I need to programatically encrypt a directory of files, like in a .zip or whatever. Preferably password protected obviously.
How can I accomplish this, and WHAT IS the BEST encryption way to do it, if applicable?
Programming language doesn't matter. I am dictioned in all syntax.
How can I accomplish this, and WHAT IS
the BEST encryption way to do it, if
applicable?
tar and gzip the directory.
Generate a random bit stream of equal size to the file
Run bitwise XOR on the streams
Only truly secure method is a truly random one time pad.
I still say 7-zip is the answer. It hasn't been "cracked".
The OpenSSL library has a variety of block cipher implementations including the well-known AES. It has both a function-call interface (for use with languages like C/C++) and a program-call interface (for use in shell scripts). http://www.openssl.org/
4096-Bit (Open)PGP: 'Pretty Good' Privacy !
GnuPG is the GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880 . GnuPG allows to encrypt and sign your data and communication, features a versatile key managment system as well as access modules for all kind of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. Version 2 of GnuPG also provides support for S/MIME.
libgcrypt:
http://www.gnupg.org/related_software/libraries.en.html
Edit:
BouncyCastle now has OpenPGP support.
http://www.bouncycastle.org/
Use AES. You'll find implementations in your favourite programming language by asking google for AES encryption + myfavouritelanguage.
If you're using .NET, why not use a free compression framework (http://www.icsharpcode.net/OpenSource/SharpZipLib/) that supports Encryption?
Related
Openssl is known to be a standard in crypto world. Openssl is written in pure C, so the problem comes that how to use Opnessl in different languages? such Java. Though Java provides JCE and BouncyCastle, it's hard to know whether they have implementation deviations, i.e., for same input(legal or invalid), JCE and Openssl output different results.
What I come up with so far is to invoke openssl command directly. In real products, how to solve this problem?
Any help is really appreciated.
OpenSSL is using standardized algorithms, this means that no matter which library you use, the decryption result for the same key and algorithm will be the same.
For example:
If you take a BlowFish encryption algorithm with the key "I am a blowfish", and encrypt it with OpenSSL, you can use any library you want to decrypt it and get the same result.
Having said that, it IS possible to use OpenSSL libraries (usually libcrypto and libssl) in any language or OS. It does require some piping though.
In your example, you can use JNI to access OpenSSL library functions directly.
This approach requires that you make sure you have the right libraries for your target architecture and OS.
Personally? I'd see check why there are deviations as that is your main problem.
how to use Opnessl in different languages? such Java.
In Java use JNI. It can be very fast. Pay attention to JNI notion of “pinning” - the native method receives a direct pointer to the elements - without copying - but this has some implications. Pinning is optional. To use JNI one should usually create wrapper functions to invoke target functions (OpenSSL in our case). So you should create shared library (DLL or so) according to JNI rules (argument types jint, etc) and call OpenSSL function.
It depends on language - in general in managed languages you should wrap C code (in COM or Managed C++ for example to use in .NET). In C++ - directly. C# also has mechanism of invoking C functions.
I would like to know whether there are any alternative libraries like JASYPT , which can help me in Encryption / Decryption of passwords.
Yes, there are some. I'm not sure what exactly are you looking for, but I have been using BouncyCastle with great success. Maybe it will interest you as well.
Check out the java security API. It includes a large set of security algorithms and mechanisms for various purposes.
http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html
While looking for implementing crypt functionality, I came across keyczar https://github.com/google/keyczar.
It offers pretty simple api to invoke crypt functions as
Crypter crypter = new Crypter("/path/to/your/keys");
String ciphertext = crypter.encrypt("Secret message");
It also provides api for java/python/cpp languages, and was originally developed by Google security team.
I have some text that is in a file. I want to encrypt this file so that an end user can not read or write to this file, but the application can read it. There can be a stored secret in the application because it is being secured in another way.
What type of Encryption support these requirements?
I was thinking of AES. I do not know much about encryption, and was looking for a starting point. An algorithm or a framework suggestion would be great.
One last note, the code is in Java running on a Windows and Linux environment.
Since you've tagged the post as "Java" - I'd recommend looking at the "Java Cryptography Extension" (JCE). Since J2SE 1.4 it's been bundled with the SDK and JRE.
And of course, a requisite example and overview of using AES in the JCE.
If the application can read it, the application has a key in it. And if the application has a key in it, a sufficiently energetic user can find that key and use it for themselves. Or spy on memory and see the decrypted version.
AES or RSA would be just fine. An important thing to notice though is that once your program decrypts data, a reverse engineer would easily recover the plaintext without any knowledge of the key or algorithm of encryption.
I'm trying to write an applet that would sign e-mail with S/MIME.
Obviously I want to make one small jar with only the required stuff.
Obviously the Java way of doing that involves having a huge sacred signed Bouncy Castle JCE jar around.
The question is: What's the easiest way of getting S/MIME without touching JCE and having it complain about "authenticating" "providers"? Maybe there is a S/MIME implementation that doesn't depend on JCE? Maybe it is possible to use Bouncy Castle S/MIME using their lightweight API without touching JCE? Maybe there is any other way?
It is obvious to me that nothing can prevent a pure-java open source crypto algorithms from working regardless of whether Sun approves, so it's not a question of theoretical possibility, rather: which way is the least painful?
Of course, I can always go ugly early by grabbing Bouncy Castle pure-java JCE implementation, renaming its packages to java.security1, and making any changes I want - but this way looks too painful right now.
UPDATE My current problem with using Bouncy Castle directly: I try to load keys from keystore, which involves using SecretKeyFactory, which in turn rejects my Bouncy Castle build.
BC S/MIME is written over the CMS package, so the question really devolves to modifying the CMS package so all the crypto is done using the light-weight classes.
Something similar has been done already, more-or-less successfully, for the .NET version of Bouncy Castle. We're trying (admittedly it's a slow process) to refactor the Java version so the CMS stuff can work with either JCE or lightweight. The same issue affects other parts of the BC API too e.g. the PKCS#12 keystore is built into the JCE provider, the OpenPGP package is written to JCE, etc. The .NET ports of these rewrote them to the light-weight API also.
Your problem is probably simpler than the general case though. Presumably you only need the CMSSignedDataGenerator and supporting classes. You probably don't need all the myriad variations of addSigner or generate. If you just decide on your digest/signature algorithms up front, then all the provider stuff will be easy to replace with hardcoded calls to specific lightweight implementations.
Instead of a keystore, maybe you could get away with just storing a single private key in a PKCS#8 file (PEM encoded perhaps). Similarly for the certificate.
It's pretty straightforward to sign messages without using JCE.
The real problem was reading PKCS#12 keys.
I did this:
* Copied JDKPKCS12KeyStore class over.
* Everywhere in it, replaced Security.getInstance() with bcProvider.getService().newInstance() (which returns Spi-s)
* In those Spi-s (in BC sources) made required methods public instead of protected.
It looks like a hack, but seems to actually work.
I am looking for open source JCE libraries that implement some of the more esoteric encryption algorithms so that I can study their implementation. I would be especially interested in ones that implement Identity Based Encryption (IBE) as published by Stanford.
Cryptix (not sure what state its in at the moment but it was high quality when I used it last):
http://www.cryptix.org
http://sourceforge.net/projects/cryptix
GNU Classpath also has their own JCE implementation, however, whether they support IBE is another story.