I’m trying to decrypt XML EncryptedData in .NET Framework:
<xenc:EncryptedData Id="_741139241b38dfd707421728b0fd4041" Type="http://www.w3.org/2001/04/xmlenc#Element"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> </xenc:EncryptionMethod> <ds:KeyInfo> <xenc:EncryptedKey Id="_db6a41a40ccb22cbef88275caff4d05d"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256"/> <ds:KeyInfo> <xenc:AgreementMethod Algorithm="http://www.w3.org/2009/xmlenc11#ECDH-ES"> <xenc11:KeyDerivationMethod Algorithm="http://www.w3.org/2009/xmlenc11#ConcatKDF"> <xenc11:ConcatKDFParams AlgorithmID="0000002A687474703A2F2F7777772E77332E6F72672F323030312F30342F786D6C656E63236B772D616573323536" PartyUInfo="0000001673796D756C61746F722E6C6F67696E2E676F762E706C" PartyVInfo="0000000743552D554D5750"> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> </xenc11:ConcatKDFParams> </xenc11:KeyDerivationMethod> <xenc:OriginatorKeyInfo> <ds:KeyValue> <dsig11:ECKeyValue> <dsig11:NamedCurve URI="urn:oid:1.2.840.10045.3.1.7"/> <dsig11:PublicKey>xxxx</dsig11:PublicKey> </dsig11:ECKeyValue> </ds:KeyValue> </xenc:OriginatorKeyInfo> </xenc:AgreementMethod> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>xxxx</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedKey> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>xxxx</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData>
As I understand I need to implement these steps:
- recreate public key stored in OriginatorKeyInfo node using x, y parameters from PublicKey and specified curve, result is publicKey
- do KeyAgreement (algorithm:ECDH-ES) operation using my private key and publicKey from step 1, result is sharedKey
- do Key Derivation Function (algorithm: ConcatKDF) operation using sharedKey, result is unwrappingKey
- do Key Unwrap (algorithm kw-aes256) on EncryptedKey>CipherData>CipherValue using unwrappingKey, result is encryptionKey
- do decrypting (algorithm aes256-gcm) on EncryptedData>CipherData>CipherValue using encryptionKey
Currently I’m at step 1. Using jose-jwt I can create public key with
EccKey.New(x, y, CngKeyUsages.KeyAgreement), but I don’t understand why there is no curve name parameter? If someone knows way of making this work or some examples (bouncy castle?) please comment.
Because privacytools.io recommends Joplin I am switching my notes to it. I add the text files to Git, and wonder if I can also use a public Repo and/or a cloud hosted Git server?
I will paste sensitive info like API tokens and passwords into the notes.
I enabled About End-To-End Encryption (E2EE)🔗 / docs with very strong pass (in local KeePassXC) and file synchronisation to a Git repo.
Encrypted data is encoded to ASCII because encryption/decryption functions in React Native can only deal with strings. So for compatibility with all the apps we need to use the lowest common denominator.
Too complicated for me.
I know that for text, WhatsApp messages are encrypted in a way no “man in the middle” could read them. But what about images?
Imagine you received some private image on your smartphone. Then you open WhatsApp Web on your PC, which uses an employer VPN.
Would the employer be able to “download” the image your Whatsapp Web just loaded?
Composed of 10 numbers, 37 lowercase letters, 16 uppercase letters and 1 hyphen, totaling 64 digits.
No key has been provided.
This topic doesn’t help me at all so don’t bother quoting it.
From my perspective, it could only be a Base64 encryption since it is alphanumeric, however, decrypting it doesn’t lead me anywhere. A Hash function doesn’t look like that either.
I’m out of ideas.
I can encrypt my files with a symmetric encryption algorithm like AES, or with an asymmetric encryption algorithm like RSA or ECC (I encrypt my files with my own public key). No communication is involved in this scenario. The latter, called asymmetric self encryption, might seem an unusual choice in situations where key exchange is not required. However, it still does have some advantages: you don’t need to type your passphrase for encryption (you need your public key); it works well with keys stored in a hardware token; also an attacker apparently needs both to have the public key and brute-force the passphrase to decrypt the data. In GnuPG, these two encryptions are achieved via options gpg -c and gpg -e -r USERNAME.
- Considering attacks on the asymmetric encryption, does hiding the public key increase the entropy required for a brute force attack? What information the public key provide to the attacker?
- In practice, how do you compare AES 256, RSA 4098, ECC Curve25519, Brainpool p-12 and seckp256k1, in terms of security, speed and utility (compatibility, implementation, etc)?
Does Pre-boot encryption works on all drives or just the C drive?
where does the recoverykey store
I’m new to security field. I have a website. Whenever I upload a photo to the website that, for example, its name is 123 with the format of .jpg, its name seems to turn to string like this f408KFcUb+k=. The address for reaching this image will be something like this:
If I upload the same photo again, its name will turn to another string on the website.
It seems that the name is being encrypted or encoded, Am I right? If so, is there any way to find out what encryption algorithm is being used for encrypting the names of the files?
Is there any difference between disk encryption and encrypted file container in terms of security? Which one is better?
I need to implement symmetric encryption to enable secure communication between one program running on a Windows machine (to be written in VB.Net) and an app running on an iOS device (to be written in Swift). I’d like to use a reasonably modern algorithm which is supported in both programming languages “out of the box” without having to import more code than necessary.
The use case is, information (mostly, text files) will be encrypted by one program (say, running on Windows) and uploaded to a server, where it will be stored, then later downloaded and then decrypted by the other program (running on iOS). The server doesn’t need access to the content of the file, and having the information “encrypted at rest” on the server is the main goal, although having it encrypted during transit to/from the server is also beneficial. The Windows and the iOS devices themselves aren’t considered to be targeted in this case.
What algorithm(s) are good choices as being modern, secure, and available in both Swift and Dot Net so that what’s encrypted by one can be decrypted by the other?