I need to encrypt a block of data using AES-128-ECB and would like to do so with libsodium and Ruby. I have prototyped a solution in Ruby using OpenSSL APIs as shown below:
aes = OpenSSL::Cipher::Cipher.new("AES-128-ECB")
aes.encrypt
aes.key = key
aes.update(data) + aes.final
This works, but I need other features from libsodium, so I would like to use it instead and get rid of my dependency on OpenSSL. Unfortunately, I don't see any APIs for ECB mode. I am also using the ruby wrapper RbNaCl, but I don't even see any way to do this using the base libsodium APIs. I do see ones for AES-128-CTR.
Is it possible to encrypt AES-128-ECB with libsodium?
libsodium intentionally doesn't support the ECB mode.
In this mode, the same block encrypted twice produces the same ciphertext twice.
A classic illustration of why this is terrible from a security perspective is the ECB penguin.
Instead of providing many primitives, modes and parameters to choose from, with many combinations actually being insecure, libsodium provides a cherry-picked set of secure constructions.
AES-ECB is not one of them, and will never be for the reasons stated above.
You really should switch to a different construction.
Related
i want to use other ciphers other than AES-128 / AES-256 which are standard hard coded into \vendor\laravel\lumen-framework\config\app.php and even Encrypter or McryptEncrypter use those.
Where i have to make changes so it can use other supported ciphers/modes , documentation provided dont have any information..
phpinfo()
mcrypt support enabled
mcrypt_filter support enabled
Version 2.5.8
Api No 20021217
Supported ciphers cast-128 gost rijndael-128 twofish cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes arcfour
Supported modes cbc cfb ctr ecb ncfb nofb ofb stream
lumen version 5.1.*
You would need to create your own implementation of Illuminate\Contracts\Encryption\Encrypter
Create a new service provider for your implementation. You can follow Illuminate\Encryption\EncryptionServiceProvider as a loose guide.
Replace the service provider Illuminate\Encryption\EncryptionServiceProvider::class, in app/config.php for the one you just created.
If you didn't change the first parameter in the singleton() function and left it as encrypter, that should be all you need to do. If you did modify it, you also will need to create a new facade and update the aliases array in app/config.php.
My webhost, iPage, has not yet made bcrypt available for cgi scripts, and because it's not my server I can't install bcrypt myself using pip or easyinstall etc. My question is, would it be possible to download the bcrypt tarball to my pc and unzip and load the directories and files to my iPage site tree myself? Thanks!
Bcrypt is just a standard that can be implemented in different ways.
I'm not familiar with "iPage" but it sounds like you only have file access.
All you need to do is find a library that implements bcrypt in whatever cgi scripting language you are using, and then include and use it in your code.
For example if you are using php, you will look for a php library that offers bcrypt. You might find this library which implements bcrypt in php. All you need to do is add the password.php under the lib directory to your site, then in your php scripts that need bcrypt simply require the new file and you should be able to use its functions. See the library documentation for information on that.
I'm using Ruby and the Savon gem to interact with SOAP/WS and would like to auto-generate the client request methods from the WSDL in Ruby.
Before I do this, I'd like to know if there's any other Ruby/SOAP library that does this?
Edit: Please note, I already know this isn't available in Savon out the box, in fact my intention is to add in the feature, I'm in the process checking if this exists somewhere else written in Ruby.
Since it's only few days since you asked this question, and I've run into same problem I've decided to create small script to do that.
Download - save as objects.rb for example and run with _bunde exec objects.rb path_to.wsdl_
https://gist.github.com/4622792
Let me know if it works ^^
Take a look at Savon's spec, it has pretty rich testing environment
I think ads_common by Google is relevant to you.
google-api-ads-ruby/ads_common at master ยท googleads/google-api-ads-ruby
rake generate can create the client libraries automatically from WSDL.
It is specialized for Google Ads, but this notion would be helpful to create a versatile client library automatically from WSDL in Ruby.
I need to create an automated test using Watir that requires a password to be written into a text field, but I don't want to have the password in plain view in the script. Is there a way to encrypt/decrypt a password within Watir?
I know python uses the base64 lib to do it, but I'm not sure how Ruby would do it.
Here's the code:
require 'watir'
ie = IE.new
ie.goto("https://test.domain.com")
ie.text_field(:name, "username").set("myUsername")
ie.textfield(:name, "password")set("myPassword")
Your test server shouldn't have sensitive data, and it shouldn't be publicly accessible. What danger are you trying to protect against / what damage can an unauthorized person do if they got the password? If it's really a test server, it seems like the worst case is that someone would mess with your test data.
Using base64 would only be security by obscurity because it's so easy to decode. If you really think this is sufficient for your needs, just use Base64.encode64 and Base64.decode64 .
I have created a self generated certificate to sign a DLL. When I load this DLL into my C++ application I am able to validate if the code signing certificate is valid or not by using the WinVerifyTrust api.
But I am not able to find a way to detect that the DLL has been signed by one of my certificates. Even by using the CryptQueryObject api I do not find any useful information.
Does anyone have a idea on how to do this? Or is it event possible?
Thank you
CryptVerifyCertificateSignature isn't what you want?
If you sign a certificate using your private key, it can only be verified with your public key. That's how public-key cryptography works. If you can use a public key to verify the signature, then you know that the corresponding private key must have been used to sign it.
In case you need a version that also works on earlier versions of Windows than the one Bill Zeller showed you, you can use the following:
Use CryptQueryObject with CERT_QUERY_OBJECT_FILE
Use CryptMsgGetParam with CMSG_SIGNER_CERT_INFO_PARAM on the HCRYPTMSG you received from the previous call
Now use CertCompareIntegerBlob to compare your known (certificate) serial number (or numbers, in a loop) against the one in the file
If any of the known serial numbers matches, you're done. If all comparisons fail, it's not your cert.
Note: when looking at the serial number of the certificate in the file properties dialog, the bytes shown there appear in the reverse order when compared with the contents of the PCERT_INFO (CERT_INFO::SerialNumber) you get from the CryptMsgGetParam. So make sure that you store your own serial numbers reversed or reverse them before comparison.
Also note: you'll still need to have the certificate installed as trusted, in order for WinVerifyTrust (not mentioned above) to consider the code signature trusted at all. I just described the part about how to find out it's your own certificate that was used.