I am using Adventnet 4.0.0 API to receive traps. When AES 128 is used as privacy authentication it is successfully received, whereas when I change to use AES 256 it is not receiving. But Wireshark is able to receive and decode properly.
Any thing I am missing or Adventnet 4.0.0 is not capable of handling AES 256?
The WebNMS page for the Java SNMP API lists the supported encryption schemes:
SNMPv3 security: Support for HMAC-SHA-96, HMAC-MD5-96, CBC-DES, CBC-3DES, CFB-AES-128, CFB-AES-192, CFB-AES-256 bit encryption.
If you don't think it's working like it should, it's always worth shooting off an email to their support crew.
Hard to say more than that without seeing your code.
Related
I have the following system
Android app -> kafka -> listener service (Java).
I would like to make sure that there is data integrity in this process.
I want to encrypt the message in the Android app, insert it into a topic and then have listener pick it up and decrypt the message.
I would like to know what would be the best way (algorithm and practice) to encrypt and decrypt between the systems. Can this be achieved in a simple way (without certs or keys)?
Assuming there will be 5 mobile apps pushing messages to the broker.
I would like to make sure that there is data integrity in this process.
If you are concerned to ensure the message integrity during transport, using TLS (ssl, https) would do the trick in the most of the cases. If you need end-to-end security (signed, encrypted message) between other components (kafka->Java), you will need to sign the message. In most of the cases you should be ok with the first option (https).
Can this be achieved in a simple way (without certs or keys)?
PKI (certs and keys) enables us to ensure integrity and confidentiality without hardcoding the secrets (which is not very wise for mobile apps). You already have out of box libraries for SSL, so consider it "the simple way". Building custom protocol to sign and validate the messages is only more complex and possibly less secure.
I would like to know what would be the best way (algorithm and practice) to encrypt and decrypt between the systems.
For basic transport security, I'd suggest to rely on TLS, you still need to authenticate the user (username, password?) to ensure client's identity. TLS provides secure channel up to the SSL termination point (https server, kafka listener, ..).
If you need end-to-end security (signed, encrypted message) between other components (kafka->Java), there are some standards to encrypt and sign the messages, such as WS-Security for web services or you can use signed and encrypted JWT to pass messages.
However - you will have to securely exchange the keys between the client and validating backend (with a separate service or some key exchange protocol).
I think the easiest way to implement that is to use and encrypted channel using some secure transport (https, sftp, etc.)
If you are implementing a custom protocol, then you will need to encrypt/decrypt the messages using some of the available libraries.
And yes, I suggest to use an standard encryption algorithm (which will require to use certificates).
I have a project on SMS encryption. It will be able to send encrypted SMS.
I don't know where to start. I work with android studio. Please help me out with solutions.
for encryption you have to use cryptography algorithms like ECC, RC4, RC6, ESA, AES etc. and for simple solution you can use Base 64 encoding and decoding. first you have to encrypt data then send SMS, ans at another side you have to receive the message and decrypt the message using same algorithm then you get your actual message.
I am developing a Java SE based application (university intranet) for a computer security course that sends a password (AES ecrypted) of a registered user to a server via a HTTP request. It performs the following steps:
The user registers to the Intranet app.
The client sends an HTTP request containing the student's password, encrypted with AES.
The PHP script now decrypts the AES ciphertext and hashes it.
The hashed password is stored into the database.
Now from what I have read about AES, I would need a secret key as part of the encryption process. As the server script will need the secret key to decrypt the cipher, would it be a bad idea to use the same secret key each time? Once the script receives the ciphertext it will then use a one way hash function to store it on a database.
If you really want to use a symmetric cypher
Ok I assume you want two entities to communicate by entering the same key on each entity (such as the Bluetooth connection). In that case the question have already been asked and I let you google for some answer like this
What you certainly want is HTTPS
But apparently you just want a secure communication between a client and a server. In that case you need to use HTTPS(since you use HTTP). HTTPS does all that for you with a handshake and then relying on a symmetric key algorithm to ensure the communication.
How it fulfills your requirements
In your very case, if the login page is served in HTTPS:
the password will be de facto encrypted by the client when it is sent
it will be automatically decrypted by the server then you have to
hash it in PHP and store it into the database.
I agree with the other comments - HTTPS is the way to go if possible.
However, to answer your question directly, then yes - using the same secret key (on it's own / without a salt) each time is a very bad idea. If, for some reason, HTTPS is not an option, then consider at least using a salt and/or a one-time-pad, depending on your implementation possibilities:
Salt (cryptography)
One-time Pad
This article looks like it might be useful:
Data Encryption Decryption using AES Algorithm, Key and Salt with Java Cryptography Extension
Hope that helps.
I've got a flash client that communicates with a server. The server-side code is in java. I'd like to be able to encrypt the communication, so it has to be an algorithm that has libraries for both as3 & java.
Speed if more important than the security of the encryption, and ideally it would use asymmetric key encryption.
AES and Blowfish seem like they would work from what I've seen. But both use symmetric keys.
Any ideas?
It seems like opening an HTTPS connection would be the simplest way to do this.
AS3Crypto is a port of the popular Java/C# library BouncyCastle. That works just great.
I'm going to be working with encrypting data shortly here. I've chosen to do it using asynchronous RSA encryption.
I'll be using AS3Crypto's RSA encryption client-side with the public key.
Server-side I'll be using JAVA's built-in RSA cryptography to decrypt data with the private key.
A friend and me are working on a Java Game with a client/server - architecture.
It is working well, but i ran into a problem.
We use TCP Sockets for networking between server and client.
Our network protocol isnt encrypted and can just be read by anone who bothers to watch the stream.
We thought about how we could apply some kind of cryptography to it to hide login information and prevent people to write their own clients. But basic things like adding/substracting bytes seems pretty easy to figure out.
What are the usual methods used to encrypt network communication for games( or at least game login information )? And having written the server and client in java, are there any useful java libraries?
Use public-key encryption (RSA for example) and implement something like the SSL Handshake, or of course use SSL - here you can see an example.
Here's a simplified sequence:
the server sends his public RSA key to the client
the client generates a symmetric key (using AES for example)
the client encrypts the symmetric key with the server's public key and sends it to the server
the server decrypts the received symmetric key
Now both the client and the server have a key which no one eavesdropping can know. Then use that key to encrypt all data.
SSL(Secure Sockets Layer) is popular to handle this kind of problem.
Look at the javax.crypto library or bouncyCastle.
Both provide cryptographic primitives, also for encryption. Depending on how secure you want to have it, you can use symmetric or assymetric crypto. However, also think about key management in advance. Where do you store your private/shared key.
If it is a client-server, the best way would be to use assymetric crypto (i.e. RSA, Elliptic Curve) and give every user a certificate signed with the key of the server (note, this is TLS (formerly called SSL)). This way you can check if the user logging on is authentic. However, you dont prevent custom clients since the user has to have everyone can just copy the certificate.
In practice, it is quite hard to prevent custom clients.
You can use Ciphers. Some more examples here and here