I'm trying to generate HMAC of a message. The algo for HMAC generation is SHA256. The issue is i have a base64 encoded key(shared secret). How can i decode this secret to get the required hmac
Sample code:
var hmac = require('crypto').createHmac('SHA256', "SOME_BASE64_ENCODED_SHARED_SECRET").update("MESSAGE").digest('base64');
This hmac is sent to a java service. The way it does hmac generation is as follows:
Mac mac = Mac.getInstance("HmacSha256");
SecretKey sharedKey = new SecretKeySpec(Base64.getDecoder().decode("SOME_BASE64_ENCODED_SHARED_SECRET"), "TlsPremasterSecret");
mac.init(sharedKey);
byte[] messageBytes = "MESSAGE".getBytes("UTF-8");
byte[] expectedHmac = mac.doFinal(messageBytes);
String hmac = Base64.getEncoder().encodeToString(expectedHmac));
Now, the HMACs generated by my nodejs code does not match with Java service code. How do i solve this problem?
The base64-encoded secret needs to be decoded before passing it to crypto.createHmac():
var secret = Buffer.from('SOME_BASE64_ENCODED_SHARED_SECRET', 'base64');
var hmac = require('crypto').createHmac('SHA256', secret)
.update('MESSAGE')
.digest('base64');
//include crypto
var crypto = require('crypto');
var yourMessage = 'your signature to be hashed using HMAC SHA256';
var sharedSecret = 'your shared secret key';
//generate hmac sha256 hash
var hmacSignature = crypto.createHmac('SHA256', new Buffer(sharedSecret, 'base64')).update(yourMessage).digest('base64');
Above worked for me too.
Note: HMAC SHA256 is hash value, it cannot be decoded. Based on unique secret and unique message (generally date-time is used) a unique hash is created. Client sends this hash value and server generates its own hash value using same algorith, if both hash value match then authorization is successful.
I spent lot of time troubleshooting this. Hope above info help others.
Related
I am trying to encrypt/decrypt local files with AWS KMS DataKey but I don't know what to use to do it.
I have already generated the DataKey from AWS KMS (receiving the Plaintext Key and the Encrypted Key). Now it's supposed I have to use the Plaintext key to encrypt the file, store the Encrypted key with the Final Encrypted file and delete the Plaintext key.
How do I encrypt a file in Java 7 using that Plaintext Key? I mean, there are several ways to do it but which is the most effective and secure with AES_256 cipher I request to AWS KMS to get the keys?
//AWS KMS requesting data key
GenerateDataKeyRequest dataKeyRequest = new GenerateDataKeyRequest()
dataKeyRequest.setKeyId(keyId)
dataKeyRequest.setKeySpec("AES_256")
GenerateDataKeyResult dataKeyResult = awskmsClient.generateDataKey(dataKeyRequest)
ByteBuffer plaintextKey = dataKeyResult.getPlaintext()
ByteBuffer encryptedKey = dataKeyResult.getCiphertextBlob()
I cannot use AWS Encryption to do that (even it would be easier) because o Java 7 version
Using api I have to connect to PHP project with encrypted login and password in Kotlin.
I need to use the same secret password as I use in PHP, but have problem with generating Secret Key by following line:
val sk = SecretKeySpec(secretKey.toByteArray(Charsets.UTF_8),"AES_256") //here exception is throwing
val iv = IvParameterSpec(secretKey.substring(0, 16).toByteArray(Charsets.UTF_8))
c.init(opmode, sk, iv)
That's my secret key:
ksjdg*&%$dfgh"{##!vcfkslc,.a/dcfxcsw345,45654gfdsgtrasd;fsdjf]}{O0-xfvbgdfeh=
The problem is that exception is throwing about unsupported key size. I got it.
But why using PHP and doing the same, using the same key, don't have any errors? :
$encryptionKey = `ksjdg*&%$dfgh"{##!vcfkslc,.a/dcfxcsw345,45654gfdsgtrasd;fsdjf]}{O0-xfvbgdfeh=`
$encrypted = openssl_encrypt($value, $encryptionMethod, $encryptionKey, 0, $iv);
What should do in Kotlin with my key to have it worked?
I have one server and one client.
Client might be in different technologies like java , php.
server code is written in java.
What I am doing in server is, get exponent and modulus bytes of client public key and generate public key of client.
To generate client public key I am using the code below:
RSAPublicKeySpec spec = new RSAPublicKeySpec(modulusBigInt,exponentBigInt);
keyFactory = KeyFactory.getInstance("RSA", "BC");
RSAPublicKey clientPublicKey = (RSAPublicKey) keyFactory.generatePublic(spec);
To encrypt data using client public key I am using below code:
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, clientPublickey);
scrambled = cipher.doFinal(buffer);
Server Information
I have implemented RSA-1024 to encrypt AES key.
I am using RSA/ECB/PKCS1Padding algorithm. and I have also make sure that all clients have also consider 1 padding in their code.
Client - 1 (Java)
If client is also made in java than public key is successfully generated from exponent and modulus of client public key.
I am using the code below to generate key pair of client RSA key..
keyPairGene = KeyPairGenerator.getInstance("RSA");
keyPairGene.initialize(1024);
KeyPair keyPair = keyPairGene.genKeyPair();
RSAPublicKey clientPublickey = (RSAPublicKey) keyPair.getPublic();
Client -2 (php)
Now the problem is if client is in php .. than public key is successfully generated but when I try to encrypt using that public key at that time bad padding exception occurs when I have used default provider in server.
I am using bellow code to generate key pair of client RSA key..
$options = array('private_key_bits' => 1024,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'config' => realpath(__DIR__) . '/openssl.cnf');
#Generates New Private / Public Key Pair
$pkGenerate = openssl_pkey_new($options);
#Get Client Private Key
openssl_pkey_export($pkGenerate, $PrivateKey, NULL, $options);
#Get Client Public Key
$keyData = openssl_pkey_get_details($pkGenerate);
Than I have tried BC provider ... It gives me the exception below:
org.bouncycastle.crypto.DataLengthException: input too large for RSA cipher.
I am not getting what is the problem occurs when I am trying to generate public key from exponent and modulus when client is in php...
if client is in java than its no issues.... and works perfectly..
Any type of help is welcome...
Note:
What I have observed from debugging code is ,
client's public key modulus byte's bit length at server side is varies between 1020 to 1023... it never reaches at 1024 though we have define size as 1024.
Still don't get what exactly the problem is...
but I have implemented work around for it...
I got stuck in generating public key of client using exponent and modulus.
So now I have used one standard format of public key certificate - DER & PEM.
What I did is, generated DER or PEM from PHP side using bellow code,
$options = array('private_key_bits' => 1024,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'config' => realpath(__DIR__) . '/openssl.cnf');
#Get Client Public Key
$keyData = openssl_pkey_get_details($pkGenerate);
$clientPublicKey = $keyData['key'];
$this->clientData['clientPublicKeyPEM'] = $keyData['key'];
And then send that generated PEM to Server (Java).
And at server side I have developed bellow code to regenerate Public key from POM string.
KeyFactory keyFactory=KeyFactory.getInstance("RSA");
byte[] pubKeyBits = Base64.decodeBase64(clientPublickeyView.getModulusBytes());
PublicKey pubKey=keyFactory.generatePublic(new X509EncodedKeySpec(pubKeyBits));
I'm using AES to encrypt/decrypt some files in GCM mode using BouncyCastle.
While I'm proving wrong key for decryption there is no exception.
How should I check that the key is incorrect?
my code is this:
SecretKeySpec incorrectKey = new SecretKeySpec(keyBytes, "AES");
IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
byte[] block = new byte[1048576];
int i;
cipher.init(Cipher.DECRYPT_MODE, incorrectKey, ivSpec);
BufferedInputStream fis=new BufferedInputStream(new ProgressMonitorInputStream(null,"Decrypting ...",new FileInputStream("file.enc")));
BufferedOutputStream ro=new BufferedOutputStream(new FileOutputStream("file_org"));
CipherOutputStream dcOut = new CipherOutputStream(ro, cipher);
while ((i = fis.read(block)) != -1) {
dcOut.write(block, 0, i);
}
dcOut.close();
fis.close();
thanks
There is no method that you can detect incorrect key in GCM mode. What you can check is if the authentication tag validates, which means you were using the right key. The problem is that if the authentication tag is incorrect then this could indicate each of the following (or a combination of all, up to and including the full replacement of the ciphertext and authentication tag):
an incorrect key is being used;
the counter mode encrypted data was altered during transport;
the additional authenticated data was altered;
the authentication tag itself was altered during transport.
What you could do is send additional data to identify the secret key used. This could be a readable identifier ("encryption-key-1") but it could also be a KCV, a key check value. A KCV normally consists of a zero-block encrypted with the key, or a cryptographically secure hash over the key (also called a fingerprint). Because the encryption over a zero block leaks information you should not use that to identify the encryption key.
You could actually use the AAD feature of GCM mode to calculate the authentication tag over the key identification data. Note that you cannot distinguish between compromise of the fingerprint and using an incorrect key. It's however less likely that the fingerprint is accidentally damaged than the entire structure of IV, AAD, ciphertext and authentication tag.
You are using NoPadding. Change this to PKCS7Padding for both encryption and decryption. If the wrong key is used then the padding will almost certainly fail to decrypt as expected and an InvalidCipherTextException will be thrown.
Authenticated encryption requires that we use some accepted standard for encrypting and authenticating a message. So we both encrypt the message and compute a MAC on the message to verify it has not been tampered with.
This question outlines a way to perform password based key strengthening and encryption:
/* Derive the key, given password and salt. */
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec spec = new PBEKeySpec(password, salt, 65536, 256);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
/* Encrypt the message. */
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secret);
AlgorithmParameters params = cipher.getParameters();
byte[] iv = params.getParameterSpec(IvParameterSpec.class).getIV();
byte[] ciphertext = cipher.doFinal("Hello, World!".getBytes("UTF-8"));
But as far as I can tell, this does not compute any MAC on the ciphertext and so would be insecure. What is the accepted standard for performing authenticated encryption in Java?
I would recommend using GCM mode encryption. It is included in the latest JDK (1.7) by default. It uses a counter mode encryption (a stream cipher, no padding required) and adds an authentication tag. One big advantage is that it requires only a single key, whereas HMAC adds another key to the mix. Bouncy Castle has an implementation as well, which is moslty compatible with one provided by Oracle.
GCM mode encryption is also features in a TLS RFC, and in XML encrypt 1.1 (both not final). GCM mode provides all three security features: confidentiality, integrity and authenticity of the data send. The String would be "AES/GCM/NoPadding" instead of the CBC one you are now deploying. As said, make sure you have the latest JDK from Oracle, or have Bouncy Castle provider installed.
Also check out my answer here, which is mostly about String encoding, but I've succesfully tried GCM mode too - see the comment.
When transferring files from one server to another through secure ftp, I use private/public key pairs with the private key residing on the "from" server and the public key residing on the "to" server.
Using private/public key pairs is a secure standard when transferring files.
I believe it would also be a secure means in the context of a Java application.
Check out Generating and Verifying Signatures and Generate Public and Private Keys
for more details on using a private/public key pair setup for digital signatures in Java.