I have a text file that I have to sign with RSA private key and then append this signature and do an AES encryption over this "text file+signature".
For demonstration reasons I am testing such an encrypted file.
I am writing a simple program in C to do the following:
First do an RSA sign(1024 bit) on a text file.
Then append the signature to the text file
Then do an AES encryption over the file.
Then perform the AES decryption
Then remove the 128 byte signature from the file.
Then do an RSA verification of the original text file and the text file after decryption.
Here are my questions:
Is it a good idea to append a binary signature to a text file?
If no what is the general way this is done?
I tried a simple program to do the above but I always get one or two junk characters on AES decryption and therefore RSA verification fails.
Do please suggest.
an AES decrypt of such a file and then remove the 128 byte(1024 bit modulus) signature.
The ad-hoc standard for embedding crypto information in text files was introduced by Privacy Enhanced Mail some time ago: Basically the binary information is encoded in base-64 and appended to the text file along with a header line to identify the "snip" point for the added content.
Here is a sample of what it typically looks like (this chunk would be added to the end of the existing text file)
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,ENCRYPTED
Content-Domain: RFC822
DEK-Info: DES-CBC,F8143EDE5960C597
Originator-ID-Symmetric: linn#zendia.enet.dec.com,,
Recipient-ID-Symmetric: linn#zendia.enet.dec.com,ptf-kmc,3
Key-Info: DES-ECB,RSA-MD2,9FD3AAD2F2691B9A,
B70665BB9BF7CBCDA60195DB94F727D3
Recipient-ID-Symmetric: pem-dev#tis.com,ptf-kmc,4
Key-Info: DES-ECB,RSA-MD2,161A3F75DC82EF26,
E2EF532C65CBCFF79F83A2658132DB47
LLrHB0eJzyhP+/fSStdW8okeEnv47jxe7SJ/iN72ohNcUk2jHEUSoH1nvNSIWL9M
8tEjmF/zxB+bATMtPjCUWbz8Lr9wloXIkjHUlBLpvXR0UrUzYbkNpk0agV2IzUpk
J6UiRRGcDSvzrsoK+oNvqu6z7Xs5Xfz5rDqUcMlK1Z6720dcBWGGsDLpTpSCnpot
dXd/H5LMDWnonNvPCwQUHt==
-----END PRIVACY-ENHANCED MESSAGE-----
Related
I am reading the zip file specification and there is no explanation as to how the encryption header for a file in the archive is structured. The header order is like this:
[local file header 1]
[encryption header 1]
[file data 1]
[data descriptor 1]
After the local file header the specification says the following while skipping the encryption header part:
Immediately following the local header for a file
SHOULD be placed the compressed or stored data for the file.
If the file is encrypted, the encryption header for the file
SHOULD be placed after the local header and before the file
data. The series of [local file header][encryption header]
[file data][data descriptor] repeats for each file in the
.ZIP archive.
I am searching for how this encryption header is structured because this specification does not explain it. Does anyone know how this works?
6.1 Traditional PKWARE Decryption
...
6.1.3 Each encrypted file has an extra 12 bytes stored at the start
of the data area defining the encryption header for that file. The
encryption header is originally set to random values, and then
itself encrypted, using three, 32-bit keys. The key values are
initialized using the supplied encryption password. After each byte
is encrypted, the keys are then updated using pseudo-random number
generation techniques in combination with the same CRC-32 algorithm
used in PKZIP and described elsewhere in this document.
...
The specification for the decryption header depends on the encryption algorithm used. There is an Traditional PKWARE Encryption (standard) but this is out of date and therefore a custom encryption/decryption should be used.
RAR 5.0 archive format looks a good document at https://www.rarlab.com/technote.htm
You might find it helpful in the project sharpcompress:
https://github.com/adamhathcock/sharpcompress/tree/master/src/SharpCompress/Common/Zip
i have to create an aes-256 key and store it in a .pem file. I am using RAND_bytes() to simply create a 256 bit random key. After this how can i save this to a pem file.
I have looked at Reading and writing rsa keys to a pem file in C and openssl pem. But i am not working with RSA keys.
I suspect my task is much simpler like create pem from base64 but not much help.
PS: This key will be used to encrypt a self signed digital certificate.
EDIT: looking around more i found that i could use bio to covert to pem, something likePEM_write_bio_PrivateKey but it takes EVP_PKEY format as argument. So how can i convert char buf to EVP_PKEY. i found d2i_PublicKey but it involves RSA and am unsure how RSA would fit into picture here.
AES key is just a random byte array. You can simple store the bytes in a file without any structure.
You can convert aes key to .pem by using PEMWriter class of bouncyCastle library.
http://www.bouncycastle.org/documentation.html
I need to create an application in C to generate a self signed PKCS#12 certificate. I have an application which so far creates a .csr and a .key file.
I also have a program which creates a PKCS#12 object from a supplied .key and .p7 file. So given that I have a .csr and a .key file, I assume my next move would be to create a .p7 file from the .key / .csr file?
I found a sample application here which signs or verifies certificates. At the end of the signing process, we have a PKCS7 object. I assume that is the object I need.
However, the sample application gives the following error when I run it with the key I have generated:
$ ./sign_and_verify_util sign mykey.key.pem
Error reading signer private key in mykey.key.pem
I added the .pem onto the file because I thought that was the issue.
Any shove in the right direction would be a great help and I would really appreciate it!
Edit
I just converted mykey.key to mykey.key.pem correctly using:
openssl rsa -inform DER -outform PEM -in mykey.key -out mykey.key.pem
Now the application I am trying to get the .p7 file from says:
Error reading signer certificate in (null)
I need to use both compression and encryption in a project. There are two programs in the project.
In the first program, an ascii text file is first compressed and then encrypted. Further operations follow on this encrypted version of the file. However, a second program in the project follows the reverse process i.e. first decrypts and then decompresses to get the original ascii text file.
I've implemented the encryption module (aes via openssl) and it works fine. But when i looked for compression options in linux, i found that gzip, zlib etc throw their own versions of the file i.e. filename.gz or some other extension, the contents of which are not purely ascii. (For instance, i see diamond shaped symbols when i view the output in the terminal) Beause of this, i'm unable to read the compressed file completely in my C program.
So in short, i require a compressed file which contains only ascii characters. Is this possible by any means?
Finally resolved the issue. The program is handling everything correctly.
On the sending side:
compression: gzip -c secret.txt -9 > compressed.txt.gz
encryption: openssl enc -aes-256-cbc -a -salt -in compressed.txt.gz -out encrypted.txt
The compression output (gz) is given as an input for encryption which outputs a text file. The resulting output is purely ascii.
On the receiving side:
decryption: openssl enc -d -aes-256-cbc -a -in decryptme.txt -out decrypted.txt.gz
decompression: gunzip -c decrypted.txt.gz > message.txt
You can add uuencode / uudecode filter in between compression and encryption -- or you might want to loosen the restriction of the compressed data to be in ascii form: options:
read binary data from you c-program.
(e.g. char buffer[256]; c=fread(buffer,1,256,stdin); )
convert the data to hexadecimal format
static char encrypted_file[]={ 0x01,0x6e, ... };
I have a problem with encrypting a string.
I have the command to encrypt a file using OpenSSL.
But I wanted to know the encrypt the string not the File.
The command for encrypting a file is:
system("openssl des3 -e -nosalt -in %s -out %s -k %s > /tmp/sys; cat /tmp/sys", src, dest, key);
where src and dest are the two file names.
what are the options available with OPEN SSL.
In above in and out are options for encrypting a text file.
I need the option to encrypting character array variable.
As pointed out on another question (by someone who dug through the code more than I did):
https://opensource.conformal.com/viewgit/?a=viewblob&p=cyphertite&h=899259f8ba145c11087088ec83153db524031800&hb=6782c6839d847fbed0aed8c55917e78b5684110f&f=cyphertite/ct_crypto.c
has the code you need to use OpenSSL natively to perform encryption/decryption in your app.
Happy hacking!