Encrypting data in transit

Similar Messages

• Lync FIPS 140-2 encryption for Data in Transit Certificate?

  I work for an organization that has deployed Lync 2013 throughout the enterprise. 
  We have no need for “Data at Rest” encryption on the servers or clients at this time, but we do have a customer requirement for FIPS 140-2 encryption for “Data in Transit”?  Does Lync provide data in transit encryption utilizing one of the National
  Institute of Standards and Technology (NIST) approved modules by default? If so, have all the traffic types been “Certified” compliant (i.e. Server-to-Server, Client-to-Server, IM, Audio, Video, Desktop Sharing, web conferencing, etc…)? 
  I’ve read all the technet articles and looked at the following links, but it is not clear to me. 
  I cannot find the certification number and certificate for the FIPS 140-2 validation for Lync's encryption module on either the Microsoft or NIST websites.
  http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
  https://technet.microsoft.com/en-us/library/security/cc750357.aspx

  Lync Server 2013 and Microsoft Exchange Server 2010 Service Pack 1 (SP1) operate with support for Federal Information Processing Standard (FIPS) 140-2 algorithms if the Windows Server 2008 R2 operating systems
  are configured to use the FIPS 140-2 algorithms for system cryptography. To implement
  FIPS support, you must configure each server running Lync Server 2013 to support it. For details about
  FIPS-compliant algorithms and how to implement
  FIPS support, see Microsoft Knowledge Base article 811833, "System cryptography: Use
  FIPS compliant algorithms for encryption, hashing, and signing security setting in Windows XP and in later versions of Windows at
  <linktext xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">http://go.microsoft.com/fwlink/p/?linkid=3052&kbid=811833</linktext>. For details about
  FIPS 140-2 support and limitations in Exchange 2010, see "Exchange 2010 SP1 and Support for
  FIPS Compliant Algorithms" at
  <linktext xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5">http://go.microsoft.com/fwlink/p/?linkId=205335</linktext>.
  For More information on FIPS in Lync server 2013 
  http://technet.microsoft.com/en-us/library/jj205114.aspx 
  http://technet.microsoft.com/en-us/library/jj205084.aspx 
  Please remember, if you see a post that helped you please click ;Vote As Helpful" and if it answered your question please click "Mark As Answer" Regards Edwin Anthony Joseph

• EFS, password change denies access to encrypted data

  Hi,
  Has anyone had the issue with admin changing users password in Console One
  resulting in users not being able to access their encrypted data.
  Laptop users are using EFS to encrypt their data.
  These users have WinXPPro SP2 and we are running ZfD 6.5SP2.
  I have found IR 1 for ZfD 6.5 SP2 which includes TID3003874 "Personal IE
  certificates and EFS stop working after password change" however this does
  not fix the issue.
  Could someone explain in more detail what this fix does as I may have
  misunderstood what this fix is.
  Regards,
  Eric.

  I know this is an old thread, but I thought it would be best to those who
  found it realized that the best method for addressing this issue may be
  found here:
  http://www.novell.com/support/viewCo...rnalId=3724689
  However the MS article could still be useful for some.
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Support Forums Volunteer Sysop
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.
  "ghoskins" <[email protected]> wrote in message
  news:[email protected]..
  >
  > I'm having the same problem. I ran acrosss this Microsoft KB and it
  > seems to fix the issue. I'm not certain this is the best security
  > practices, but it does work.
  >
  > 'User cannot gain access to certificate functionality after password
  > change or when using a roaming profile'
  > (http://support.microsoft.com/default...b;en-us;331333)
  >
  >
  > --
  > ghoskins
  > ------------------------------------------------------------------------
  > ghoskins's Profile: http://forums.novell.com/member.php?userid=12306
  > View this thread: http://forums.novell.com/showthread.php?t=215857
  >

• What happens to encrypted data when the server is destroyed?

  Backups to tape are encrypted with a certificate. 
  But what happens if the backup server is destroyed? Do I lose all the backup data on those tapes?
  Can I backup the certificate or is it specific to that specific DPM server?
  In the case of a catastrophic datacenter failure, where everything is lost except the tapes and the certificate, what is the process for recovering the encrypted data?

  You can absolutely backup the certificates used for DPM encryption and you should store those somewhere safe (for example, burn to CD and put in a fireproof safe offsite somewhere secure in an encrypted file).
  This section of TechNet describes the process: http://technet.microsoft.com/en-us/library/jj628058.aspx
  If you had to recreate a DPM server to read the tapes then you'd need to the certificates in the correct certificate store on the DPM server, in addition you'd need to ensure you had the certificates for the certificate chain, if there is one, in the correct
  locations in the cert store.
  Once a cert expires, do not delete it from the DPM until all the tapes that have used that cert are no longer in use or have been overwritten.
  The data would need to be imported through the recovery section in DPM but you'd be able to read and recover the data if the certs were present. No cert = no recovery.

• Encrypting Data on part of a file system.

  A few months ago, using hints I found on the internet, I was able to use diskutil command line utililty to create an encrypted partition of the same sort as when turning FileVault on in Security Preferences.  File Vault doe not appear to offer a way to choose some pargt of the disk storage such as an entire drive of a folder on a drive.  I was able to do it and it worked.  When I mount the disk partition to the system (usualy by plugging it in and turning it on), I'm asked for the security pass phrase or key to decrypt it.  Once mounted with the key supplied, I can access it as any other mounted disk with the type of access restrictions that might be present on any disk.Since I want the data to be truly privatem U decline to put the key into the a known place such as the keychain.  I don't want just anyone who has a log on to this iMac to b e able to read this data.  I want them to need to enter a private key to mount the data. 
  My only problem with this is the hoops I needed to go through to do this.  It is complicated and invovlves setting up special partitions for the purpose.
  Searching Finder help for encrypting data it offered a solution for data on a removable drive.  The stepsare very simple and easy to do:
     a) Mount the files to be encrypted if they are not  online.  They also need to be in a folder or even an entire partition.
      b) Open Disk Utility (GUI version)
      c)Choose File > New > Disk Image From Folder (or New-> Disk Image ffrom a Device).
      d) Select the folder or disk you want to encrypt.
      e) A save dialog will pop up.  Select the name of the archive you wish to create and select a location.  I choose a removable disk partition which has enouh space.  Select Compressed if you wish.  Then Select Encryption and choose the key size for encryption from the drop dwon.  When you click Save, Disk Utility begins creating a disk image that is (possibly) compressed and probably encrypted.  Once done, the files in the folder or partiion are hiddent behind the encryption.  To get to them, you much open the DMG file and supply the password to unlock the encryption.  You can save the key in the keychain if you are not worreid about who can get in.  If you wish to restrict access to fewer people, keep the key secret and provide a recovery mechanism that is suitable for you need.
     f)  One the archive is created, the disk partition containing it may b4 mounted on the system (if it is not there already) and by opening the dmg file you will be asked for the key.  The system will validate that the key works and the encryption and comprewssion are working.  The archive will be mounted as a virual disk.  It can be accessed by any useer of that computer unless the file permissions get in the way.  Mounting it only when the computer is being used by authorized people allow you to mount and dismount the archive for use during a limited time.
  I have a couple of questions here.  Is there an easier way to do this?  Is this encryption as strong as that used in FileVault? 

  No. I don't know why it would not be, except it is easier for a person to leave the disk mounted where anyone can then see it. With FileVault forcing a password on wake from sleep, it will likely be encrypted if anyone found it.
  I'm not sure why you went to the trouble you did before, except the instructions might have been to create an encrypted partition as opposed to creating the disk image. Disk images have been around for at least a decade.
  If you plan on backing up the image with Time Machine, use a sparse bundle disk image as it will write the data to small files, called stripes. Only the stripes that change get backed up instead of the entire image.

• ** How to encrypt data when saving it in DB directly?

  Hi All,
  I want a method to encrypt data in the database when saving it directly
  that is when any one enabled to see the data he will see it encrypted!

  Hi..
  What is the oracle database version???
  As you want the users to see the encypted data, the best option is use DBMS_CRYPTO to encrypt the data.
  [http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_crypto.htm]
  [http://www.oracle-base.com/articles/10g/DatabaseSecurityEnhancements10g.php]
  HTH
  Anand
  Edited by: Anand... on Oct 19, 2009 2:11 PM

• How to handle HTTP-POST encrypted data for ECC Using proxy or RFC

  I have a scenario HTTP-POST ->PI->ECC.sender is HTTP Post  send encrypted data i need to handle the data and stored in to SAP ECC  with out decrypt using PI .what should i take for receiver  can i use inbound proxy or RFC  and how can handle the encrypted data  for decrypt.
  Regards
  Ravi

  1. my sender is HTTP POST . what should i configure in sender communication channel in SAP PI .like SOAP or HTTP .What are the parameters i need to pass .
  >>>
  If you are on PI 7.3 and above, configure the HTTP AAE adapter - Configuring the Java HTTP Adapter on the Sender Channel - Advanced Adapter Engine - SAP Library
  2.while using inbound proxy for encrypted data  i need  store the data in to table , the same proxy can i call  another outbound  service for decrypt  same data.
  >>>>
  Yes you can always a proxy within a proxy.

• Insert an encrypt data in a Table

  Hi all,
  i have encrypted a data with HmacMD5, all its fine. but when i've tried to insert encrypt data in my table, hash code may return symbols like �?��Z��x��. then when i do a select data has been corrupted. how can i encrypted in stardand symbols( like mysql passwords). here is my code:
              KeyGenerator kg = KeyGenerator.getInstance("HmacMD5");
              SecretKey sk = kg.generateKey();
              // Get instance of Mac object implementing HMAC-MD5, and
              // initialize it with the above secret key
              Mac mac = Mac.getInstance("HmacMD5");
              mac.init(sk);
              byte[] result = mac.doFinal(dirMAC.getBytes());
              String macenc=new String(result);
              String x = "jdbc:mysql://localhost/"+
                      "mydatabase?user="+user+"&password="+
                      pass;
              Class.forName("com.mysql.jdbc.Driver").newInstance();
              conn = DriverManager.getConnection(x);
              conn.createStatement().executeUpdate("insert into user " +
                      "(User,Password) values('system','"+myPass+"')");
              java.sql.ResultSet rs=conn.createStatement().executeQuery("select password "+
                       "from " +"user where user ='system' ");
              rs.next();
              if((rs.getString(1).equals(macenc))) {
                  System.out.println(rs.getString(1)+" YES "+macenc);
              } else {
                  System.out.println(rs.getString(1)+" NO "+macenc);
              }Output NO. and sometimes when hash has (') character Query not found.
  thanks.

  Thie is most probably the offending line
  String macenc=new String(result);
  It is never a good idea to try to convert arbitrary bytes into a String using this approach. Not all byte sequences have valid char representation. If you must have a String representation use Base64 or Hex encoding of your Hmac. Google for Jakarta Commons Codec to get a library to assist you with this.

• Encrypting data in CSV files

  I am creating a script that reads username and passwords from a CSV file. The passwords will change (and possibly the usernames as well) so instead of re-recording the script to use the new username/password, I wanted an external file to update.
  This works good but the passwords are in CLEAR TEXT in the CSV file.
  Is there a way to encrypt the password (or username and password) in the CSV file?
  If so, is there an external application that can encrypt this without the need for the ATS Desktop application?

  KZack
  Right now you can not encrypt data in a CSV file, however this is a feature well talked about and i'm sure it will be available soon.
  Regards
  Alex

• Export and Import encrypted data

  Hi,
  I have a database table with encryped data (encrypted using DBMS_OBFUSCATION_TOOLKIT.DES3Encrypt). I am having an issue when I export this table and import it into a new schema. The encrypted data seems to have changed after import. I am unable to decrypt it from the new schema.
  Below is the character set details from export/import.
  "Export done in WE8MSWIN1252 character set and AL16UTF16 NCHAR character set. Server uses WE8ISO8859P1 character set (possible charset conversion)."
  "Import done in WE8MSWIN1252 character set and AL16UTF16 NCHAR character set."
  Has anybody had this issue before? Does it have anything to do with the character set? If so, how do I fix it?
  Thank you!

  Hello,
  since this question is about using the export utility, you might better ask this in {forum:id=61} or {forum:id=732}.
  Regards
  Marcus

• Need pl/sql code to Encrypted data to decryption formate

  Hi All,
  I have Encrypted data 64 bit formate like
  encrypt
  780D0287
  FA57C55510D258C73DE93059E3DC49EC
  need output as a Decryption data..kindly give me output

  This is your duplicate post...
  Re: Need pl/sql code to decryption
  *009*

• Send encryption data through network

  I'm doing encryption data exchanging project. I can describe my scenario anyone can give me good suggestion.
  I use RSA Key pair. Client side encrypt the data using private key and server decrypt those data using particular public key. I store my keys in keystore. For one attempt I use public and private keys belong to one alias. My problem is when doing decryption in server side I got error message (BadPaddingException: Data must start with zero). But if I do encryption and decryption in same class using same keys without any client/server connection it works properly.
  So, if anyone can give me any advice or suggestion, I'm very appreciat

  ivanovpv wrote:
  I think problem is somewhere in data transmission. During transmission either server or client adds extra padding information.No. For symmetric block based encrypted the clear text has to be padded to make it a full block. This is normally done as part of the encryption process using PKCS5 padding. Padding is also reqired for RSA encryption so as to make sure the cleartext ^ public_exponent is greater than the modulus. This is normally done using PKCS1 padding.
  If the encrypted data is corrupt then one normally gets a exception such as BadPaddingException when decrypting using a symmetric algorithm or an exception indicating that the padded data should start with a zero in the case of RSA encryption.
  It is almost certain that the OP has corrupted his encrypted data or his key, possibly by converting to a String without using Hex or Base64 encoding. Without seeing his code we will probably never know.
  >
  I would suggest just get your public key (i hope it's just a long/String probably wrapped within some class) then explicitly convert it into character array (best is to use UTF-8 encoding) - then transmit through network. On other side decode from UTF-8 character array into long/String - probably you'd need to instantiate public key object from your long/String and enjoy!String should never be used as a container for binary data and keys are binary data. Just converting them to a String specifying utf-8 will almost certainly corrupt them. If one must have a String version of any binary data whether it be a key or cipher text one should reversibly encode it using something like Base64 or Hex.

• Encrypting data J2ME

  Hi
  I am developing a number of applications using J2ME. They run on mobile phones and need to be able to send data to a server. I need to encrypt this data as it contains personal information about the user. I cant use HTTPS because some of the applications use MIDP 1.0 and only support HTTP.
  So I want to encrypt the data myself and I was wondering if you could help me with my approach and answer some questions...
  I think the best way is to use RSA public/private keys in combination with a symmetric encrypting algorithm. So the mobile will have the public key part and the server will have the private key. The data will be encrypted using a symmetric algorithm. The key used in the encryption will then be encrypted using the public key. Both the encrypted key and the encrypted data will then be sent to the server. The server uses its private key to decrypt the key and then use the key to decrypt the data.
  How does that sound? I will be using Bouncy Castle crypto. What is the best way to generate a public/private key pair? I then need to somehow include the public key with the application. Should I randomly generate the symmetric key myself?
  Also what algorithm would you suggest for encrypting the data. Remember that it is on a resource constrained mobile device.
  If you have any other comments I would like to hear them. Thanks for your time.

  Thanks for the pointer. The thing is we changed our minds. We discovered strong encryption was not needed since our scheme is like the DVD encryption. The data is unencrypted by the application used by the person that does not have to know the data.
  We went with Rot13. jeje
  Thanks anyway.

• Will this encrypt data securely?

  Hey I'm using bouncy castle AES password based encryption. I was just wondering if anyone would take a quick look at my code below to see if it will encrypt a string securely, or if I've missed anything out?
  Thanks in advance
  import java.io.File;
  import java.security.Security;
  import java.util.Vector;
  import javax.crypto.Cipher;
  import javax.crypto.spec.IvParameterSpec;
  import javax.crypto.spec.SecretKeySpec;
  import javax.swing.JOptionPane;
  import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
  import org.bouncycastle.crypto.params.KeyParameter;
  import org.bouncycastle.crypto.params.ParametersWithIV;
  import org.bouncycastle.util.encoders.Base64;
  public class encryptor {
       private final byte[] salt = { (byte) 0xc7, (byte) 0x73, (byte) 0x21, (byte) 0x8c,
                 (byte) 0x7e, (byte) 0xc8, (byte) 0xee, (byte) 0x99,
                 (byte) 0xc7, (byte) 0x73, (byte) 0x21, (byte) 0x8c,
                 (byte) 0x7e, (byte) 0xc8, (byte) 0xee, (byte) 0x99 };
       public static void main(String[] args)
            new encryptor();
       public encryptor()
            char[] password = "aRandomPassword".toCharArray();
            SecretKeySpec key = generateKey(password, salt);
            encrypt(salt, key, "A secret message");
       public SecretKeySpec generateKey(char[] charPassword, byte[] salt)
            byte[] bytePassword;
            PKCS5S2ParametersGenerator generator = new PKCS5S2ParametersGenerator();
            Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
            int count = 16;
            try
                 bytePassword = new String(charPassword).getBytes("ASCII");
                 generator.init(bytePassword, salt, count);
                 ParametersWithIV params = (ParametersWithIV) generator.generateDerivedParameters(128, 128);
                 KeyParameter keyParam = (KeyParameter) params.getParameters();
                 return new SecretKeySpec(keyParam.getKey(), "AES");
            catch(Exception e)
                 System.out.println(e);
                 System.exit(1);
            //This will never occur
            return null;
       public void encrypt(byte[] salt, SecretKeySpec key, String text)
            IvParameterSpec iv = new IvParameterSpec(salt);
            Cipher cipher;
            byte[] temp;
            try
                 cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "BC");
                 cipher.init(Cipher.ENCRYPT_MODE, key, iv);
                 temp = cipher.doFinal(text.getBytes("ASCII"));
                 System.out.println(new String(Base64.encode(temp), "ASCII"));
            catch(Exception e)
                 System.out.println(e);
  }

  I'm no expert in cryptology but you are using the salt byte array in two places, as salt and as the initialization vector. This strikes me as a big "no-no"; I suspect it could weaken your cipher. Even if I had no evidence of such weakening, I'd avoid that if at all possible.
  You should generate separate salt and initialization vectors; in fact, you should generate them randomly each time you encrypt something. Naturally, you'll have to carry them along with the encrypted data so that you can pass them back in to the decryption process, but that's a small part to pay for not opening yourself up to dictionary attacks.
  Also, you might want to apply the salt more than just 16 times; try something much larger, such as 1024.

• Send encrypted data from oracle 11g to Ms SQL Server 12

  Hi every body,
  we want to send encrypted data from oracle 11g to Ms SQL Server 12:
  - data are encrypted to oracle
  - data should be sent encrypted to Ms SQL server
  - data will be decrypted in Ms SQL server by sensitive users.
  How can we do this senario, any one has contact simlare senario?
  can we use asymetric encription to do this senario?
  Please Help!!
  Thanks in advance.

  Hi,
    What you want to do about copying data from Oracle to SQL*Server using insert will work with the 12c gateway.  There was a problem trying to do this using the 11.2 gateway but it should be fixed with the 12c gateway.
  If 'insert' doesn't work then you can use the SQLPLUS 'copy' command, for example -
  SQL> COPY FROM SCOTT/TIGER@ORACLEDB -
  INSERT SCOTT.EMP@MSQL -
  USING SELECT * FROM EMP
  There is further information in this note available on My Oracle Support -
  Copying Data Between an Oracle Database and Non-Oracle Foreign Data Stores or Databases Using Gateways (Doc ID 171790.1)
  However, if the data is encrypted already in the Oracle database then it will be sent in the encrypted format. The gateway cannot decrypt the data before it is sent to SQL*Server.
  There is no specific documentation about the gateways and TDE.  TDE encrypts the data as it is in the Oracle database but I doubt that SQL*Server will be able to de-encrypt the Oracle data if it is passed in encrypted format and as far as I know it is not designed to be used for non-Oracle databases.
  The Gateway encrypts data as it is sent across the network for security but doesn't encrypt the data at source in the same way as TDE does.
  Regards,
  Mike