security of AES where attacker can ask secure code to decrypt arbitrary cypher-text

A service or library provides a function decrypt( user_id, cypher_text) and gives back plain text. Internally to the function it loads an AES key from a secure vault, decrypts the cypher_text, and returns the plain text. If an attacker gets access to this function alone, but doesn’t know any valid cyphertext, can they perform an attack to recover the AES key for a particular user_id?

To be clear when I say “the attacker doesn’t know any valid cyphertext” I mean it not only doesn’t have access to a matching encryption function but also that the attacker doesn’t have access to any cypher text that has been encrypted with the key. So the attacker can only feed in some specially crafted series of attacking cyphertext and inspect the decryption results to try to deduce the key.

I have looked for the name of such an attack and haven’t been able to find it. In this case the attacker cannot use a “known plaintext” attack as they don’t have access to a function that encrypts with the AES key. I would describe the scenario above as a “crafted cyphertext attack on a decrypt function”. So my question is whether AES is secure against anything but a brute force attack in such a scenario.

Decrypt a text I don’t know how was encrypted

I have already looked around and didn’t find anything so I thought I could ask here. I have these 2 different encrypted texts +j+hnQx9Wl83MWeM92tyZA== and E4NEi092gWbppbpNR0JUAw==
They should both be long numbers, like 19732832, but I don’t know how to decrypt them. Does anyone know how to help me? I would be very glad if anyone could tell me either the encryption method or just the decrypted text. Thanks in advance

If it can help somehow, this is another examples: lJsFziTUF4LtFzww7d2tVw==

Android app is the only party authorized to decrypt

If we have data stored in encrypted format by the android app (encryption key in keystore), is it possible for the app to be the only entity capable of decrypting it to do some calculations? I am talking even the app’s own user can’t access the decrypted data, not even when not using the app UI to access the app like hackers do.?

Exemple : server is sending encrypted data regarding a QR code for a book. The app should decryot the QR and check if it is stored inside its local data and send a response back to the server. I don’t want the QR code to be humanly accessed by the app’s user through the app or any other tool even though their app can.?

How to decrypt Diffie-Hellman in wireshark?

How can i decrypt Diffie-hellman TCP packets?

I’m trying to make a tool that shows cleartext response from a server that uses this encryption. However when i look online people all seem to say it’s impossible to decrypt DHE, which is not true since we are the client and have access to this information,

but how can i decrypt these packets with the handshake in wireshark?

Bonus question: Any tools in python or something that establish DHE connections and show cleartext response?

enter image description here

Can Eduroam decrypt SSL traffic?

Eduroam is an organization that provides free WiFi to educational institutions and around some cities. I don’t fully understand how the authentication works, but in order to connect you have to install a CA Certificate called eduroam_WPA_EAP_TTLS_PAP on your device. I know CA certificates are used to decrypt TLS/SSL traffic, so doesn’t this mean that Eduroam can decrypt my traffic considering I have their certificate installed on my phone? Any input is appreciated.

The specific certificate looks like this (numbers changed for security):

$   openssl x509 -inform der -in -noout -tex Certificate:     Data:         Version: 3 (0x2)         Serial Number: 0 (0x0)         Signature Algorithm: sha1WithRSAEncryption         Issuer: C = HR, ST = Zagreb, L = Zagreb, O = MZOS, OU = CARNet, CN = CA Root certificate         Validity             Not Before: Nov 15 14:17:58 2011 GMT             Not After : Nov 12 14:17:58 2021 GMT         Subject: C = HR, ST = Zagreb, L = Zagreb, O = MZOS, OU = CARNet, CN = CA Root certificate         Subject Public Key Info:             Public Key Algorithm: rsaEncryption                 RSA Public-Key: (1024 bit)                 Modulus:                     00:e5:a0:99:17:88:9d:1c:93:e5:d0:8f:97:da:63:                     00:e5:a0:99:17:88:9d:1c:93:e5:d0:8f:97:da:63:                     00:e5:a0:99:17:88:9d:1c:93:e5:d0:8f:97:da:63:                     00:e5:a0:99:17:88:9d:1c:93:e5:d0:8f:97:da:63:                     00:e5:a0:99:17:88:9d:1c:93:e5:d0:8f:97:da:63:                     00:e5:a0:99:17:88:9d:1c:93:e5:d0:8f:97:da:63:                     00:e5:a0:99:17:88:9d:1c:93:e5:d0:8f:97:da:63:                     00:e5:a0:99:17:88:9d:1c:93:e5:d0:8f:97:da:63:                     00:e5:a0:99:17:88:9d:1c:93                 Exponent: 65537 (0x10001)         X509v3 extensions:             X509v3 Subject Key Identifier:                  00:e5:a0:99:17:88:9d:1c:9300:e5:a0:99:17:88:9d:1c:93             X509v3 Authority Key Identifier:                  keyid:00:e5:a0:99:17:88:9d:1c:93:00:e5:a0:99:17:88:9d:1c:93:00:e5:a0              X509v3 Basic Constraints:                  CA:TRUE     Signature Algorithm: sha1WithRSAEncryption          00:e5:a0:99:17:88:9d:1c:93:00:e5:a0:99:17:88:9d:1c:93:          00:e5:a0:99:17:88:9d:1c:93:00:e5:a0:99:17:88:9d:1c:93:          00:e5:a0:99:17:88:9d:1c:93:00:e5:a0:99:17:88:9d:1c:93:          00:e5:a0:99:17:88:9d:1c:93:00:e5:a0:99:17:88:9d:1c:93:          00:e5:a0:99:17:88:9d:1c:93:00:e5:a0:99:17:88:9d:1c:93:          00:e5:a0:99:17:88:9d:1c:93:00:e5:a0:99:17:88:9d:1c:93:          00:e5:a0:99:17:88:9d:1c:93:00:e5:a0:99:17:88:9d:1c:93:          00:e5 

It is installed using the Eduroam app into the Android credential storage and is “Installed for Wi-Fi” which I assume means that the credential is applied to all WiFi traffic.

How to share information between devices, decrypt it later with private key

I’m developing an app for alert people if they encounter covid-19 positive person. I’m very much concern about user’s privacy. So I need to make a user completely anonymous.

What is want is as follows.

Suppose there are devices A, B, C,

A, B, and C should broadcast the their own UUID via bluetooth When A, B, and C is near to each other A will have B, C UUID’s and B will get A, C’s UUID and vise versa.

Lets suppose A’s find out that A is positive for Covid-19. A will upload its UUID to a central server B and C also checks for UUID’s with the server. When B, C gets UUID list of infected person’s apps B, C will check if they match any of UUID downloaded from the server against locally saved UUID.

But in my case I don’t want the server to find out UUID of A. But somehow I need to send A’s UUID to other devices as well. Whats will be the best approach.

My Solution.

All the devices will generate public, private key pairs of their own. Each app will encrypt their UUID with the public key they have generated and broadcast to the other devices encrypted UUID + public key.

Once particular user find him positive for covid-19 he will upload his private key to the server. All the apps will download all the private keys from all the covid positive devices. and check if app’s themselves can decrypt their messages with the private key’s they have.

Will this be possible ? or what will be the best approach.

Its stupid to disclose the private key. And also it will be chaos to find appropriate public key which matches with the private key also.. But yet this was the only thing that I could think of.

Securely encrypt and decrypt files via PBE in Java (Jasypt seems insecure)


  • I have a Java app, which among other things, needs to encrypt/decrypt binary files on the file system. I’m planning to use PBE (password based encryption) since the password will be entered by the user each time they use the app (it’s not stored anywhere).
  • I don’t know if AWS KMS (key management system) or Google KMS can assist in any way, but it doesn’t matter since remote services are not allowed to be used for this project.

My Questions:

  • Are there any Java libraries that will help me achieve my requirements, aside from directly interacting with the JCE API (java cryptography extension)? I’m not a security expert and don’t want to misuse the JCE.
  • I’m also open to other ideas that don’t use a Java library, however, it must nicely integrate with my primary Java application.

Google Tink:

Tink doesn’t support PBE.

The lead developer of Tink (Thai Duong) has stated as such. Thai does say it is possible to achieve using an internal API (, however, he goes on: “This is not recommended because the subtle layer might change without notice”. I want a stable solution, so Tink doesn’t cut it.

There is an open github issue to add PBE to Tink.


Jasypt doesn’t seem secure.

If you want to know the details, read on, but it’s not required…

Jasypt is supposed to make PBE tasks easier, and the API is very simple, but the default parameter values it uses seem to be those which haven proven insecure (e.g., MD5 and DES). I can manually configure it to use more secure options but the very fact that its defaults are insecure makes me wonder what other aspects of the library are insecure.

For example, here are its default values when using the API:

  • Encryption algorithm: PBEWithMD5AndDES
  • No IV generator
  • Random salt generator of 64 bits using SHA1PRNG (
  • KDF using MD5 with 1000 iterations

I can manually change the defaults to obtain the following configuration:

  • Encryption algorithm: PBEWITHSHA256AND256BITAES-CBC-BC
  • Random IV generator of 128 bits using SHA1PRNG (
  • Random salt generator of 128 bits using SHA1PRNG (
  • KDF using SHA256 with 1000 iterations

The API is super simple. Here’s how to instantiate the Java object which encrypts and decrypts binary data using the default settings (PBEWithMD5AndDES, etc):

StandardPBEByteEncryptor binaryEncryptor = new StandardPBEByteEncryptor(); binaryEncryptor.setPassword(password); byte[] cipherBytes = binaryEncryptor.encrypt(plainBytesArray); 

In order to make things more secure I installed a lib called Bouncy Castle which adds many cipher algorithms for use by the JVM. Among the many options I chose PBEWITHSHA256AND256BITAES-CBC-BC. Similar to the code above, here’s how I instantiated the more secure configuration:

StandardPBEByteEncryptor binaryEncryptor = new StandardPBEByteEncryptor(); binaryEncryptor.setPassword(password); binaryEncryptor.setProvider(new BouncyCastleProvider()); binaryEncryptor.setAlgorithm("PBEWITHSHA256AND256BITAES-CBC-BC"); binaryEncryptor.setIvGenerator(new RandomIvGenerator()); binaryEncryptor.setSaltGenerator(new RandomSaltGenerator()); byte[] cipherBytes = binaryEncryptor.encrypt(plainBytesArray); 

The library does have its own “stronger” encryptor classes (StrongBinaryEncryptor, AES256BinaryEncryptor, etc) but like I said, I’ve lost confidence in their software (unless you can explain otherwise).


Please help 🙂

How to decrypt XML encrypted as per FATCA IDES standard?

My former colleagues have encrypted an XML file as per FATCA-IDES standard:

  1. Digitally signed the XML payload (using “enveloping” signature and create SHA2-256 hash)
  2. RSA digital signature using the 2048-bit private key that corresponds to our private key
  3. Compressed XML file
  4. Encrypt XML file with AES-256 key:
    • Cipher mode: CBC
    • Salt: No salt
    • IV: 16 bytes IV
    • Key size: 256 bits/32 bytes
    • Encoding: None
    • Padding: PKCS#5 or PKCS#7 (i’m not sure which one was used)
  5. Encrypt AES key and IV (48 bytes total – 32 bytes AES key and 16 bytes IV) with public key (given by IDES – not ours):
    • Padding: PKCS#5 v1.5
    • Key size: 2048 bits

Therefore, from start point where we had a simple XML file (not encrypted), we ended up with a .zip file which contained 3 files:

  • xxxx_Payload
  • xxxx_Key
  • xxxx_Metada.xml

With that said, I can’t find the original XML file which was not encrypted. I need to have access to that information and as my knowledge in cryptography is close to 0, it’s impossible for me to understand how to decrypt the generated payload by my former colleagues so I can have access to the readable XML file “xxxx_Payload”.

FYI, I have in my possession the private key (with its password) that what used at the time. I believe this should be sufficient to somehow be able to decrypt the data?