I need to get the following out of x509 CA certificates:
the Hash of the DER encoded public key (excluding tag and length) of the subject public key field
the hash of the issuers distinguished name, that must be calculated over the DER encoding of the issuer's name field
I tried to use X509_issuer_name_hash and X509_pubkey_digest, but apparently they return not the results that I expect.
This question and the answers posted is close to what I look for: https://crypto.stackexchange.com/questions/87661/how-can-i-get-issuernamehash-and-issuerkeyhash-from-pem-or-der-certificates but I would like to have an explanation on how to do this in C++ and OpenSSL.
UPDATE: X509_pubkey_digest is exactly what i needed, I just made a mistake converting to hexstring. The hash of the issuer's distinguished name is still open though.
Related
I'm trying to locate the public keys associated with a Bitcoin block's transaction inputs and outputs.
Can anyone tell me where those are encoded?
Thank you.
Simply put, in general you can't.
Depending on the signature schema, all you could get would be a hash of that public key, or, even worse, a hash of a redeem script.
More specifically, you could get some public keys in some cases.
This is a partial list of what you could get:
Pay-to-pubkey-hash scripts (P2PKH): you get the public key from the scriptSig for the input BTC address
Pay-to-pubkey (P2PK): you get the public key from scriptPubKey for the output BTC address
Pay-to-script-hash scripts (P2SH): you get the public keys from the scriptSig for the input BTC address
There are other signature schemes and in standard transactions you should be able to get either the source public key or the destination public key.
What you could do is indexing the whole blockchain and fill the gaps in transactions where BTC addresses are not included together with their public key. But, for instance, if your BTC address appears only in P2PKH outputs, you have no means to find that public key.
consider (for an example) that we have encrypted a file (sample.txt) using win-zip 9 by typing a password "agoodpassword".
now if we try to open the file by typing some wrong password, we get a error message saying: the password typed is incorrect.
the question:
how can a software verify if the password typed in is correct or not? the content of the file could be any random data, so checking for errors in the file after decryption is not going to work. But still the software needs some source to verify this password; so how does this win-zip software verify if the decryption is successful or not?
What I suspect is the password could also be there in the same file being encrypted. Is it true or does the software adopt any other method?
Instead of just encrypting, many applications that create a ciphertext also create an authentication tag. This authentication tag can be checked before decryption; if the authentication tag is incorrect than one of the parameters (key, IV or ciphertext) is incorrect.
To use encryption using a password it is common to utilize PKCS#5 (password based encryption). PKCS#5 contains a password hashing method that utilizes "key stretching", making it harder for an attacker to test/compare many passwords using brute force or dictionary attacks. Such a password hashing method is called a Password Based Key Derivation Function or PBKDF. The latest PKCS#5 describes PBKDF2.
Now if you want to create a new password based encryption method, I would propose to do the following:
Perform a PBKDF2 with (very) high iteration count and 128 bit salt;
Make sure that the user gets feedback about the strength of the password;
Perform a KBKDF (key based key derivation function) on the result of PBKDF2, creating a check value, a data encryption key, and a data authentication key;
Use the data encryption key for an encryption method, say AES-128-CBC with random IV;
Use the data authentication key for a HMAC over the IV and the ciphertext;
Store the check value;
To verify the correct password during decryption, use the check value.
Note that I did not discuss the KBKDF yet. You may use a hash over the output of the PBKDF2 and a simple counter or string for that, say SHA-256(key seed, "ENC").
You can use a hash value to provide a very high probability that anything other than the correct password will be rejected. Basically, if you hash a password it produces a number with a certain number of binary digits, and a good cryptographic hash will produce a completely different number (in as much as random thing tend to differ) if you type something even the tiniest bit different (for example, changing the order of two characters, or using uppercase instead of lower).
There's still a very small chance that two different passwords will produce the same hash value... for example if you only had a 32-bit hash value then there's about a 1 in 2^32 (4 billion) chance. It gets quite mathematically complex to create a hash function that doesn't let you retrieve the password (especially if it is a short password, and someone can pre-generate a list of short words with specific hash values too), so you probably want to have a pretty weak hash - just good enough to avoid returning corrupt data for 99.99% of typos - and/or one that's known to be resistant to such attacks.
Is there any way Django provides us to Encrypt all / atleast fields like first_name, last_name, email_id of auth.User model just like how it does encrypts PASSWORD field before storing it into Database ?
My Workaround:
I have gone through documentation & few questions on StackOverflow, according to which it would be possible to inherit default BaseUser model & define our own myUser model the way we want, by defining the Custom Character Field which encrypts & decrypts characters.
Problem with this is in my application, I have provided SEARCH option for easy access of fields which are characters. If I encrypt all such Char Fields, it's difficult for me to query for search option.
For example: If ABCD, ABCDE, ABC are strings in database & user wishes to know all such entries which have BC, none of results pop out. Reason is each of ABCD, ABCDE, ABC encrypts to different / unique strings ( I am using AES encryption provided by PyCrypto ). Also BC gets encrypted to some unique string which has no similarity between that of ABCD, ABCDE, ABC ( for obvious reason that I am using AES algorithm with key length as 32 ). And the query I have written like
MyModel.objects.filter(first_name__icontains='BC')
would not return any result. ( Yes I want search to be not case sensitive ).
[Note: I have added all required methods like "to_python" , "get_db_prep_value" in Custom Field, also tried lookup method. But yeah actual problem is each string gets encrypted to unique characters in AES of same length]
Since I am new to Django, my question may not be that like a Django developer. I would like to know answer for either of above two questions. Unless I get answer I am deadlocked. Thanks in advance, but please be kind to me & answer.
I tried a lot, found no useful answers for querying partial matches if fields are encrypted. So I had to do this in Python (Found no other way to do it).
This work around works fine only if database we are working with is small, otherwise it comes with cost of performance.
Query all tuples from database, use python to do partial matches.
result = []
temp_result = MyModel.objects.all()
for temp in temp_result:
if query.lower() in temp.first_name.lower():
result.append(temp)
or something like above. I know this is rude way of Querying, but for the given conditions this was only available solution.
I am using visual studio 2005 and C++.
Hello, I use a very good function to sign CryptSignMessage. With this I can specify signed attributes, signatory's certificate, unsigned attributes, if is detached and so on.
However, one of the parameters of this function is the "original document", which according to the documentation this creates a hash of the specified content and signs the hash
I wonder if I can create a signature equivalent, using only the hash of the document. I do not have the document, I have only the hash.
I found CryptSignHash, but this function does not allow specify parameters as signed attributes or unsigned attributes and/or signatory's certificate. According to my research, this function seems to return a PKCS#1, where later I should set up a structure of signature PKCS#7. So would be grateful to know if there is any way to make a signature with the hash and if there is a way to create a PKCS#7 structure from PKCS#1 using windows functions. Or Is there any way to sign only the hash, which is as simple as using CryptSignMessage?
#update 1
The CryptSignHash does not return PKCS#1. Return a byte array with PKCS#1 padding.
I tried to use CryptMsgOpenToEncode and CryptSignMessage passing the contents as "NULL" and adding the hash to signed attributes, they calculate the hash of empty.
Is there any way to do this using Windows functions?
Its a bad idea to sign a hash without calculating the hash yourself. See Sign a Hash, Generate digest and signature separately, and MFSA 2006-60.
We have a situation in our product where for a long time some data has been stored in the application's database as SQL string (choice of MS SQL server or sybase SQL anywhere) which was encrypted via the Windows API function CryptEncrypt. (direct and de-cryptable)
The problem is that CryptEncrypt can produce NULL's in the output, meaning that when it's stored in the database, the string manipulations will at some point truncate the CipherText.
Ideally we'd like to use an algo that will produce CipherText that doesn't contain NULLs as that will cause the least amount of change to the existing databases (changing a column from string to binary and code to deal with binary instead of strings) and just decrypt existing data and re-encrypt with the new algorithm at database upgrade time.
The algorithm doesn't need to be the most secure, as the database is already in a reasonably secure environment (not an open network / the inter-webs) but does need to be better than ROT13 (which I can almost decrypt in my head now!)
edit: btw, any particular reason for changing ciphertext to cyphertext? ciphertext seems more widely used...
Any semi-decent algorithm will end up with a strong chance of generating a NULL value somewhere in the resulting ciphertext.
Why not do something like base-64 encode your resulting binary blob before persisting to the DB? (sample implementation in C++).
Storing a hash is a good idea. However, please definitely read Jeff's You're Probably Storing Passwords Incorrectly.
That's an interesting route OJ.
We're looking at the feasability of a non-reversable method (still making sure we don't explicitly retrieve the data to decrypt) e.g. just store a Hash to compare on a submission
It seems that the developer handling this is going to wrap the existing encryption with yEnc to preserve the table integrity as the data needs to be retrievable, and this save all that messy mucking about with infinite-improbab.... uhhh changing column types on entrenched installations.
Cheers Guys