How to decrypt sensitive information with a token and a password

In a web app, it’s common practice to encrypt sensitive information against a user’s password. In this scenario, what’s how would you access/encrypt/decrypt that information using token based authentication?

If a user logs into the web app using their username/pw, which gives them access to their sensitive information, how do you create a token (say, for API access), to access/encrypt/decrypt that same information?

Decrypt Safari’s Form Values file

Back on Mac OS 10.7, there was an encrypted file called Form Values in the folder /home/Users/$ {user}/Library/Safari. This encrypted file contained all “auto-fill” form values in Safari. I don’t know if this file still exists on current version, but during some analysis of an old mac of mine, I found this encrypted file and wanted to dig into it.

This file seems to be encrypted with a key contained in the user’s login.keychain. I have the key (256 bits long) but I was not able to find the correct way to decrypt data.

According to this answer https://apple.stackexchange.com/a/198290/332020 the file is encrypted with AES-128 bits. But none of my implementation did work (AES-128 with first 128 bits as salt, 128 after as key, ECB, CBC, …). Since Mac OS 10.7 was released in 2011, I also tried 3DES, without luck also.

Does someone know more about the encryption process?

How to decrypt wpa_supplicant.conf from samsung android device?

I have this problem: I managed to get wpa_suppplicant.conf out of my samsung device to retrieve a password I currently don’t have access to. Many of the options people are posting on the entire internet include having to erase all your saved passwords to disable samsung encrypting process on the Wpa_supplicant file. Is there any way to decrypt the password from the PSK?this is the wifi I’m trying to retrieve the password

network={

ssid="VTR-6031050" psk=c3915b699c4aff021dcf1d720752a9b9 key_mgmt=WPA-PSK priority=93 frequency=2437 autojoin=1 scanned_hs20=0 id_str="%7B%22creatorUid%22%3A%221000%22%2C%22configKey%22%3A%22%5C%22VTR-6031050%5C%22WPA_PSK%22%7D" usable_internet=1 skip_internet_check=0 verified_password=0 

TWRP 3.3.0 cannot decrypt data

I just updated TWRP from PitchBlackTWRP but now TWRP does not ask for the password any more. Tried manually decrypting and manually wiping from TWRP terminal. Did not help.

recovery --wipe_data twrp decrypt <your password> 

How does Android encryption work? Does TWRP need except the password some device key?

Booting the system still works fine, so nothing wiped yet.

Yes, I saw TWRP OnePlus 5T not asking for encryption password , but the solution did not help. And I am not allowed to comment.

Should I reinstall PitchBlack-TWRP?

ps. I don’t need the data, did a backup before.

Auto decrypt 2nd luks device without having the keyfile at the system

I have a home server Ubuntu 18.04 with 3 disks all luks encrypted, the 1st disk gets unencrypted by a yubikey challenge and a passphrase or just a passphrase. The 2nd and the 3rd disks get unencrypted with a keyfile that /etc/crypttab tells where that file is and the job is done.

Iam trying to find a way to not having that keyfile in my system(1st disk), but having the yubikey, which is configured also as openpgp smartcard, to do the job.

Any other way than yubikey and/or readable keyfile is acceptable. Except having a readable keyfile in a usb-stick, which I find not good idea.

How to decrypt AES CCM with salt on Windows? [on hold]

I have an old file that contains some important information. I know the password, except I forgot how I generated it, and as a result don’t know how to decrypt it.

Here it is (decoded from it’s original base64):

{"iv":"HNpO0wJzMdTRl/2B0q4pPA==","v":1,"iter":1000,"ks":256,"ts":64,"mode":"ccm","adata":"","cipher":"aes","salt":"....", ct": "...."} 

I can’t figure out how to decode AES CCM. I’ve got openssl on Windows and Cygwin and neither seem to show support:

Windows:

Cipher commands (see the `enc' command for more details) aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb aes-256-cbc       aes-256-ecb       aria-128-cbc      aria-128-cfb aria-128-cfb1     aria-128-cfb8     aria-128-ctr      aria-128-ecb aria-128-ofb      aria-192-cbc      aria-192-cfb      aria-192-cfb1 aria-192-cfb8     aria-192-ctr      aria-192-ecb      aria-192-ofb aria-256-cbc      aria-256-cfb      aria-256-cfb1     aria-256-cfb8 aria-256-ctr      aria-256-ecb      aria-256-ofb      base64 bf                bf-cbc            bf-cfb            bf-ecb bf-ofb            camellia-128-cbc  camellia-128-ecb  camellia-192-cbc camellia-192-ecb  camellia-256-cbc  camellia-256-ecb  cast cast-cbc          cast5-cbc         cast5-cfb         cast5-ecb cast5-ofb         des               des-cbc           des-cfb des-ecb           des-ede           des-ede-cbc       des-ede-cfb des-ede-ofb       des-ede3          des-ede3-cbc      des-ede3-cfb des-ede3-ofb      des-ofb           des3              desx idea              idea-cbc          idea-cfb          idea-ecb idea-ofb          rc2               rc2-40-cbc        rc2-64-cbc rc2-cbc           rc2-cfb           rc2-ecb           rc2-ofb rc4               rc4-40            seed              seed-cbc seed-cfb          seed-ecb          seed-ofb          sm4-cbc sm4-cfb           sm4-ctr           sm4-ecb           sm4-ofb