Security comments, am I on track? Encryption using AES

Similar Messages

• Decryption of image using AES in windows 8.1

   Hi ,
      I am developing an app in windows 8.1, in which I got image in decryption format ,
  it was encrypted using AES and I know the key
  I tried in oneway but i am getting an error "The supplied user buffer is not valid for the requested operation"
  please help how to decrypt the image and bind it to ui
  Thanks
  Sarvesh
  sarvesh

  Hi Sarvesh,
  I've replied you in another thread, please feel free to check it :)
  --James
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• IPad and Secure Email Certificate. How to encrypt e-mail using certificates *. p12?

  Dear all!
  I would like your assistance in the following matter:
  iPad and Secure Email Certificate.
  How to encrypt e-mail using certificates *. p12?
  What software do I need to buy?
  Thanks.

  Confirm you have imported your certificates into the Windows Certificate store?
  Check the info below for the proper procedure.
  1. Locate the certificate files you saved on your computer. Double-click the first .P12 file.
  2. In the Certificate Import Wizard Dialog, click Next.
  3. The file you selected displays in the File Name field. (If it is not already displaying in the field, click Browse to select it.) Click Next.
  4. Enter the appropriate backup password:
      For the digital certificate file, enter the password that the Stache web page gave you when you downloaded the certificate.
  5. Clear the Enable Strong Private Key protection option.
  6. Select the Mark this key as exportable option. 
  7. Make sure the default option Automatically select the certificate store based on the type of certificate is selected and click Next.
  8. The application displays a summary of the settings. Click Finish.

• Bit locker security issues (easy to crack) disk encryption?

  Bit locker security issues (easy to crack) disk encryption?
  Problem 1: When the PC run I think its too easy to get  malicious users (with usb pendrive) or spyware to get the encryption key (fast and easy)
  youtube.com/watch?v=0npTlOq6q_0
  Problem2:not resistant with bruteforce attacks
  youtube.com/watch?v=zvaJxnvbGic
  Problem 3: not resistant with boot hacking
  Im using DriveCrypt plus pack and searched security issues in bit locker.The bit locker allow you the bruteforce/dic attack easy.I think  It would be much safer 1. (I think the keys stored somewhere that is easily read) 2. Do not just be enough password
  need a password+file combination to decrypt the disk. DriveCrypt plus pack use a file+password combination if you know the password but you wont have the file you can not decrypt the disk (protect with bruteforce attack).On system boot protected bruteforce
  attak you can crash the (boot).If the boot system crash you can not decrypt the disk just the password you need the file+password combination plus to decrypt it. I am not a programmer but I see the BitLocker ( easy security catches to crack the disk encryption).Im
  tested DriveCrypt and I can not get the key that easy (Problem 1). I have not tested it in greater depth just trying to (catches to crack software encryption).

  Where is your question, sir?
  If the question were "is it easy to crack", the answer is "no". Your videos make use of several assumptions and ingredients and permissions that a normal attacker does not have.
  "Problem 3" is not clear, please describe what scenario you are talking about.

• AES Algorithm error when trying to encrypt using stored Java class.

  Dear All,
  We have a specific reuirement where in we cannot use DBMS_CRYPTO package to encrypt/decrypt data using AES Algorithm
  So I am trying to use a stored Java class and I am getting "AES algorithm not available".
  I am using Oracle 10gR2 standard edition.
  Below is my code
  1. Stored Java class
  2. Stored function to access the above Java class.
  3. Test anonymus PL/SQL to test above code.
  Please help me finding the problem why I am getting "AES algorithm not available" error when I call stored Java class in Oracle.?
  **** If I use "DES" algorithm, it works. Also the Java code works well if I execute it as normal Java class from Eclipse.
  I verified the java.security file in jre/lib/security and I see that there is provider entry for SunJCE.
  The jre version in Oracle is 1.4.2.
  I appreciate your help.
  Thanks,
  Priyanka
  Step1: Stored java class to encrypt and decrypt data
  CREATE OR REPLACE AND RESOLVE JAVA SOURCE NAMED "EncryptUtil" AS
  import java.security.Key;
  import javax.crypto.Cipher;
  import javax.crypto.KeyGenerator;
  import javax.crypto.SecretKey;
  import javax.crypto.spec.SecretKeySpec;
  public class EncryptUtil
       public static String encrypt(String inStr)
       String outStr = "Test data 123";
  try
  KeyGenerator kgen = KeyGenerator.getInstance("AES");
  kgen.init(128);
  SecretKey skey = kgen.generateKey();
  byte[] raw = skey.getEncoded();
  SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
  Cipher cipher = Cipher.getInstance("AES");
  cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
  byte[] encrypted =
  cipher.doFinal(inStr.getBytes());
  outStr =new String(encrypted);
  catch (Exception e)
       outStr = outStr + "exception thrown::" + e.getMessage();
  e.printStackTrace();
  return outStr;
  Step2: Stored function to access above stored java class.
  CREATE OR REPLACE FUNCTION SF_ENCRYPTUTIL(
  pKey1 VARCHAR2
  ) RETURN VARCHAR2 AS
  LANGUAGE JAVA NAME 'EncryptUtil.encrypt(java.lang.String ) return java.lang.String';
  Step3: Test encryption and descryption
  DECLARE
  outstr VARCHAR2(2000);
  BEGIN
  DBMS_OUTPUT.PUT_LINE('outstr-->' || SF_ENCRYPTUTIL('12345'));
  END;
  Below code example using DBMS_CRYPTO. This works, but we do not want to use this.
  declare
  l_in_val varchar2(2000) := 'Test data 123';
  l_mod number := dbms_crypto.ENCRYPT_AES128
  + dbms_crypto.CHAIN_CBC
  + dbms_crypto.PAD_PKCS5;
  l_enc raw (2000);
  l_enc_key raw (2000);
  l_dec raw (2000);
  begin
  l_enc := dbms_crypto.encrypt
  UTL_I18N.STRING_TO_RAW (l_in_val, 'AL32UTF8'),
  l_mod,
  HEXTORAW('156ae12300ccfbeb48e43aa016febb36'),
  HEXTORAW('001122230405060708090a0b0c0d0e0f')
  dbms_output.put_line ('Encrypted='||l_enc);
  end;
  Edited by: user5092433 on Sep 10, 2009 12:26 AM

  I guess I'd be a bit curious about why you can't use a DBMS_CRYPTO solution that provides identical output. It seems odd to want to have a procedure running inside Oracle and then dictate that it has to be Java and not PL/SQL...
  I verified the java.security file in jre/lib/security and I see that there is provider entry for SunJCE.
  The jre version in Oracle is 1.4.2.Which java.security file are you talking about? The JVM that is inside the Oracle database does not and can not use configuration files that are outside the database. I suspect when you talk about files and paths that you're looking at a JVM outside the database, which is not the JVM that your Java stored procedure would be using.
  Looking at the error, my assumption is that some JAR file needs to be loaded into the internal JVM in order for the AES algorithm to be available. But I'm unfortunately not familiar enough with these classes to say what that would be.
  Justin

• Can you export the date and user to Excel that appears into a Comments field in a tracking list?

  Hi everyone,
  Can you export the date and user to Excel that appears into a Comments field in a tracking list?
  When i export a tracking list with a Comment field in the Content type, the screen where you enter the data for an item, the Comments field just export the text of the comment into the Excel file.
  In the Comments field appears also, besides the comment text,  the user and date from who and when the comment is added.
  Is there a way to export also the user and the date?
  Thanks
  Wim

  create another comment field that doesn't use 'appending', and through SP Designer change workflow keep
  updating that field with the new comments  (prepend the field with date/username/new comment). Hide the field on all forms, but put it in the view you need to export to Excel.
  Please refer few more links: Hope they will help
  http://www.nothingbutsharepoint.com/2009/04/16/versioning-append-changes-to-existing-text-view-entries-aspx/
  http://sympmarc.com/2011/02/07/showing-all-versions-of-append-changes-to-existing-text-in-a-data-view-web-part-dvwp/comment-page-3/
  https://mossipqueen.wordpress.com/2013/03/06/display-all-appending-field-entries-in-a-single-list-view/
  http://community.office365.com/en-us/f/154/t/278560.aspx
  Please 'propose as answer' if it helped you, also 'vote helpful' if you like this reply.

• I need at least 128 bit encryption to access secure sites. What level of encryption does Firefox have and how do I check it?

  Many banking sites require you to confirm that you have at least 128 bit encryption on your browser. I allowed a site to check the encryption on my browser (Firefox/Windows) and was told I didn't have at least 128 bit encryption. I'm not the most computer savvy, so I don't know how to check or increase encryption, so if someone could guide me, I'd really appreciate it.

  Right-click on the web page and select '''View Page Info'''. The '''Security''' tab will show the level of encryption being used in "Technical Details" at the bottom of that tab.
  Firefox matches the level of encryption used by any secure website, and will easily do more that 128-bit encryption.

• Encrypt and Decrypt Card Number using AES 256 algorithm

  Dear All,
       I have a table in Sql Server database. in that table  storing
  Card_Information. This information is secured so that need to encrypt that data in sql server table.
  Can some one help on Encrypting and decryption process using AES 256 algorithm.
  Regards, Praveen

  Hello,
  See MSDN Cryptographic Functions (Transact-SQL) for all available en-/decryption function in SQL Server.
  Olaf Helper
  [ Blog] [ Xing] [ MVP]

• Drive encrypted using Bitlocker...encrypting backup on Server 2008

  I've seen this topic discussed a few times but with very little real explanation on how to do this. 
  I have several servers for several customers that now must be encrypted.  I've run a few tests with our own internal servers and one user server and the drive encryption goes off without a hitch.
  Encrypting their backups however is still an issue.  Usually they are setup with 2 drives, one on site, one off.  Obviously the one on site is a theft issue so it defeats the purpose of encrypting the server if there is an un-encrypted backup.
  Bit Locker to Go is an R2 feature, isn't it?  Plus when you setup a drive for Windows backup, it formats the drive so is Bitlocker even usable?
  The whole idea of encrypting their drives concerns me because of recovering the data/server after a crash.  We use encrypted online back up but the need to do a bare metal restore is the part that concerns me.  I even thought of adding a third drive to the mix just to be overly redundant(paranoid).
  What is the best way to handle this?  How does it work in the event of a server crash, how do you do a bare metal restore with a bit locker drive?
  Thanks

  You can bitlock a portable drive for Server 2012 R2 backup as follows:
  Using Essentials, the first time you use the drive
  1. Start the dashboard and go to the Storage Tab and select
  Disks
  2. Click on the new drive and add it to the backup. Give it a unique label. Backup will format it and remove the drive letter.
  3. Go to the start screen and start Administrative tools | Computer management
  4. Find Disk Management and scroll down to find your backup disk.
  5. Right click on the disk block and choose Change Drive Letter and Paths.
  Add a drive letter.
  6. Open This PC and right click on your drive. Choose
  Turn on Bitlocker.
  7. Give the disk a password and save or print the key. Choose to encrypt used space only.
  8. When Bitlock finishs encrypting the drive, click on the Manage Bitlocker link at the bottom of the progress screen. Find your disk and click the dropdown arrow. Click on
  Turn on Auto-unlock. (Auto-unlock greatly simplifies swapping disks. However, my experience has been it will not reliably unlock the disk after a restart or power failure. You may have to log in for the disk to be reconnected.)
  9. You can use Disk Manager  as you did before to
  Remove the drive letter. It can be handy for verifying the disk's status or distinguishing multiple disks, but you don't really need it.
  10. Close everything up. You are good to go. After this, the disk can be replaced using the normal procedures for swapping USB drives.

• Updated my AppleID account info.  Under password security shows an email address to be used to receive email with new password settings.  I need to update that email address, how do I do that?  Thanks!

  Updated my AppleID account info.  Under password security shows an email address to be used to receive email with new password settings.  I need to update that email address, how do I do that?  Thanks!

  Thanks for the help Niel.  I couldn't change the rescue email address (an address that no longer exists and is therefore useless) until I could correctly answer the security questions.  After numerous guesses, finally got them right.  Was then presented with the option to change the rescue email address. Guess the only other option was to have Apple Support make the change or reset my account info.  Have made note of the correct answers so this won't happen again.   Thanks for the fast response!!

• How to find length of string after encryption using DBMS_CRYPTO package

  Hi,
  I am planning do data encryption using DBMS_CRYPTO package. I want to find how much will be string length after encryption.
  e.g When I try to encrypt string of length between 1-15 characters it gives me encrypted string of 32 characters. When I try with 16 charcters encrypted string is of 64 characters.
  Is ther any formula to calculate length of encrypted string?
  Thanks
  Pravin

  The length change is dependent upon the algorithm you are using which can be a combination of cipher block, padding, and chaining.
  The best solution is determine the method you are going to use and apply it to the l ongest possible strings you are going to proces, then add some safety margin. There iis no penalty for defining your column as VARCHAR2(4000).

• I tried to encrypt using file vault but it froze slowing my macbook pro, how can i get things moving or stop the encryption

  i tried to encrypt using file vault but it froze slowing my macbook pro, how can i get things moving or stop the encryption

  Back up all data before proceeding. There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
  Start up in Recovery mode. When the OS X Utilities screen appears, select Disk Utility.
  In the Disk Utility window, select the icon of the startup volume from the list on the left. It will be nested below another disk icon, usually with the same name. Click the Unlock button in the toolbar. When prompted, enter the login password of a user authorized to unlock the volume, or the alternate decryption key that was generated when you activated FileVault.
  Then, from the menu bar, select
            File ▹ Turn Off Encryption
  Enter the password again.
  You can then restart as usual, if the system is working. Decryption will be completed in the background. It may take several hours, and during that time performance will be reduced.
  If you can't turn off encryption in Disk Utility because the menu item is grayed out, you'll have to erase the volume and then restore the data from a backup. Select the Erase tab, and then select
            Mac OS Extended (Journaled)
  from the Format menu.
  You can then quit to be returned to the main Recovery screen. Follow these instructions if you back up with Time Machine. If you use other backup software, follow its developer's instructions.
  Don't erase the volume unless you have at least two complete, independent backups. One is not enough to be safe.

• HT4865 How secure are my personal emails and chats using the iCloud if my daughter just synced all our family apple devices to the cloud?

  How secure are my personal emails and chats using the iCloud if my daughter just synced all our family apple devices to the cloud?

  Welcome to the Apple Community.
  http://support.apple.com/kb/HT4865

• Can DBMS_CRYTO Package encrypt using a HMAC-SHA-1 Signature?

  Hello there,
  I'm trying to integrate Google Checkout (GC) into a friend's APEX-created website, running on a 10g Release 2 database (Express Edition).
  Google request that XML representing an order be encrypted using a HMAC-SHA-1 signature, which will consist of the GC Merchant ID.
  I'm very new to crptography in the Oracle Database, but had heard of the DBMS_CRYPTO Package. However, I could not identify a package constant representing the HMAC-SHA-1 signature. The closest I could come was HMAC-SH1. I don't think that's quite the same thing.
  Can anybody offer any assistance?
  Kind Regards.
  James

  What was wrong here was that the key was not a) converted from modified base64 and then b) not converted back to binary.
  This now generates the correct signing value
  set define off
  DECLARE
  l_key_src VARCHAR2(100) := 'vNIXE0xscrmjlyV-12Nj_BvUPaw=';
  l_key_b64 varchar2(100) := translate(l_key_src,'-_','+/');
  l_key_bin raw(2000);
  l_string VARCHAR2(100) := utl_url.escape('/maps/api/geocode/json?address=New+York&sensor=false&client=clientID');
  l_sig_mac RAW(2000);
  l_base64_sig_mac VARCHAR2(2000);
  l_base64_sig_mac_alter VARCHAR2(2000);
  BEGIN
  l_key_bin := utl_encode.base64_decode(UTL_I18N.string_to_raw(l_key_b64, 'AL32UTF8'));
  l_sig_mac :=DBMS_CRYPTO.mac(UTL_I18N.string_to_raw(l_string, 'AL32UTF8'), DBMS_CRYPTO.hmac_sh1,l_key_bin);
  l_base64_sig_mac := UTL_RAW.cast_to_varchar2(UTL_ENCODE.base64_encode(l_sig_mac));
  l_base64_sig_mac_alter := translate(l_base64_sig_mac,'+/','-_');
  DBMS_OUTPUT.put_line('MAC Signature (Base64-encoded): ' || l_base64_sig_mac);
  END;

• Requirement Tracking number used in WM modules

  Dear all,
  What are the different Requirement Tracking number used in WM modules.
  Like we use 632 for auto TO creation for outbound delivery.
  please suggest me
  Regards,
  Rock

  Hi,
  Please check the Following Link may be help you.
  Requirement Tracking Number
  Regrds,
  PK.