validation,oauth-2.0,public-key-encryption,jwt

There's no solution that is standardized as part of the OAuth 2.0 protocol suite (today). It was considered to be a single-domain problem that would be solved in various ways that were considered to be out of scope for the core OAuth specifications (much like the API between Resource Server...

security,cryptography,public-key-encryption

This video by Youtube channel Art of the Problem does a good job of explaining it conceptually, before getting into the exact details of how the RSA algorithm implements it. If you think of encryption as use of a lock and key to secure information, then standard shared-key encryption involves...

java,encryption,cryptography,public-key-encryption

Try to flush your cipher output stream before getting a byte array.

encryption,mule,public-key-encryption,pgp

The source code shows a bunch of validations that can't be bypassed: Validate.notNull(toBeDecrypted, "The toBeDecrypted should not be null"); Validate.notNull(publicKey, "The publicKey should not be null"); Validate.notNull(secretKey, "The secretKey should not be null"); Validate.notNull(password, "The password should not be null"); Validate.notNull(provider, "The security provider can't be null"); So the only...

java,encryption,cryptography,public-key-encryption,number-theory

p doesn't fit into an int, so PrivateFields[0].intValue() must be wrong. Your primitiveRoot algorithm has to take BigInteger and not int.

java-ee,rsa,public-key-encryption,public-key,pem

Java expects your key to be DER-encoded, but you are supplying PEM-encoded data. Read your file as a string, cut off the headers and base64-decode the contents. Then supply those bytes to the key factory....

node.js,encryption,public-key-encryption

Diffie-Hellman (Key Exchange) is an algorithm and protocol to derive a shared secret based on modular arithmetic. It is not a public-key cipher in the same way as RSA is. You cannot use Diffie-Hellman for crypto.publicEncrypt(). Node.js' Crypto module doesn't provide a way to generate a public-private RSA key pair,...

unix,encryption,public-key-encryption,gnupg

Looks like the secret key isn't on the other machine, so even with the right passphrase (read from a file) it wouldn't work. These options should work, to Either copy the keyrings (maybe only secret keyring required, but public ring is public anyway) over to the other machine Or export...

ios,iphone,security,rsa,public-key-encryption

You don't need to perform any encryption. Just store the passwords in the keychain, which has stronger encryption than anything you could possibly implement — as it's integrated into the Secure Enclave which has no public API other than keychain and already uses RSA encryption, among other things to make it...

python,ssl,openssl,public-key-encryption,x509

You are right that you should check the certificate itself. And yes, you need the VeriSign root certificate(s) (and any other intermediate certificates to have the complete chain of trust) which signed the certificate to be checked. Current Symantec (VeriSign) root certificates can be found here in zipfile. Download and...

java,openssl,public-key-encryption

RSA encryption with PKCS padding and public key acquired from certificate: openssl rsautl -encrypt -in sesskey -inkey cert.pem -certin -out temp openssl base64 -e -in temp -out enc_sesskey RSA decryption with PKCS padding and private key: openssl base64 -d -in enc_sesskey -out temp openssl rsautl -decrypt -in temp -inkey privkey.pem...

node.js,rsa,public-key-encryption

Don't. Seriously. Don't. Rolling your own cryto will be bad. Instead, use https or, if you really must do it yourself, try to implement Diffie-Hellman. At least with DH, you aren't creating your own algorithm. As to why this is bad, consider an attacker who wants to read your data....

c#,android,encryption,rsa,public-key-encryption

The lesson here is don't rely on defaults. You should replace the line Cipher cipher = Cipher.getInstance("RSA"); with the line Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1PADDING"); in your Java code....

encryption,public-key-encryption,password-encryption

The cryptographic primitive you are looking for are public key signatures. They do exactly what you have described, but I'll add few remarks to your points: Re 1: The first channel you use has to be secure in some sense so no attacker can not pretend to be the server...

encryption,cryptography,rsa,public-key-encryption

You are looking for the modular inverse of e (mod n), which can be computed using the extended Euclidean algorithm: function inverse(x, m) a, b, u := 0, m, 1 while x > 0 q := b // x # integer division x, a, b, u := b % x,...

java,encryption,aes,rsa,public-key-encryption

AES is a symmetric cipher algorithm, for this it needs a symmetric key, not a public key. In order to create symmetric key, use helper class SecretKeySpec. Your encryption scheme should create a random sequence of bits as a key material for AES cipher, and then encrypt/decrypt this key material...

python,openssl,public-key-encryption,jwt

Having examined the PyJWT source code, it is apparent that the library expects the PEM data to be a string type, but you are providing a bytestring (evident in your question by the b'...' literal). The offending function is prepare_key, along with the definition of acceptable string types. You must...

.net,encryption,public-key-encryption,privatekey,pki

You need to use makecert and pvk2pfx, both get installed with visual studio. First run makecert to get a certificate (cer file) and private key file (pvk file) makecert -sv yourprivatekeyfile.pvk -n "cert name" yourcertfile.cer -b mm/dd/yyyy -e mm/dd/yyyy -r where: -sv yourprivatekeyfile.pvk is the name of the file containing...

rsa,public-key-encryption,cryptoapi,encryption-asymmetric

The problem with exporting/importing the public key was because private key was generated using AT_SIGNATURE, instead of AT_EXCHANGE. See the explanation and the example code

php,encryption,rsa,public-key-encryption,privatekey

Use the openssl_pkey_get_public() function: http://php.net/manual/en/function.openssl-pkey-get-public.php It decrypt the .pem format and extracts the keys necessary for the work....

c#,.net,encryption,rsa,public-key-encryption

Note: I updated this answer. Please scroll down to the update for how it should actually be implemented because this first way of doing it is not the correct way of doing RSA encryption. One way I can think to do it is like this (but may not be compliant...

encryption,encoding,base64,public-key-encryption

It's an encoding algorithm (hence "Base64 encoding") to allow people to move data in an ASCII friendly environment (i.e. no control characters or anything non-printable). It should give you good portability with XML and JSON etc. The encoding is entirely well known, the algorithm is simple and as it has...

c++,public-key-encryption,crypto++,elliptic-curve

As jww suggested I have successfully completed encryption and decryption. Below are the code snippets if anyone wants. Decryption string decrypt(std::string encryptedMessage , std::string privateKeyExponent) { string decryptedMessage; try { AutoSeededRandomPool prng; //since the 'privateKeyExponent' is in base-64 format use Base64Decoder StringSource ss(privateKeyExponent, true /*pumpAll*/, new CryptoPP::Base64Decoder); Integer x; x.Decode(ss,...

math,rsa,public-key-encryption,modular-arithmetic

In g^x = 1, the solution x will always be a divider of (p-1)*(q-1). Choose some different g values, and you will likely find most factors of (p-1)*(q-1). And as (p-1)(q-1) = N - p - q + 1, knowing (p-1)(q-1) and N results in knowing p + q. Knowing...

java,cryptography,primes,biginteger,public-key-encryption

I do not hold a degree in crypto, so take this with a grain of salt. You have two major areas of concern here: Your primes need to be unpredictably random. This means that you need to use a source such as SecureRandom to generate your primes. No matter how...

java,android,security,encryption,public-key-encryption

SSH keys are not X509 compatible keys. They are stored in a SSH proprietary format. You'll need a SSH capable libary to retrieve the key value. If SSH functionality is not required then it is possible to generate keys in Java (using the keytool command line or KeyPairGenerator. Alternatively it...

c++,cryptography,rsa,public-key-encryption,crypto++

The Crypto++ Keys and Formats and Crypto++ RSA Cryptography pages may be of interest. If you're generating the RSA parameters like this: AutoSeededRandomPool rng; InvertibleRSAFunction params; params.GenerateRandomWithKeySize(rng, 2048); You can use the use the DEREncode and BERDecode methods of InvertibleRSAFunction to encode and decode all the parameters respectively: { FileSink...

encryption,openssl,rsa,public-key-encryption

Manual page states that: RSA_public_encrypt() returns the size of the encrypted data. RSA_private_decrypt() returns the size of the recovered plaintext. On error, -1 is returned; the error codes can be obtained by ERR_get_error(3). Your code should look like this: unsigned char plain [13] = "Hello World!"; unsigned char encrypted[1024]={}; unsigned...

digital-signature,public-key-encryption

Say A is Alice and B is her Bank. The bank gets a public key certificate signed by a trusted authority whose key Alice already knows. The certificate proves that a certain public key actually belongs to that bank. When Alice tries to connect to her bank, if Xavier tries...

swift,ios8,public-key-encryption

SecItemCopyMatching is for you: var dataPtr:Unmanaged<AnyObject>? let query: [String:AnyObject] = [ kSecClass: kSecClassKey, kSecAttrApplicationTag: "com.example.site.public", kSecReturnData: kCFBooleanTrue ] let qResult = SecItemCopyMatching(query, &dataPtr) // error handling with `qResult` ... let publicKeyData = dataPtr!.takeRetainedValue() as NSData // convert to Base64 string let base64PublicKey = publicKeyData.base64EncodedStringWithOptions(nil) Note that the size of the...

java,encryption,cryptography,rsa,public-key-encryption

Yes, you can, but you should be certain that it is a prime number (bounded by the size of the modulus): KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); // 17 is another often used value, beware to use proper RSA padding if you set it to 3 RSAKeyGenParameterSpec kpgSpec = new RSAKeyGenParameterSpec(2048, BigInteger.valueOf(3));...

java,rsa,public-key-encryption,javacard

The issue is that BigInteger by default encodes to a signed big endian representation. If you decode the bytes using the constructor it does the opposite, i.e. it expects a signed value. Now most cryptography is performed on (large) unsigned integers. This is because the calculations are performed within a...

java,rsa,digital-signature,sha1,public-key-encryption

When you take a look at BouncyCastle source code you will notice that both SHA1WITHRSAENCRYPTION and SHA1WITHRSA indicate the same algorithm - RSA PKCS#1 v1.5 signature with SHA-1 hash algorithm which is also identified by OID 1.2.840.113549.1.1.5.

publicxml is already a single value comprised of many bits. You can distribute it to those who need it. There are many possible encodings. You should decide for yourself which one you want to use. This may depend on many factors such as support for different public key encodings on...

java,encryption,cryptography,public-key-encryption

I don't think you can use the SecretKeySpec with RSA. This should do: byte[] publicBytes = Base64.decodeBase64(publicK); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicBytes); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PublicKey pubKey = keyFactory.generatePublic(keySpec); And to decode the private use PKCS8EncodedKeySpec...

php,openssl,digital-signature,public-key-encryption,privatekey

The public key need no security, so you can save as clear text in the database. with the private key you have different solution based on level of security and kinds of attacks you want to avoid. 1 save the pk as clear text in the db. Never write php...

ssl,https,public-key-encryption

Ok, my question had been answered and discussed on SO before - it's called a NULL/ZERO cipher : Unencrypted SSL protocol?...

security,encryption,cryptography,rsa,public-key-encryption

That's the thing. If p and q are big, factoring n (calculating p and q out of it) is hard. It's also called the RSA problem. It is so hard that such a naive algorithm, as you've described it, would take many many years on an cluster to compute the...

java,encryption,cryptography,public-key-encryption,encryption-asymmetric

"textbook" RSA cannot encrypt anything larger than the modulus (it's modular exponentiation, so this should not be a surprise). Secure modes of RSA - for instance OAEP - use padding, creating an additional overhead. So this overhead needs to be subtracted from the size of the modulus to get the...

ssl,https,public-key-encryption,public-key

Public keys are not directly used to encrypt any of the the underlying HTTP traffic on an HTTPS connection; neither the HTTP request nor the HTTP response are encrypted this way. Rather, during the initial SSL handshake, a session specific symmetric key is negotiated between the client and the server,...

java,public-key-encryption,encryption-asymmetric

You are generating the keys correctly. KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(1024); KeyPair keys = kpg.generateKeyPair(); The problem is in your: byte[] encBytes = encrypt(data, prvk, xform); Most likely because you are passing in the String "DES/CTR/NoPadding". You cannot encrypt using DES with an RSA key pair....

java,android,rsa,digital-signature,public-key-encryption

In rsaSign method, do the following after line s.update(data);, byte[] signature = s.sign(); Log.e("s.sign()", Base64.encodeToString(signature , Base64.DEFAULT)); return signature; Remember, A call to sign() method resets the signature object to the state it was in when previously initialized for signing via a call to initSign(PrivateKey). That is, the object is...

javascript,encryption,public-key-encryption,public-key

That is expected. The RSA cryptosystem works in group modulo some prime number. To ensure that all possible plaintexts are encrypted with the same security, the plaintexts are padded to produce a padded plaintext that is slightly smaller than the modulus. Since the padding is applied before encryption, the ciphertext...

java,android,public-key-encryption,elliptic-curve

This was an issue with the calculations causing a stack overflow. The repeated recursive division exceeded the call stack allocated to the process. I tried running it as an AsyncTask, but still the same issue. I got around this by spawning a new Thread with a lot more memory (64kb)...

c++,cryptography,public-key-encryption,public-key,crypto++

Its a SubjectPublicKeyInfo (SPKI). You need to call Load on it after HexDecoding. First, save it to a file in ASN.1/DER to see what it is: string dek("30819D300D06092A864886F70D010101050003818B0030818702818100B126088" "1BDFE84463D88C6AB8DB914A2E593893C10508B8A5ABDF692E9A5419A3EDBAE86" "A052849983B75E3B425C18178B260003D857DF0B6505C6CF9C84F5859FCE3B63F" "1FB2D4818501F6C5FA4AD1430EEB081A74ABD74CD1F4AA1FCCA3B88DD0548AED3" "4443CEB52444EAE9099AA4FE66B2E6224D02381C248025C7044079020111"); HexDecoder decoder(new FileSink("key.der",...

ios,objective-c,encryption,public-key-encryption

See documentation at https://developer.apple.com/library/ios/documentation/Security/Reference/certifkeytrustservices/#//apple_ref/c/func/SecCertificateCreateWithData You are trying to load public key. This API expects public key certificate, not public key. It says Returns NULL if the data passed in the data parameter is not a valid DER-encoded X.509 certificate. So, make public key of it or use other API to...

java,objective-c,encryption,rsa,public-key-encryption

As I explained in my other answer, it is very tricky to generate the same key pair using the same value of the PRNG. But that does not seem to be what you are after. It seems that you want to use your own seeded PRNG to generate the key...

security,ssl-certificate,public-key-encryption,dictionary-attack,john-the-ripper

I wrote small python script to do what I wanted. I put the key under the name "ssl.key" and the word list in a file called "wl.lst". Here's the complete code: from subprocess import PIPE, Popen import subprocess import sys def cmdline(command): proc = subprocess.Popen(str(command), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) (out, err)...

java,cryptography,public-key-encryption

It depends on your situation but you would only need a public key signature if all of the following things are true. You want to: run multiple versions of your AES encryption engine in different places then need to be able to verify which server encrypted which files while protecting...