OAEP uses a separate hash invocation to hash a (usually empty) label as well as a parameter to MGF1 (mask generation function), used for most of the OAEP padding. The hash doesn’t have that much impact on the security of OAEP, and for that reason it may be left to this default. Most libraries however … Read more
How random is crypto.randomBytes()? Usually, random enough for whatever purpose you need. crypto.randomBytes() generates cryptographically secure random data: crypto.randomBytes(size[, callback]) Generates cryptographically strong pseudo-random data. The size argument is a number indicating the number of bytes to generate. This means that the random data is secure enough to use for encryption purposes. In fact, the … Read more
Here’s how to do it properly in CBC mode, including PKCS#7 padding: import base64 from Crypto.Cipher import AES from Crypto.Hash import SHA256 from Crypto import Random def encrypt(key, source, encode=True): key = SHA256.new(key).digest() # use SHA-256 over our key to get a proper-sized AES key IV = Random.new().read(AES.block_size) # generate IV encryptor = AES.new(key, AES.MODE_CBC, … Read more
Q1: Is the IV returned by cipher.getIV() safe for me to use in this way? Yes, it is at least for the Oracle provided implementation. It is generated separately using the default SecureRandom implementation. As it is 12 bytes in size (the default for GCM) then you have 96 bits of randomness. The chance that … Read more
A secure RSA encryption is implemented with an appropriate padding scheme, which includes some randomness. See PKCS#1 or OAEP for more details. The RSA encryption encrypts message padded with ‘0’s and a string of random bit. In the process, the random string is “hidden” in the ciphertext by cryptographic hashing and XORing. On decryption, the … Read more
This line near the top says you’re adding AES functionality to NSMutableData: @implementation NSMutableData(AES) In Objective-C, this is called a category; categories let you extend an existing class. This code would typically go in a file named NSMutableData-AES.m. Create a header file too, NSMutableData-AES.h. It should contain: @interface NSMutableData(AES) – (NSMutableData*) EncryptAES: (NSString *) key; … Read more
Thanks to all of you. your answers and comments pointed me in the right direction, and with some more research I managed to get a working prototype (pasted below). It turns out that node’s crypto uses MD5 to hash the key, and padding is apparently (got that one with trial and error) done using PKCS7Padding … Read more
Python’s standard library, even in the latest version, does not include anything that can decode X.509 certificates. However, the add-on cryptography package does support this. Quoting an example from the documentation: >>> from cryptography import x509 >>> from cryptography.hazmat.backends import default_backend >>> cert = x509.load_pem_x509_certificate(pem_data, default_backend()) >>> cert.serial_number 2 Another add-on package that might be … Read more
TL;DR: Use new SecureRandom() when you’re not sure and let the system figure it out. Possibly use SecureRandom.getInstanceStrong() for long term key generation. Do not expect a random number generator to generate a specific output sequence within a runtime application, not even if you seed it yourself. With random number generators it is always hard … Read more
So I have figured out the format of a CngKey exported in ECCPublicKeyBlob and ECCPrivateKeyBlob. This should allow others to interop between other key formats and CngKey for Elliptcal Curve signing and such. ECCPrivateKeyBlob is formatted (for P256) as follows [KEY TYPE (4 bytes)][KEY LENGTH (4 bytes)][PUBLIC KEY (64 bytes)][PRIVATE KEY (32 Bytes)] KEY TYPE … Read more