I have to prepare Message Integrity Attribute for TURN allocation request.
say my username is user_1, realm is 192.168.1.101 and password is user_pass_1
key = MD5(user_1:192.168.1.101:user_pass_1)
then I have to perform HMAC-SHA1 on a buffer using above key.
I want to use gnutls library for calculating HMAC-SHA1, is there any way to do it
Related
Hey guys I have been stuck and I cannot understand the following from the Signal Protocol Documentation:
Alice then calculates an "associated data" byte sequence AD that
contains identity information for both parties:
AD = Encode(IKA) || Encode(IKB)
An initial ciphertext encrypted with some AEAD encryption scheme [4]
using AD as associated data and using an encryption key which is
either SK or the output from some cryptographic PRF keyed by SK.
I do not understand what the Encode function is or like how to write it up in C. Can it just be any encoding function of bytes and if not what encoding do I use?
Additionally, the aead encryption scheme, does this mean I will be encrypting the original message from Alice with AD and SK (Shared Key generated from the HKDF)? If so, what algorithms can I use to encrypt (I could not find any algorithms from Github)?
I am trying to integrate safenet HSM with our application. I am writing the program in C. I am referring to the PKCS11 v2.20 cryptoki standard document from RSA labs. I need to generate an AES 256 bit key. While defining the template for key generation I am not sure what value needs to be passed for CKA_VALUE. While generating a DES3 key, I didn't provide this attribute and I was able to generate a key.
I searched for sample programs for CKA_LABEL but failed to find any solid examples in C. I found a couple of Java programs where they have used CKA_VALUE_LEN instead of CKA_VALUE. I am not sure if that will work.
This is the snippet given in the document. Most websites give only this snippet as an example. Nothing is specified for the array value.
CK_OBJECT_CLASS class = CKO_SECRET_KEY;
CK_KEY_TYPE keyType = CKK_AES;
CK_UTF8CHAR label[] = “An AES secret key object”;
CK_BYTE value[] = {...};
CK_BBOOL true = CK_TRUE;
CK_ATTRIBUTE template[] = {
{CKA_CLASS, &class, sizeof(class)},
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
{CKA_TOKEN, &true, sizeof(true)},
{CKA_LABEL, label, sizeof(label)-1},
{CKA_ENCRYPT, &true, sizeof(true)},
{CKA_VALUE, value, sizeof(value)}
};
The CKA_VALUE is the actual value of the key. When you tell the HSM to generate a secret key, it will generate a key for you on the hardware based on the attributes you pass in secret key template, and set the value generated in the CKA_VALUE. This attribute however cannot be read/extracted nor it can be set when generating the key, because the HSM won't allow you to inject a key (directly) from the software nor allow you to extract it from the HSM (directly).
The CKA_VALUE_LEN is the length of the key you can tell the HSM to generate. The AES key can be of length 128, 192 or 256 bits. Depending on the key size you want you would set the CKA_VALUE_LEN as 16, 24 or 32 (key size as bytes).
I'm writing a program and before it loads I want the user to enter the correct password without storing the password anywhere in my code. I've implemented MD5 hashes before but from what I've read they're outdated and can be broken. There are a few sites out there that attempt to reverse engineer and MD5 hash. What's the strongest encryption I can use to keep prying eyes out of my program (e.g., The NSA)?
"Encryption" is not the right thing to do for storing user passwords - as by design an encrypted password can be decrypted. As you said - hashing is the way to go.
MD5 is outdated, and I believe the current recommendation is sha1.
Note that there are ways to reverse any hashing algorithm to acceptable input. The commonly accepted standard to make this much more dificult is to add a unique "salt" to all passwords before putting them through the hashing function. A common mistake made when adding salts to passwords is to use the same salt value on every password in the database.
When salting passwords, use a unique value, for example the user ID, or the created date/time string for the user record. This will prevent attacks based on rainbow tables because there will be no existing ready to use rainbow table for your stored password hashes.
I personally like the approach of using the created date / time string of the user as it's a value that should never change and will be available and will likely be different for each user the the database.
Eexamples below assume you are familiar with PHP - however the concepts can be applied to any language.
Example:
Before saving a new user into the database:
$date = date('Y-m-d H:i:s');
// save this same value into the user record somewhere
$passwordHash = sha1($user['created_date'].$_POST['password']);
// and save the $passwordHash value into the password field for that user
To authenticate a login attempt, use something like the following:
function authenticateUserLogin($email, $password) {
$user = $db->fetchRow('SELECT * FROM users WHERE email=?', array($email));
if (!$user) return false;
$passwordHash = sha1($user['created_date'].$password);
return $user['password_hash'] !== $passwordHash;
}
To update an existing users password, use something like...
$passwordHash = sha1($user['date_created'].$newPassword);
$db->query('UPDATE users set password_hash=? WHERE id = ?', array($passwordHash, $user['id']));
I have a pointer to TLS certificate and I need to get commonName property;
I at first create X509 object with function d2i_X509 like ;
x = d2i_X509(NULL, &p, certificate_lenght);
if (x == NULL)
return https_failure;
Than I call function X509_NAME_get_text_by_NID for getting commonName
X509_NAME_get_text_by_NID(X509_get_subject_name(x),NID_commonName, hc->https_domain_name, 256);
It works for me but I am worried about performance . I think, all certificate object is parsed when I only need commonName . Is there any better method for getting commonName with more efficiency .
There is no more efficient way using OpenSSL high-level API. If you are really interested in having the best performance possible, you'll need to use the low-level ASN.1 parsing API.
But keep in mind that you cannot fully validate a certificate without parsing it entirely, so I would be concerned with the security implications of only extracting the CN.
Hi, i have file_data(xml format) and file_signature(ASN1 DER), and also have certificate(X509 ASN1 DER). I want to check if file_data is correct, but I have some problems. what I'm doing:
Main Idea: Some company A creates file_data, then using SHA1 gets hash of the file_data, and encrypts this hash using RSA private key and gets file_signature. Then company A sends me file_data and file_signature and certificate. I get public key from certificate get file_signature and decrypt file_signature using public key and get hash_1. Then i get file_data and use SHA1 to get hash_2. If hash_1 and hash_2 is equal, i can trust to content of the file_data, am I right?
Implementation:
Load certificate: d2i_X509_fp() function. Now I have certificate.
Get public key of the certificate: X509_extract_key, now i have public key.
Now i want to load file_signature to decrypt it using public key, BUT file_signature has ASN1 DER format how I can load it, what function in OpenSSl should I use?
Suppose I read file_signature, now I must decrypt it using my public key, is there any API for this purpose?
Suppose I decrypt file_signature and get hash_1.
Now I must load file_data and get hash of it using SHA1 function hash_2, what function I must use? SHA1(), or SHA1_Init, SHA1_Update, SHA1_Finish?
Suppose I get hash_1 and hash_2, how i must compare them, using memcmp?
Suppose I compare them, if they are equal, i can use file_data.
another question is that file_signature is 128 byte len and when i decrypt it i get 128 byte hash_1(Am I rigth) , but when i get hash of the file_data hash_2 it's length is only 20 bytes, so how I can compare them, or I misunderstand something?
Thanks for your help!
p.s. sorry for my english;).
If you get a file_signature of 128 bytes, then it is probably not ASN.1 encoded. 128 bits is exactly the key length of a 1024 bit key (on the low side nowadays, check keylength.com). Hashes are not directly encrypted if RSA is used: first it is wrapped within an ASN.1 structure, and then it is padded, all according to PKCS#1 v1.5 (Google it).
Normally you don't perform the hashing separately from the RSA encrypt. Libraries like openssl will contain functions to perform verification where the hash is automatically calculated (no doubt this would be openssl_verify()). Those functions will also do the compare for you.
Note that you will need to establish trust for the public key, otherwise an attacker could just generate a random key pair and send you a different public key together with the attackers signed data. Normally public keys are trusted using direct communication beforehand, or using a PKI infrastructure (certificate chains).