I am writing a web service that acts as a proxy to many other services, and for each of these services I need to pass along the user's password for that particular service. I'd like to keep the password encryption details out of the main part of the service and let the client deal with another specialized part of the service (let's call...
I have to encrypt the username and password for a native Apple application. But the server side is in Java, so the same encrypted fields have to be decrypted using Java. I am new to cryptography, and I don't know how to go about it. One option that has come to my mind is to take any algorithm in Java, understand the source code for encr...
Hey, I have an exam tomorrow in Advanced Development, but I am stuck on the topic of Encryption. I have read up on it at http://support.microsoft.com/kb/246071. However I am still confused. If a message is encrypted using Asymmetric Encryption, using the public key, how is the decryptor going to know the private key with which to decry...
Many of the encryption techniques I've seen can easily encrypt a simple 8 digit number like "12345678" but the result is often something like "8745b34097af8bc9de087e98deb8707aac8797d097f" (made up but you get the idea). Is there a way to encrypt this 8 digit number but have the resulting encrypted value be the same or at least only a s...
Hello, how can I show pictures in WebView without saving images into file system? I have tried to implement my custom ContentProvider, but method openFile returns ParcelFileDescriptor that points into filesystem (or socket). My pictures are in filesystem, but in encrypted form. I have tried also URL.setURLStreamHandlerFactory, but in a...
This is not about security. It is also not to make it hard to break. I'm looking for a simple algorithm to change a string (a url) in a way it does not resemble the original. The encryption will be done with javascript. Then I want to feed the encrypted string to a PHP function to change it back to the original. Both ends could share a s...
EDIT 1 : I think I was not clear myself before and hence could not word it better. So, I am creating a system where I am providing page content to another system via IFRAMEs. A user will login to the other system and that system will set their apiKey and userKey in a cookie on my system so that access will be granted i...
I developed a simple ASP.NET website that uses Chilkatdotnet2 (version 9.0.8.0) to generate RSA Public/Private Key pair used for encryption. Below is the sample code bool success; string UnlockChilkatRSA = "XXXXXXXXXXXXXX"; int RSAKeyLength = 1024; Chilkat.Rsa rsa = new Chilkat.Rsa(); success = ...
Hello, I've recently been put in charge of mocking up an Apple product (iPhone Configuration Utility) in Java. One of the sections I've been a bit stuck on is a part about Exchange ActiveSync. In there, it allows you to select a certificate from your Keychain to use as credentials for your EAS account. After some research, I found that ...
I'm trying to decrypt RC2 data with only 64 effective bits. Since I can only have 64-bits, it's my understanding that before calling CCCrypt I must use a method to reduce the key down to this many bits. Since I couldn't find any such method in Apple's CommonCrypto library, I am using this keyschedule method I found. These are the metho...
Hello, We have a Windows application on .net 2.0 that uses embedded encrypted database. The database consists of secret data - around 350mb, which is read-only and is updated with new one each 4 months. Untill now we use SQLite file as a database and it worked good, but we need to move to client-server version since some customers have...
One of the tools I am using uses encryption/decryption to send out data over the network. I am modifying the tool and I need to be sure that the data is actually being sent in an encrypted form. Are Wireshark and tcpdump the right tools for the purpose? At which point during the transfer do they capture the network packets? ...
I've got a bunch of 48-bit (6 byte) values that I need to encrypt symmetrically. The two requirements are: The resulting encrypted value needs to also be 48-bits (6 bytes) long. They key itself can be (and would preferably be) much longer to guard again brute force attacks. The resulting encrypted value needs to be deterministic, i.e. ...
I am trying to validate an X.509 certificate using C# and .NetCF. I have the CA certificate, and if I understand correctly, I need to use the public key from this CA certificate to decrypt the signature of the untrusted certificate. This should give me the computed hash value of the untrusted certificate. I should then compute the hash o...
I have a Silverlight Business Application. I want to store the username and password that the user enters when logging into the system. Does anyone have any pointers, tips etc on how I can securely store this data? I would like to store it encrypted but I'm not sure where I would store the password/salt, would it be secure to store th...
I'm going to be storing a few sensitive pieces of information (SSN, Bank Accounts, etc) so they'll obviously need to be encrypted. What strategies do you recommend? Should I do all the encryption/decryption in the web app itself? Should I use something like pgcrypto and have the conversions done on the DB side? Something else entirel...
I am looking for existing implementations of different types of DES in C/C++/C##. My running platform is Windows XP/Vista/7. I am trying to write a C# program which will encrypt and decrypt using the DES algorithm. I need some implementations with which i can verify my code output to see if i did the things in right order. For the imple...
I am integrating with a 3rd party that requires I use the Diffie-Hellman encryption algorithm. The CF docs indicate that this is a supported algorithm. When I attempt to call Encrypt() with either "Diffie-Helman" or "DH" I get the error message: "The Diffie-Hellman algorithm is not supported by the Security Provider you have chosen." I...
Are there any security downsides in encrypting a given key with itself using AES in CBC mode, and using an IV (of course)? The principles are respected: the key is secret, and the IV is public (as this does not affect security of encryption). However, a potential attacker will know (as he can access the source code), that the string is...
I have an X.509 certificate that contains a set of data with the following IMPLICIT [0] tag: A0 81 C6 (value)... And I have this excerpt from a standards document: The IMPLICIT [0] tag is not used for the DER encoding, rather an EXPLICIT SET OF tag is used. That is, the DER encoding of the EXPLICIT SET OF tag, rather than...