Whats this Encryption?

Anybody know whats this encryption ??

H4sIAAAAAAAAAH1Ry27bMBAE2qaA/oEFeE tkNQjdoEeKJt29LQqyU7TG2MxskyFMSTLdvL1pZUei/Cys5yZ3QH2E43SIBx53vHOP03Gtk0m9bbaGF6z30llTPOwwMYMGQwZc w4Y9dFxL4llmU8DK2FxujyjD/YdSyLOGRowcynCcxXBQso8JbBMlnArPiBkA2ze10IDFlkwn9MyKYmTFeZRyM/WSwoSFlEw5wmFEY0pclCz0pZyLKA ahTQiCZA 2kOfUAQISPkjIgNCq52vapgWiuuKkBsGIsaEoQnIOaK70QLmeyE7A/1E5jVG/kKY96WNVfdK98CYhITkbGJTWwT08KmjZHj2ATQvGChn8yW4Av GgslWr6XXMG9aLjs9OQBS9HuLmjHG66 wzwOLVjqXoqDUId 0KhKqJI3eiNsalVJnXZQaCfsRNfzWotafujbQd72Wq2q0XvRX6 6wEfR6r39FdFZLuA9StvVfP9xqCvr3XFh5X9oW9PPjz0/wIbvX9qPh4EIJ28reb b54hyu2bnP7rZWzjZOqaSdERxkuyB4kGsSoUmxZOuoRL7FV fjukA/9W2Gm nTfP4Ws4ep/2uqxJxY6lSkv/2m6K/js9d40al8Xt5QP6FvT nx6X7C2LakJ39Lw2vfRfNpbmG3jZOOTW7Gt4 Bv/TcpqsZdqdv/anH1TzbhH8BYoBNoeMCAAA=

Using System.Security.Cryptography.Aes to generate encryption key

Is the below method a safe way of generating a random encryption key to be used with AES (SymmetricAlgorithm) in .NET?

It essentially piggybacks off of the Aes alg to create a random key, trimmed to the correct bit size.

    /// <summary>     /// Defines AES key sizes.     /// </summary>     public enum KeySize     {         /// <summary>         /// Key size of 128 bits.         /// </summary>         Aes128 = 128,          /// <summary>         /// Ket size of 192 bits.         /// </summary>         Aes192 = 192,          /// <summary>         /// Key size of 256 bits.         /// </summary>         Aes256 = 256     }      /// <summary>     /// Generates an AES key.     /// </summary>     /// <param name="size">Specifies the desired key size.</param>     /// <returns>AES key.</returns>     public static string GenerateEncryptionKey(KeySize size)     {         using (var aes = Aes.Create())         {             int keySize = (int)size;              if (aes.ValidKeySize(keySize))             {                 aes.KeySize = keySize;                 aes.GenerateKey();                  return BitConverter.ToString(aes.Key)                     .Replace("-", string.Empty)                     .Substring(0, keySize / 8);             }             else             {                 return null;             }         }     } 

Symfony Encryption

I’ve identified encryption keys along with an encrypted database by symfony using AES-128. Does anyone know what cipher-suite symfony encrypts/decrypts data using and if they use a nonce/IV how is it derived?

File Encryption using pynacl

I need a rather simple file encryptor/decryptor in Python, after some research, I decided to use tye pynacl library reading the file in blocks, writing them back out, and then at the end using Blake2b to generate a signature for the file. Each file is encrypted with a unique key, which will be distributed along side the encrypted file, with the file key RSA encrypted using a pre-shared key pair, and that whole message signed with ECDSA to verify it came from me.

The encryption/decryption example code:

import base64 import struct import nacl.secret import nacl.utils import nacl.hashlib import nacl.hash  BUFFER_SIZE = 4 * (1024 * 1024)  def read_file_blocks(file, extra_bytes=0):     while True:         data = file.read(BUFFER_SIZE + extra_bytes)         if not data:             break         yield data  def hmac_file(file, key):     blake = nacl.hashlib.blake2b(key=key)     with open(file, 'rb') as in_file:         for block in read_file_blocks(in_file):             blake.update(block)     return blake.hexdigest()  def encrypt_archive(archive_name, encrypted_name):     key = nacl.utils.random(nacl.secret.SecretBox.KEY_SIZE)     #Use 4 bytes less than the nonce size to make room for the block counter     nonce = nacl.utils.random(nacl.secret.SecretBox.NONCE_SIZE - 4)     block_num = 0      box = nacl.secret.SecretBox(key)     with open(archive_name, 'rb') as in_file, open(encrypted_name, 'wb') as out_file:         for data in read_file_blocks(in_file):             #Append the block counter to the nonce, so each block has a unique nonce             block_nonce = nonce + struct.pack(">I", block_num)             block = box.encrypt(data, block_nonce)             out_file.write(block.ciphertext)             block_num += 1      hmac_key = nacl.hash.sha256(key + nonce, encoder=nacl.encoding.RawEncoder)     output = {}     output['key'] = base64.b64encode(key + nonce)     output['signature'] = hmac_file(encrypted_name, hmac_key)     return output  def decrypt_archive(encrypted_name, archive_name, key_info):     key_bytes = base64.b64decode(key_info['key'])      key = key_bytes[:nacl.secret.SecretBox.KEY_SIZE]     nonce = key_bytes[nacl.secret.SecretBox.KEY_SIZE:]      extra_bytes = nacl.secret.SecretBox.MACBYTES     hmac_key = nacl.hash.sha256(key_bytes, encoder=nacl.encoding.RawEncoder)     hmac = hmac_file(encrypted_name, hmac_key)     if hmac != key_info['signature']:         print('hmac mismatch')         return      block_num = 0     box = nacl.secret.SecretBox(key)     with open(encrypted_name, 'rb') as in_file, open(archive_name, 'wb') as out_file:         # nacl adds a MAC to each block, when reading the file in, this needs to be taken into account         for data in read_file_blocks(in_file, extra_bytes=extra_bytes):             block_nonce = nonce + struct.pack(">I", block_num)             block = box.decrypt(data, block_nonce)             out_file.write(block)             block_num += 1  key_info = encrypt_archive("C:\temp\test.csv", "C:\temp\test.enc") print(key_info) decrypt_archive("C:\temp\test.enc", "C:\temp\test.enc.csv", key_info) 

Outside of general mistakes, the two things I’m doing I’m not entirely sure are sound:

  1. To keep the block nonces unique, I create a slightly smaller random list of bytes for the nonce than required, then when encrypting the blocks I append the block number, as a four byte integer to the nonce.

  2. When generating the blake2b hash, for a key, I hash the file key and nonce. This seems somewhat useless overall, since if they have the key and nonce, they could just replace the file. Although, I can’t really think of a better alternative that doesn’t have similar weaknesses. Should I just ditch that bit, since NaCl does per-block MACs anyhow? (which I found out only after I wrote the hmac code)

Can I enable my fingerprint lockscreen whitout (!) enabling encryption

I like to regularly backup my data partition using TWRP. I noticed once I enable my fingerprint screen lock, TWRP is unable to access my data partition because Android 8.0 encrypts it from the moment I set a screen lock password (obligated when I enable fingerprint screen lock). For the moment my device in not encrypted and I don’t want it to be encrypted, “preserve force encryption” is off in Magisk. Can I take the risk and enable my fingerprint screen lock now? Or will it encrypt my data partition again? I don’t want my data partition to be encrypted as I like to access it out of Android. My bootloader is unlocked and my phone is a Samsung SM-G935F (Galaxy 7 edge) with Android 8.0.

ps: TWRP does not ask for a password when my Android device is encrypted.

So does enabling a screen lock turn on encryption automaticly and can I disable this behaviour?

Can I enable my fingerprint lockscreen whitout (!) enabling encryption

I like to regularly backup my data partition using TWRP. I noticed once I enable my fingerprint screenlock, TWRP is unable to access my data partition because Android 8.0 encrypts it from the moment I set a lockscreen password (obligated when I enable fingerprint lockscreen). For the moment “preserve force encryption” is off in Magisk. Can I take the risk and enable my fingerprint screenlock now? Or will it encrypt my data partition again? I don’t want to format my data again and reinstall everything. My bootloader is unlocked and my phone is a Samsung SM-G935E