Bouncy Castle". It's fully written in .NET and supports many signature and encryption algorithms. I found it a bit tricky to use, there's not a lof of documentation, but it works.
Try to find a NuGet package or visit their website:
http://www.bouncycastle.org/csharp/
I have a PGPPublicKey object. I want to get a list of all signatures(with UserId, email Id, trust level for each singature) associated with it using Bouncy Castle API. I tried but couldn't get it. If anyone has an example link or knows which method to use to get it, please let me know.
I've never used these classes but I thought it might be helpful to post some resources.
It looks like the Bouncy Castle OpenPGP releases include some examples.
I recommend using these examples to solve your problem. Specifically, it looks like you will need to use PGPSignatureList and PGPSignature classes which are utilized in the examples. However, I don't see emailId in any of the classes.
SignedFileProcessor.java: A simple utility class that signs and verifies files.
DetachedSignatureProcessor.java: A simple utility class that creates seperate signatures for files and verifies them.
Also, http://www.bouncycastle.org/documentation.html suggests the following.
Finally there are also code examples from Beginning Cryptography with Java which demonstrate both the use of the JCE/JCA and also some of the Bouncy Castle APIs such as for certificate generation, CMS and S/MIME. Note: the book was written to cover J2SE 5.0, while many of the examples will work with earlier JDKs, some will not compile if you are not using J2SE 5.0 or later.
I'd like to incorporate security features in my standalone XULRunner app. Specifically, I'd like to use security certificates to validate the app executable as downloaded by a user. From what I've seen, its called code signing. But I'm very green in this area. Any pointers on how to proceed? Thanks in advance.
The certificate functionality built into XULRunner isn't meant to validate signatures of Windows executables - you would need to use Windows functions for that (e.g. via js-ctypes). Not going to be simple however, here you can see how that check works in C++ code.
However, if you are merely downloading an update to your application then maybe using an HTTPS connection would be sufficient - the origin of the executable is verified then (won't help you if that server is hacked however).