Given the popularity of Python, at first I was disappointed that there was no complete answer to this question to be found. It took me a fair amount of reading different answers on this board, as well as other resources, to get it right. I thought I might share the result for future reference and … Read more
Please use an existing secure PHP encryption library It’s generally a bad idea to write your own cryptography unless you have experience breaking other peoples’ cryptography implementations. None of the examples here authenticate the ciphertext, which leaves them vulnerable to bit-rewriting attacks. If you can install PECL extensions, libsodium is even better <?php // PECL … Read more
For Oracle JDK 7 (tested), the default cipher for AES is AES/ECB/PKCS5Padding. The Java Security documentation doesn’t mention about this though (http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#algspec), have to do some JUnit testing to find out.
JSAES is a powerful implementation of AES in JavaScript. http://point-at-infinity.org/jsaes/
Please consider long and hard if you can’t get around implementing your own cryptography The ugly truth of the matter is that if you are asking this question you will probably not be able to design and implement a secure system. Let me illustrate my point: Imagine you are building a web application and you … Read more
Let’s see. PKCS #7 is described in RFC 5652 (Cryptographic Message Syntax). The padding scheme itself is given in section 6.3. Content-encryption Process. It essentially says: append that many bytes as needed to fill the given block size (but at least one), and each of them should have the padding length as value. Thus, looking … Read more
OpenSSL generally uses its own password based key derivation method, specified in EVP_BytesToKey, please see the code below. Furthermore, it implicitly encodes the ciphertext as base 64 over multiple lines, which would be required to send it within the body of a mail message. So the result is, in pseudocode: salt = random(8) keyAndIV = … Read more
Lot of people including myself face lot of issues in making this work due to missing some information like, forgetting to convert to Base64, initialization vectors, character set, etc. So I thought of making a fully functional code. Hope this will be useful to you all: To compile you need additional Apache Commons Codec jar, … Read more
This error means that your Java virtual machine uses a policy that only allows restricted cryptography key sizes due to US export laws. Java 9 and higher The Unlimited Strength Jurisdiction Policy Files are included with Java 9 and used by default (see Security Updates in the Java 9 Migration Guide). If you get this … Read more
There are a couple of commonly quoted solutions to this problem. Unfortunately neither of these are entirely satisfactory: Install the unlimited strength policy files. While this is probably the right solution for your development workstation, it quickly becomes a major hassle (if not a roadblock) to have non-technical users install the files on every computer. … Read more