I need the algorithm about encrypt and decrypt using RSA algorithm. Now I have public key, private key, and string text. The questions are
I need to know how to encrypt it. Encrypt each character in text or encrypt whole text.
How to decrypt it when ciphertext has only number. How to divide number to decrypt.
p.s. Sorry about my bad English. = ="
The standard way is:
Generate a key of symmetric algorithm (for example, AES).
Encrypt the text with them.
Encrypt this key with RSA using, for example, PKCS#1 notation.
Compose an output structure containing ciphertext, encrypted key and other service information (symmetric algorithm identifier, recipient ID, etc.). Most used format is noted in RFC 5652.
You can take each character from the string take it ascii value encrpyt it and then again convert it into text and store.do it for all characters.This will be your encrypted text.Like wise do it for decryption..
hope it helps
Related
I'm looking for a way to encrypt main password using short key/pin and decrypt it by this pin every time.
I tried to generate hash (sha256) from short key given by user and cut off the hash to desired length, decode it to bytecode and use as Fernet
Piece of code:
pin = self.pin_ent.get()
key: str = hashlib.sha256(pin.encode()).hexdigest()[10:-10]
f = Fernet(key.decode())
but python rise the error
ValueError: Fernet key must be 32 url-safe base64-encoded bytes.
It is unclear what you mean with "desired length". SHA-256 creates a 32 byte hash value (without the hex encoding that you added). You just need to base64url encode it, as the error description suggests.
A PIN is not suitable for encryption purposes as it is too easy to try all possible PIN values, and try to decrypt the stored password. If you'd use a normal-strength password to encrypt the other password (which seems counter-productive, but hey) then SHA-256 is not secure either, you'd have to use a PBKDF such as PBKDF2 to strengthen the password.
Conceptually, can a digital signature vary if it is generated multiple times for the same input data with SHA256 hashing and PKCS7 formatting.
Thank you for any help.
If data is same, SHA256 hash would be same and PKCS7 signature, using same private/public key pair, may be same unless it contains time stamping.
As it stands, I have written a python3 project to encrypt a file (using AES) and a public/private key system (RSA) to encrypt the AES key.
My current predicament is as follows, what is the best approach to get the encrypted AES key to the recipient ? My program does NOT depend on the medium for sending of the files, rather just the files are securely encrypted. In other words, once a user chooses a public key of the recipient, there is no peer-to-peer communication.
Is naming the file the RSA encrypted AES key a bad idea ?
I dont have extensive knowledge of cryptography as such, so any suggestions are welcome
If you know the recipient public RSA key you can use RSA-KEM (KEM : Key Encapsulation Mechanism). RSA-KEM for a single recipient with AES-GCM simply as follows;
The Sender;
First generate a x in [2..n-1] uniformly randomly, n is the RSA modulus.
Use a Key Derivation Function (KDF) on x,
key= KDF(x)
for AES 128,192, or 256-bit depending on your need. Prefer 256.
Encrypt the x,
c = x^c mod n
Encrypt the message with AES-GCM generate an IV and
(IV,ciphertext,tag) = AES-GCM-Enc(IV,message, key)
Send (c,(IV,ciphertext,tag))
The receiver;
To get x, They are using their private exponent d,
x = c^d mod n
Uses the same (KDF) on x to derive same AES key,
key= KDF(x)
Decrypts the message with AES-GCM
message = AES-GCM-Dec(IV,ciphertext,tag, key)
Note 1: This is actually a composition of a KEM and a DEM (data encapsulation mechanism; an authenticated cipher serves as a DEM). This provides the standard of IND-CCA2/NM-CCA2—ciphertext indistinguishability and nonmalleability under adaptive chosen-ciphertext attack. That is the minimum requirement for modern Cryptography.
Note 2: If you want to send the key itself as you described, to prevent the attacks on textbook RSA, you will need a padding scheme like OAEP or PKCS#v1.5. RSA-KEM eliminates this by using the full modulus as a message.
Note 3: The above described RSA-KEM work for a single-user case. RSA-KEM for multiple users will fall into HÃ¥stad's broadcast attack. Instead use RSAES-OAEP, this makes it safe for multiple recipients with the same x encrypted for different recipients. This will make it very useful to send the message multiple recipients instead of creating a new x for every recipient and encrypting the message for each derived key (as PGP/GPG does).
I am trying to determine the hash used to encrypt the following strings. From the length of the strings I gather it is a 32 bit hash however Adler32 and CRC32 do not give me the same values.
The original string and hashed value are as follows:
0145 : 68333235
0231 : F538CBE5
0343 : E16BE4A9
Any help would be appreciated.
NO, it's not a encrypted string that you will decrypt and find out. Rather it's a hashed string value of the original string and the best way to match is to generate hash value again using the same (or available's) hashing technique and compare the generated hash value to confirm it.
I need to transmit some data over the wire and I don't want that data being plain text.
The text I'm sending needs to be reversed so I can't md5/sha256/etc...
What's a good way to encode a salted string?
You're looking for encryption.
What language are you using? You probably have a built-in encryption algorithm you can use.
The idea with hashing is that you can only go one-way.
[plain text]--->(HASH ALGORITHM)--->[hash]
Whereas the idea with encryption is that you can use a key together with some plaintext to create a ciphertext. Then you can use the key on the ciphertext to retrieve the plaintext at any time:
[plain text] + [key] --->(ENCRYPTION ALGORITHM)-->[ciphertext]
[ciphertext] + [key] --->(DECRYPTION ALGORITHM)-->[plain text]
The decryption algorithm for a given encryption algorithm is usually very similar to the encryption algorithm, and it allows for the retrieval of a plaintext message given a ciphertext and the correct key (ie password).
You want to use an encryption function, not a hash - which by definition is one-way.
The AES encryption algorithm would be a good start, as the is probably the most widely used one at present.
You don't want a hash, you want encryption. You should look at Blowfish.