Questions tagged as ['openssl']
I have an encoded file and a public.pem file. Is it possible to decode the file using the public.pem file or do I have to start looking at private keys?
I tried https://github.com/Ganapati/RsaCtfTool with no luck. The public key (pem) is as below
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHDiqVkO1umD2/Tm20Wt
LpyBXGoIk4Pczeqjwz7/kwYLnQI7VlAzgjC9jD1dX80Z+kLOr5wHIDdfNK55 ...
I'm trying to implement a Cramer Shoup cryptography system in C but I've run into problems with generating the keys.
From what I have found on the wiki and in other papers, to generate keys for Cramer Shoup you must generate a cyclic group G of order q with generators g1 and g2, then take 5 values between 0 and (q-1) and with that you can easily generate the keys.
I initially tried doing this manual ...
I'm new to cryptography and I'm trying to implement a secure chat application using OpenSSL.
I want to ensure that public messages (which will be shown to all users) cannot be altered during transmission.
Does the use of SSL connection guarantee that?
If not, would using digital signatures to sign every message so as to prove the identity of the sender be a proper solution?
I am learning about hash functions and I just read about XOF (namely shake and cShake).
I will like to test this functions out by myself but I can't seem to find how to use it via the OpenSSL CLI or using a JavaScript library.
The JavaScript library I am using is https://github.com/paulmillr/noble-hashes but it does not seem to support XOF.
So how do I use XOF (SHAKE and cSHAKE) in openssl CLI and JavaSc ...
Background I am trying to understand how PEM contents are formatted for "EC Private Key" so e.g. following is private key
-----BEGIN EC PARAMETERS-----
BgUrgQQAIw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIHcAgEBBEIAavpiUck1lQc01A6FH1SE1XSwW4C+i354tOQyPjioSnq5lzc9YQXX
yAIiC6hiMhARzBxe2vmYBeCEENlmCG0jNymgBwYFK4EEACOhgYkDgYYABAEyMQ/2
NkU0LHTBhpsbeaFklNSXUeG2znLuFvcb0hvc29R5ydz8/dpDOh ...
As part of our linux secure boot implementation using dm-verity and root hash signature checking, I need to sign a file with the following openssl command (example):
openssl smime -sign -nocerts -noattr -binary -in unsigned.txt -inkey private.key -signer cert.pem -outform der -out signed.txt
This generates a PKCS#7 file which then can be processed successfully by the linux kernel.
But for productio ...
I guess this is more of a math problem in a cryptography context so I apologize beforehand if it is not the right place to ask. Basically I have to check whether a certain implementation of RSA key-pair generation adheres to FIPS 186-4. More specifically, Appendix B-3-1. FIPS 186-4 necessitates that $d$ (the private exponent) be created like so:
$d = (e^{-1})\bmod(\text{LCM}(p-1, \space q-1))$
The ...
I started working as a developper in a cryptography company 3 months ago where the applications are for mostly windows applications. I found that I don't have enough knowledge concerning the topics listed in the table that is taken from Hurdles for Developers in Cryptography.
Indeed, these are the subjects that most developers find hard to grasp. Including me of course. I started looking for cou ...
If you have a look at a certificate encrypting google.com it advertises a 256-bit ECC key with ECDSA_P256 parameter. The signature algorithm is sha256RSA. I've been trying to achieve something similar by running the below set of commands, but since the -digest parameter I use is -sha256 the result is always sha256ECDSA signature algorithm. So the question is - how Google did that and is that achievable w ...
To write a CTF challenge, I want to create an RSA key pair of size 228-bit. I want the keys exactly in the same format as OpenSSL-generated keys. But, OpenSSL is not supporting less than 512-bit long keys. What could be a solution?
We are using a signature file which is in .pkcs7 format and has certificates encoded in it in DER format. In the process of verification of the signature we extract certificates and do final verify.
Is there anyway before we go for extraction of certificates and other crls, to check the signature file is valid(In case a .txt or other is renamed as .pkcs7 etc). Of course the extraction or verific ...
I want to ask if there is any way to store a Schnorr signature key in PEM format, or any other standardized format.
And, if possible, I would like to know if that's possible to be done in C language; here's my code so far:
EC_KEY *key = EC_KEY_new();
EC_KEY_set_group(*key, group);
EC_KEY_set_private_key(*key, *a);
EC_KEY_set_public_key(*key, *Q);
...
FILE* fout2 = fopen("pub.key", "wb");
PEM_write_EC_ ...
The string is encrypted with the following properties (using C#):
myAes.Mode = CipherMode.CBC
myAes.KeySize = 128
myAes.Padding = PaddingMode.PKCS7
myAes.BlockSize = 128
myAes.FeedbackSize = 128
Key: 5753B8AA97BE5B5D9584864DF3134E64
This is my decryption function:
int AESdecrypt(unsigned char *ciphertext, size_t ciphertext_len, unsigned char *key, unsigned char *iv, unsigned char *plaintext)
{
...After stumbling upon this question, I wondered if I could obtain a behaviour similar to WireGuard (private and public keys) by using the same WireGuard private key to encrypt a message via OpenSSL in one end, and having the other end being able to verify that message signature by possessing the WireGuard public key. So it could work as some sort of authentication/validation for a request.
For example ...
I first generate a keyfile with openssl rand -hex 64 -out keyfile.
I then encrypt the file with openssl enc -aes-256-cbc -salt -in large_file.zip -out large_encrypted.bin -pass file:./keyfile.
I am encrypting files sized anywhere from a few bytes to 1TB. I will be using this in a simple bash script.
- Is this secure in 2021? Should I use a different cipher?
- Can any metadata leak from the encrypted file? ...