I am looking for an encryption algorithm with a secret key which can be used both for angular 7 and Java. I am not familiar with angular 7 and there is now of knowing any algorithms in angular.
Any standard algorithm should work, both Java and JavaScript have libraries that support standard algorithms e.g. JSEncrypt can be used with Angular.
However with symmetric cryptography (e.g. AES) your key will be exposed in the client and just like rest of the JavaScript code can be accessed by the user.
Depending on your requirements it might be better to use asymmetric cryptography (e.g. RSA) to ensure that private key used to encrypt never leaves the server.
Related
I am working on a school project where we have an ASP.NET Core web application using Identity framework for our users (they can register and sign in) and we also have to develop a java application where we also have to register and sign in using the same user data as the ASP.NET Core application (mutual db). Our problem is that Identity hashes their passwords and to be able to sign in or register from our java application we have to compare hashes or hash the same way Identity does. I have been scanning the internet but haven't found a clear answer yet.
Now I understand ASP.NET Core Indentity v3 uses
PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000
iterations
for hashing their passwords.
My question is: what would be the best method of implementing the same hashing method in our java application? Is there a viable java library available that we can use to mimic the way Identity hashes their passwords? Or are there better approaches to solve this problem?
you should just try to override the IPasswordHasher<> interface in the DI of the .net core app and use the same logic in the java app,
for reference you can look into this:
https://andrewlock.net/migrating-passwords-in-asp-net-core-identity-with-a-custom-passwordhasher/
one thing to consider, changing the way the hashing is done will make all your existing users locked out unless you migrate them, but since this is a school project i assume that its an acceptable outcome.
Is it possible to decrypt a file which is encrypted in sql server using 3DES algorithm?
Using java if I encrypt and save to sqlserver, then I am able to decrypt with out issues..
Is there any difference of encryption methods of sqlserver and java?
You'd need to be using the same implementations, keys, lengths, chaining mode, initialization vectors etc. If any of the configuration of the algorithms is different, it will not decrypt successfully, this is by design.
If you're using the same for all of the above, in theory you could decrypt using paper and a pencil. Any different and you're looking at several million years of compute capacity to crack it.
ps: Use AES if you want it to be quicker AND more secure. Triple DES uses (as the name suggests) three passes of regular DES encryption, which is considerably slower than a single pass of the more modern AES encryption.
You will want to encrypt and decrypt in Java because of ease of use and the security it provides. Also as mentioned before AES is quicker and more secure. Even though triple DES is still in the secure range, it's takes so longer to compute.
I'm working on a mobile App which is to be build in Android (Native) , iOS (Native) & PhoneGap. For security I'm already using SSL, but as per client requirement another encryption is to be implemented in all webservices( Mobile end and Server) . But I'm unable to implement encryption which works well in Java, Objective-C and JavaScript.
I could manage to get AES-256 working in all the platforms , but it works very slow in Android. Library used for the same was RNCryptor.
Can you please suggest me any Encryption/Decryption library which is compatible along at least Java & Objective-C.
AES-256 a correct choice and should not be a performance problem. Most cpu chips include special instructions to allow faster implementations, Apple ARM chips do as do may Intel chips. If you are going to claim that encryption is slow for an implementation you need to supply test times for all platforms, generate them and post them.
Obtaining the same results from encryption, AES-256 in this case, is simply supplying the exact same inputs with the exact required lengths and exact same options--that is all.
Providing secure encryption is more than just a key, data and an AES-256 library. There needs to be an iv, if the key is week it needs to be extended, passwords are generally extended with PBKDF2 or it's like. These require more information to be added to the encrypted data that is passed. There is also data padding such as PKCS#7. RNCryptor handles all this but for interoperability requires the other-end to use the same scheme. Then there is the issue of securing the encryption key and exchanging it with the other-side.
First of all, I have googled how to secure network traffic and I have found a lot of answers... Only the issue is that I've found too many examples and methods and the majority of the them are very old (> 10 years), so it worries me a little bit.
What I want to know is how I could encrypt network traffic between a server and a client.
I have had a bachelor degree class about it and from what I understand, I need a private-public key pair to encrypt and decrypt. However I may have missed some important notion, because I've got this question currently about that: How can I send the key over the network when that key is the key with which you need to secure the network? Do I even have to deal with it, or are there built-in applications of secure networking in Java?
What I also have seen in class was that the instructors needed to manually verify some key codes to be 100% sure that some person was sending a message (manually as in looking at someone else's screen and comparing the keys to see if they were indeed the same).
I am using sockets currently, and I am not even sure if networking can even be done differently in Java. I would like to know how I could achieve secure networking.
Any links to relevant material are appreciated, preferably I want to know the best solution if there happens to be any. If the link/article is dated, then please justify that it can still be used after 5 or 10 years.
Regards.
Use Transport Layer Security (e.g. the OpenSSL library).
If you want to roll your own security, then use AES to encrypt the data; Java has built-in support or AES, or else you can use the Bouncycastle library. Then use RSA to encrypt the AES key, and send the encrypted key and the AES-encrypted data from the server to the client; the client decrypts the key, then uses the key to decrypt the AES-encrypted data.
Java AES Tutorial, Java RSA Tutorial
I have a customer that wants to encrypt some data in his database (not passwords; this needs actual encryption, not hashing). The application which will be doing the encrypting/writing is in Java, but the process which will DECRYPT it is behind a secure firewall, and is written in ruby.
The idea was to use a public/private key scheme; the java system would encrypt it with the public key, then the process on his local box would use the private key to decrypt it as needed.
I'm looking for any experience anyone has doing something like that; my main question is what sorts of libraries on java and ruby can interoperate with the same keys and data.
OpenPGP is supported by both Java and Ruby.
The nice thing about OpenPGP is that key management is all specified upfront, so you don't have to reinvent that particular wheel. (Encrypting and decrypting the data itself isn't hard. Managing the keys in a secure way is.)