We have a Java web application that sporadically fails to find cryptographic libraries. Currently restarting the application fixes the issue. The following expections appear in the logs, see below for full stack trace. java.lang.InternalError: Could not start up the CDSA libraries. java.lang.NoClassDefFoundError: Could not initialize c...
Hello, this is somewhat a newbie question probably. I'm generating keypairs with Java: KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN"); keyGen.initialize(512, random); KeyPair keyPair = keyGen.genKeyPair(); RSAPrivateKey privateKey = (RSAPrivateKey)keyPai...
Has anyone got practical experience or a reference for a scheme that implements a key management scheme that would comply with the PCI DSS security standard? There are obviously quite a few implementations around given the number of companies compliant with PCI DSS but trying to find details of them is tough. When it gets down to stori...
There are many articles and quotes on the web saying that a 'salt' must be kept secret. Even the Wikipedia entry on Salt: For best security, the salt value is kept secret, separate from the password database. This provides an advantage when a database is stolen, but the salt is not. To determine a password from a stolen has...
If we were to use server1 for all files (file server), server2 for mysql database (database server). In order for websites in server1 to access to the database in server2, isn't it needed to connect to to ip address of second (mysql server) ? In this case, is remote mysql connection. However, I seen from some people comment on the se...
I am trying to mimic the results of some C code that uses the OpenSSL library using the system.security.crytography library in the .net 3.5 world, and I can't seem to get it right. I need some help... part of the issue is my understanding of crytography in general. Here's what is supposed to happen: I send a request for authenticatio...
Hello, I'm signing some data on a .net-based smartcard and trying to verify that signature in a java environment - but without success. Smartcard (c#): RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(1024); // In a different method, rsaParams.Exponent and rsaParams.Modulus are set rsaProvider.ImportParameters(rsaPa...
Hi everyone. I want to develop an application that encrypt all my conversations that I have. MSN conversations, Google Talk conversations, or any other. How can I develop an application like that? What is the best architecture? What can I use to achieve this... What encryption protocol? Thanks. P.S.: I want to use Java. ...
i am using a certificate generated by makecert which has both private and public key. The java side uses this public key to encrypt the data and .net decrypts it back. I am trying to decrypt Java's encrypted 64 bit encoded string and getting bad data. To see if all is good on.Net end, I frist tried to encrypt with the public key and th...
My company's CRM system utilizes a captcha system at each login and in order to utilize certain administrative functions. The original implementation stored the current captcha value for in a server-side session variable. We're now required to redevelop this to store all necessary captcha verification information in a hashed client-sid...
I am trying to encrypt some data with the following code: public static byte[] EncryptString(byte[] input, string password) { PasswordDeriveBytes pderiver = new PasswordDeriveBytes(password, null); byte[] ivZeros = new byte[8]; byte[] pbeKey = pderiver.CryptDeriveKey("RC2", "MD5", 128, ivZeros); RC2CryptoServiceProvider...
What is the equivalent to Crypt::CBC in Perl for Ruby? Note: This problem similar to PHP/Perl at stackoverflow:655691. Perl Version use Crypt::CBC; use MIME::Base64::Perl; my $cipher = Crypt::CBC->new( -key => "95A8EE8E89979B9EFDCBC6EB9797528D", -keysize => 32, -cipher => "Crypt::OpenSSL::AES" ); $encypted = $ci...
I have to encrypt/decrypt some sensitive information in a Xml file? Yes I can do that by writing my own custom algorithms. I am wondering if there is already a built in way in .NET to do that and also what points I always need to take care.. ...
I've written Encryption/Decryption methods using the RC2CryptoServiceProvider in C# and for some reason, I cannot get my decryptor to decrypt the final few bytes. The file seems to just cut off. My encryption method looks like: public static byte[] EncryptString(byte[] input, string password) { PasswordDeriveBytes pder...
I need to provide some passwords, API keys and similar sensitive data in my code. What are best practices in that regard? Hard-coded? SQlite? Some cryptographic framework? ...
Question: Is this API authentication technique easily hackable? apiKey = "123456789" apiCallId = "1256341451" apiSecret = "67d48e91ab2b7471d4be2a8c2e007d13" sig = md5(apiKey + apiCallId + apiSecret) = 09c297a354219f173bfc49c2e203ce03 where apiKey: some unique identifier for the user apiCallId: a unique integer that ...
I recently have a problem with a crypto library which produces bad md5 output. Instead of 32 digits it returns 30. As we don't use unit test, this problem was quite a headache to solve... because we assumed that md5 string was correct and look for bugs in other places. That make me realize of the real value of unit tests (unit test fir...
I'm using Python (under Google App Engine), and I have some RSA private keys that I need to export in PKCS#12 format. Is there anything out there that will assist me with this? I'm using PyCrypto/KeyCzar, and I've figured out how to import/export RSA keys in PKCS8 format, but I really need it in PKCS12. Can anybody point me in the right...
How do I verify the correct key is being used to decrypt AES encrypted data using pyCrypto AES? cipher = AES.new(key, AES.MODE_CFB) cipher.decrypt(s) If an incorrect key is used, it still attempts to decrypt the data, obfuscating it more. Is there any test I can do to prove the data is being decrypted to the original state? ...
Hi, I want to know the list of all countries and the encryption standard not allowed for that country. Example: For some country encryption is not allowed. and for some country encryption level should not be grater than 64 bit. Thanks Sunil Kumar Sahoo ...