The document describes hybrid cryptography, which combines asymmetric and symmetric encryption. It provides an example workflow of how hybrid encryption works, including encrypting a message with a symmetric key, encrypting the symmetric key with the receiver's public key, sending both to the receiver, decrypting the symmetric key with their private key, and decrypting the message with the symmetric key. It then provides a Ruby code example to demonstrate hybrid encryption of a text string.
As data security becomes of paramount importance, we are going to need to have a reasonable understanding of encryption and encryption techniques. We will discuss the different types of encryption techniques and understand the difference between hashing (one way encryption) and encryption (designed to be two way). We will look at what is industry best practice for encryption today, and why. We will also look at some issues relating to performance of encryption.
As data security becomes of paramount importance, we are going to need to have a reasonable understanding of encryption and encryption techniques. We will discuss the different types of encryption techniques and understand the difference between hashing (one way encryption) and encryption (designed to be two way). We will look at what is industry best practice for encryption today, and why. We will also look at some issues relating to performance of encryption.
This PPT explains about the term "Cryptography - Encryption & Decryption". This PPT is for beginners and for intermediate developers who want to learn about Cryptography. I have also explained about the various classes which .Net provides for encryption and decryption and some other terms like "AES" and "DES".
Information and network security 31 public key cryptographyVaibhav Khanna
Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, and private keys. The generation of such key pairs depends on cryptographic algorithms which are based on mathematical problems termed one-way function
In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor.
AES and DES are two different crypto algorithms having different features. This projects consists of integrating these algorithms to develop a new structure. Here, read and write of text files is employed. Thus, the text files listed should exist in the same folder as the project is in. Implementation is carried in VHDL on Modelsim.
A brief introduction to Crytography,the various types of crytography and the advantages and disadvantages associated to using the following tyes with some part of the RSA algorithm
The presentation covers the following:
Basic Terms
Cryptography
The General Goals of Cryptography
Common Types of Attacks
Substitution Ciphers
Transposition Cipher
Steganography- “Concealed Writing”
Symmetric Secret Key Encryption
Types of Symmetric Algorithms
Common Symmetric Algorithms
Asymmetric Secret Key Encryption
Common Asymmetric Algorithms
Public Key Cryptography
Hashing Techniques
Hashing Algorithms
Digital Signatures
Transport Layer Security
Public key infrastructure (PKI)
A brief discussion of network security and an introduction to cryptography. We end the presentation with a discussion of the RSA algorithm, and show how it works with a basic example.
This PPT explains about the term "Cryptography - Encryption & Decryption". This PPT is for beginners and for intermediate developers who want to learn about Cryptography. I have also explained about the various classes which .Net provides for encryption and decryption and some other terms like "AES" and "DES".
Information and network security 31 public key cryptographyVaibhav Khanna
Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, and private keys. The generation of such key pairs depends on cryptographic algorithms which are based on mathematical problems termed one-way function
In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor.
AES and DES are two different crypto algorithms having different features. This projects consists of integrating these algorithms to develop a new structure. Here, read and write of text files is employed. Thus, the text files listed should exist in the same folder as the project is in. Implementation is carried in VHDL on Modelsim.
A brief introduction to Crytography,the various types of crytography and the advantages and disadvantages associated to using the following tyes with some part of the RSA algorithm
The presentation covers the following:
Basic Terms
Cryptography
The General Goals of Cryptography
Common Types of Attacks
Substitution Ciphers
Transposition Cipher
Steganography- “Concealed Writing”
Symmetric Secret Key Encryption
Types of Symmetric Algorithms
Common Symmetric Algorithms
Asymmetric Secret Key Encryption
Common Asymmetric Algorithms
Public Key Cryptography
Hashing Techniques
Hashing Algorithms
Digital Signatures
Transport Layer Security
Public key infrastructure (PKI)
A brief discussion of network security and an introduction to cryptography. We end the presentation with a discussion of the RSA algorithm, and show how it works with a basic example.
The case for building software with privacy as a primary concern with a discussion of how privacy and secrecy differ.
This is followed by an introduction to practical cryptographic techniques with code in Go which can be used to secure both communications channels and data stores.
Adopting hybrid cryptography technique for reduction of network overhead in m...eSAT Journals
Abstract Mobile Ad Hoc Network is a infrastructure less network it is one of the most important and highly unusual application, which is famous among critical operations like warfare use, emergency recovery because of its self configuring nature of nodes. MANETs does not require any centralized administration, it dynamically forms a temporary network with the changing topology. Due to its open environment and irregular distribution of nodes MANET is vulnerable to malicious attack hence a new intrusion detection system named EAACK is introduced. This scheme demonstrates the complexity of malicious behavior detection rate in certain situations without greatly affecting the network performance. EAACK is a acknowledgment based intrusion detection system it is required to ensure that all the acknowledgment packets are authentic and unattained hence all the packets are signed digitally before they are sent out and till the receiver accepts, due to the usage of both digital signature and acknowledgment packet it causes a great network overhead. This paper proposes and enforces a hybrid cryptography technique in order to minimize the network overhead caused by digital signature. Keywords: EAACK, Hash algorithm, Wi_max 802.16, Caesar cipher, XOR cipher, XTEA.
A Hybrid Cloud Approach for Secure Authorized DeduplicationSWAMI06
Data deduplication is one of important data compression techniques for eliminating duplicate copies of repeating data,
and has been widely used in cloud storage to reduce the amount of storage space and save bandwidth. To protect the confidentiality
of sensitive data while supporting deduplication, the convergent encryption technique has been proposed to encrypt the data before
outsourcing. To better protect data security, this paper makes the first attempt to formally address the problem of authorized data
deduplication. Different from traditional deduplication systems, the differential privileges of users are further considered in duplicate
check besides the data itself.We also present several new deduplication constructions supporting authorized duplicate check in a hybrid
cloud architecture. Security analysis demonstrates that our scheme is secure in terms of the definitions specified in the proposed
security model. As a proof of concept, we implement a prototype of our proposed authorized duplicate check scheme and conduct
testbed experiments using our prototype. We show that our proposed authorized duplicate check scheme incurs minimal overhead
compared to normal operations.
Implementation is the stage of the project when the theoretical design is turned out into a working system. Thus it can be considered to be the most critical stage in achieving a successful new system and in giving the user, confidence that the new system will work and be effective.
The implementation stage involves careful planning, investigation of the existing system and it’s constraints on implementation, designing of methods to achieve changeover and evaluation of changeover methods.
Main Modules:-
1. User Module:
In this module, Users are having authentication and security to access the detail which is presented in the ontology system. Before accessing or searching the details user should have the account in that otherwise they should register first.
2. Secure DeDuplication System:
To support authorized deduplication, the tag of a file F will be determined by the file F and the privilege. To show the difference with traditional notation of
tag, we call it file token instead. To support authorized access, a secret key kp will be bounded with a privilege p to generate a file token. Let ϕ′ F;p = TagGen(F, kp) denote the token of F that is only allowed to access by user with privilege p. In another word, the token ϕ′ F;p could only be computed by the users with privilege p. As a result, if a file has been uploaded by a user with a duplicate token ϕ′
F;p, then a duplicate check sent from another user will be successful if and only if he also has the file F and privilege p. Such a token generation function could be
easily implemented as H(F, kp), where H(_) denotes a cryptographic hash function.
3. Security Of Duplicate Check Token :
We consider several types of privacy we need protect, that is, i) unforgeability of duplicate-check token: There are two types of adversaries, that is, external adversary and internal adversary. As shown below, the external adversary
can be viewed as an internal adversary without any privilege. If a user has privilege p, it requires that the adversary cannot forge and output a valid duplicate token with any other privilege p′ on any file F, where p does not match p′. Furthermore, it also requires that if the adversary does not make a request of token with its own privilege from private cloud server, it cannot forge and output a valid duplicate token with p on any F that has been queried.
4. Send Key:
Once the key request was received, the sender can send the key or he can decline it. With this key and request id which was generated at the time of sending key request the receiver can decrypt the message.
A lecture at CCSF (updated 8-27-2020)
More info: https://samsclass.info/141/141_F20.shtml
Based on Serious Cryptography: A Practical Introduction to Modern Encryption by Jean-Philippe Aumasson
A lecture for a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
First presentation of a Cryptography series, it aims to provide a high level overview of cryptography, clarify its objectives, define the terminology and explain the basics of how digital security systems, like Bitcoin, are built.
Mike Dance is a web developer and Bitcoin advocate.
----------
Presented at the BitcoinSYD Meetup on 11 February 2015
Information and network security 28 blowfishVaibhav Khanna
Blowfish is a symmetric-key block cipher, designed in 1993 by Bruce Schneier and included in many cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date
For a college course at Coastline Community College taught by Sam Bowne. Details at https://samsclass.info/125/125_F17.shtml
Based on: "CISSP Study Guide, Third Edition"; by Eric Conrad, Seth Misenar, Joshua Feldman; ISBN-10: 0128024372
Information and network security 10 classical encryption techniquesVaibhav Khanna
All encryption algorithms are based on two general principles: substitution, in which each element in the plaintext (bit, letter, group of bits or letters) is mapped into another element, and transposition, in which elements in the plaintext are rearranged
The first cut of a talk on the R&D process in software development, including taking an invention to patent.
Includes two sets of code examples. One is Forth implemented in a 1980s dialect of Basic.
The other introduces evolutionary prototyping using a hybrid ruby/bash methodology.
Generics, Reflection, and Efficient CollectionsEleanor McHugh
This is a talk about how we structure and collate information so as to effectively process it, the language tools Go provides to help us do this, and the sometimes frustrating tradeoffs we must make when marry the real world with the digital.
We'll start by looking at basic collection types in Go: array, slice, map, and channel. These will then be used as the basis for our own user defined types with methods for processing the collected items.
These methods will then be expanded to take functions as parameters (the higher order functional style popularised by languages such as Ruby) and by using Go's Reflection package we will generalise them for a variety of tasks and uses cases.
Reflection adds an interpreted element to our programs with a resulting performance cost. Careful design can often minimise this cost and it may well amortise to zero on a sufficiently large collection however there is always greater code complexity to manage. When the data to be contained in a user defined collection is homogenous we can reduce much of this complexity by using Generics and our next set of examples will demonstrate this.
At the end of this talk you should have some useful ideas for designing your own collection types in Go as well as a reasonable base from which to explore Reflection, Generics, and the Higher-Order Functional style of programming.
Go for the paranoid network programmer, 3rd editionEleanor McHugh
Draft third edition of my #golang network programming and cryptography talk given to the Belfast Gophers Meetup. Now with an introduction to websockets.
An introduction to functional programming with goEleanor McHugh
A crash course in functional programming concepts using Go. Heavy on code, light on theory.
You can find the examples at https://github.com/feyeleanor/intro_to_fp_in_go
Implementing virtual machines in go & c 2018 reduxEleanor McHugh
An updated version of my talk on virtual machine cores comparing techniques in C and Go for implementing dispatch loops, stacks & hash maps.
Lots of tested and debugged code is provided as well as references to some useful/interesting books.
Digital Identity talk from Strange Loop 2018 and Build Stuff Lithuania 2018 including walkthrough of the uPass system and the design principles behind it.
Don't Ask, Don't Tell - The Virtues of Privacy By DesignEleanor McHugh
This is a fairly technical overview of the considerations involved in architecting software systems to support privacy. Rather than focus on what the law demands - something which can change across time and jurisdictions - it looks at the real problems we need to solve to know as little about the users of computer systems as possible whilst achieving their needs.
Don't ask, don't tell the virtues of privacy by designEleanor McHugh
A very light intro talk on privacy, identity, and designing with the latter to preserve the former.
Probably makes no sense at all without the audio so if it whet's your appetite dig through my other decks on these topics. Most of those have code in for the more technically minded.
An overview of the uPass digital identity system. Covers the core problem domain and the end-to-end stack from liveness to black-box transaction store. Lots of diagrams, references to all the relevant patent applications and so forth.
An introduction to Go from basics to web through the lens of "Hello World", extracted from the Book "A Go Developer's Notebook" available from http://leanpub.com/GoNotebook
Finding a useful outlet for my many Adventures in goEleanor McHugh
A talk about my Leanpub-published living eBook: A Go Developer's Notebook. Buy my book? Write your own Book using Leanpub? Learn you some Golang for fun?
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Hybrid Cryptography with examples in Ruby and Go
1. Hybrid Cryptography
with examples in
Ruby and Go
Romek Szczesniak
security consultant
Hardcore Happy Cat Ltd
Eleanor McHugh
system architect
Games With Brains
January 2015
2. romek
• an applied cryptographer since 1995
• secures systems from Biometrics to Firewalls
• specialises in PKI, Smartcards, Biometrics
3. ellie
• commercial developer since 1995
• mission-critical & performance sensitive systems
• specialises in Ruby and Go
5. hybrid cryptography?
• a mode of encryption that merges two or more
encryption systems
• incorporates a combination of asymmetric and
symmetric encryption to benefit from the
strengths of each form of encryption
• these strengths are respectively defined as
speed and security
8. • rarely mentioned in the literature
• Cramer & Shoup (2004)
• Dent (2005, 2009)
• Telnic DNS (2006)
• commonly discussed post-Snowden (2012)
• used in PGP and PKCS#7
history
10. encryption
• User A encrypts the Message with the
symmetric key
• User A encrypts the symmetric key with the
receiver’s public key
• User A sends the encrypted message and the
encrypted key to User B
12. decryption
• User B knows how the Message is encrypted
• User B decrypts the symmetric key with his
private key
• User B decrypts the Message using the
symmetric key
13. an example workflow
1. create public key pair for user B (RSA-4096)
2. create symmetric key K (AES-256-CBC)
3. encrypt K(MB) and PubB(K) for message MB
4. send PubB(K) and K(MB) to user B
5. decrypt K with PrivB
6. decrypt MB with K
7. send K(MA) to user A
8. change keys and repeat as required
9. all keys are stored in Base 64 encoding
14. key features
• a point-to-point cryptosystem
• fast, easy-to-use, user-specific system
• independent of underlying cryptosystems
• may change algorithms at any point
• may change keys at any point
15. weasel words
• danger! experimental code presented here!
• all such code is provided for entertainment
purposes only and should be used with extreme
caution, under adult supervision, et al.
• any resemblance to actual code and concepts,
living or dead, is purely coincidental
16. a simple example
• hybrid encryption with text strings
• ruby 1.8 and later
• uses OpenSSL as its crypto library
17. #!/usr/bin/env ruby -w
require 'rubygems'
require 'openssl'
require 'base64'
class Hybrid
def initialize
@privkey=0
@pubkey=0
@sessionkey=0
@iv=0
@f=0
@g=0
end
end
h = Hybrid.new
19. class Hybrid
def encrypt
puts "256-bit Key generated"
string = "The cat sat on the mat"
puts "String: #{string}n"
c=OpenSSL::Cipher::Cipher.new("aes-256-cbc")
c.encrypt
c.key = @sessionkey
c.iv=@iv=@iv=c.random_iv
e=c.update(string)
e << c.final
@f = Base64.encode64(e)
@g = Base64::encode64(@pubkey.public_encrypt(@sessionkey))
end
end
key
5rNZ8NMIipOzi1dLZ+OHVFKr13B3EizbpvXDsB6q8BE
iv
7Bzvn1U06uZhMbbQJ8Nwxg==
20. class Hybrid
def decrypt
dec=0
@sessionkey=0 # Reset session key
@sessionkey=@privkey.private_decrypt(Base64.decode64(@g))
dec=OpenSSL::Cipher::Cipher.new("aes-256-cbc")
dec.decrypt
dec.key = @sessionkey
dec.iv=@iv
d=dec.update(Base64.decode64(@f))
d << dec.final
puts "Decrypted #{d}n"
end
end
21. class Hybrid
def display
puts
puts "Ciphertext: #{@f}n"
puts "Encrypted Symmetric Key:n#{@g}n"
end
end
h.keygen
h.encrypt
h.display
h.decrypt
4096-bit Key generated
256-bit Key generated
String: The cat sat on the mat
Ciphertext: Z8VZggOHDWXswdl+igZDH9CoqMp6ZlCEmW7xc41ZfzE=
Encrypted Symmetric Key:
RE5kOLxkeSmYeJyws0g/pmegwC4PF1NPUY3E7gylGgGaBS9M84T8VqbNNT9Q
z7lWKysOAH5zNMfcrUmfj1mdp4cv9OUvzsfAiSUQVu/2iIYh/jwygJ/w8yCF
JAjTYvkvd4Td/4Vs+Gm8WgAnM2M8oxzYrAfp5u7dqcy9pgsg6o6T9mBPzfB/
pWjsPDtLkbV2xRL4fgJXBtsjRMI1ewO3hNimEXEyqTC9bShHGKDnsZrDwG/r
B6ZVZ6JKNoOTlCSaPCsgdKgd+nqfDNsvfduzVxg4Ev2Mh52LjHXLlRDOPel2
uL0tN8FXPY4wNaq/39tuLXxu24Nsl/BCsKPhe2nGJ4F0GZ/HTkdjPtxGS6/Q
57siMnxxWTkO9tM9JvqGyD75707EgdlQZR5Az5Ulq7u2LMJZ6HuZiEBMzgD9
Cxb4ST9TJxiFxu6MtVicVRuus1BkYFv6FJ2wdf+1+2mqPvQwSrUqu269VuGJ
g12xpgYY2UiwL9mtE8xW6BvfFZEesJSFXXiQQ8+I/28JWbxzuy8gLpmKHz36
WocbrMvTlb4nwWDbilUQBIpp4bUJHk0090mcfiJAUn3nLuqycwevVDeibhRK
UkpBzPGGVi8TthOYsKSfcQBuj2542t/k/CrpVGSnEf3QrotKQLNZPB2SpKx2
HmTRBbuMZe6UDYZyZfYHdbo=
Decrypted The cat sat on the mat
22. a complex example
• ruby hybrid encryption with web pages
• acquire a web page
• roundtrip encrypt the web page
24. class HybridHTML < Hybrid
def encrypt
puts "4096-bit Key generated"
puts "nEnter Web Pagenn"
file = /n/.match(gets()).pre_match()
string=Nokogiri::HTML open(file)
c=OpenSSL::Cipher::Cipher.new("aes-256-cbc")
c.encrypt
c.key = @sessionkey
c.iv=@iv=@iv=c.random_iv
e=c.update(string)
e << c.final
@f = Base64.encode64(e)
@g = Base64::encode64(@pubkey.public_encrypt(@sessionkey))
end
end
25. beyond http
• nothing to stop us encrypting HTTPS pages too
• difficult to show in terminal
• DNS NAPTRs (RFCs 3401-3405)
• needs further explanation…
28. to recap
• this system is highly flexible
• protocol independent
• fast and algorithm independent
• easy to setup and use
• lightweight
• great for user -> user communication
29. a complex example
• a web storage service in go
• stores and retrieves arbitrary text messages
• client and server interacting over http
• RSA encryption for symmetric key transfer
• stream-based AES encryption for messages
41. var PublicKey *rsa.PublicKey
func main() {
PublicKey = GetServerKey()
u, k := RegisterUser()
UserStatus(k, u)
f := "this is a test file"
StoreFile(k, u, "test", f)
UserStatus(k, u)
RetrieveFile(k, u, "test")
if rf, e := RetrieveFile(k, u, "test"); e == nil {
switch b, e := ioutil.ReadAll(rf); {
case e != nil:
Println(e)
case string(b) != f:
Println("Test file corrupted:", string(b))
default:
Println("file returned correctly")
}
}
}
github.com/feyeleanor/webcryptodemo
42. func GetServerKey() (v *rsa.PublicKey) {
if b, e := Do("GET", KEY); e == nil {
if k, e := LoadPublicKey(string(b)); e == nil {
v = k.(*rsa.PublicKey)
} else {
panic(e)
}
}
return
}
github.com/feyeleanor/webcryptodemo
Allegra:Hybrid eleanor$ ./client
GET http://localhost:1024/key --> 200 OK
POST http://localhost:1024/user --> 200 OK
66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R
GET http://localhost:1024/user/66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R
--> 200 OK
<html>
<head>
<title>User Status</title>
</head>
<body>
<table>
<tr>
<td>ID</td>
<td>66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R</td>
</tr>
<tr>
<td>Key</td>
<td>6M5V5LC3BXVCQVRNKVX25I5XJSIG56JS6JK4K2GWDY4M3WS5G77A====</td>
</tr>
<tr>
<td>Files</td>
<td>0</td>
</tr>
</table>
</body>
</html>
POST http://localhost:1024/file/66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R/
test --> 200 OK
<html>
<head>
<title>User Status</title>
</head>
<body>
<table>
<tr>
<td>ID</td>
<td>66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R</td>
</tr>
<tr>
<td>Key</td>
<td>6M5V5LC3BXVCQVRNKVX25I5XJSIG56JS6JK4K2GWDY4M3WS5G77A====</td>
</tr>
<tr>
<td>Files</td>
<td>1</td>
</tr>
</table>
</body>
</html>
GET http://localhost:1024/user/66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R
--> 200 OK
<html>
<head>
<title>User Status</title>
</head>
<body>
<table>
<tr>
<td>ID</td>
<td>66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R</td>
</tr>
<tr>
<td>Key</td>
<td>6M5V5LC3BXVCQVRNKVX25I5XJSIG56JS6JK4K2GWDY4M3WS5G77A====</td>
</tr>
<tr>
<td>Files</td>
<td>1</td>
</tr>
</table>
</body>
</html>
GET http://localhost:1024/file/66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R/
test --> 200 OK
this is a test file
POST http://localhost:1024/key/66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R
--> 200 OK
<html>
<head>
<title>User Status</title>
</head>
<body>
<table>
<tr>
<td>ID</td>
<td>66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R</td>
</tr>
<tr>
<td>Key</td>
<td>MD45J5O2JUNTR2OBALT6BWWWBBLU3XS7HSRJWRX5LV5RS2UBQ6FA====</td>
</tr>
<tr>
<td>Files</td>
<td>1</td>
</tr>
</table>
</body>
</html>
GET http://localhost:1024/user/66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R
--> 200 OK
<html>
<head>
<title>User Status</title>
</head>
<body>
<table>
<tr>
<td>ID</td>
<td>66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R</td>
</tr>
<tr>
<td>Key</td>
<td>MD45J5O2JUNTR2OBALT6BWWWBBLU3XS7HSRJWRX5LV5RS2UBQ6FA====</td>
</tr>
<tr>
<td>Files</td>
<td>1</td>
</tr>
</table>
</body>
</html>
GET http://localhost:1024/file/66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R/
test --> 200 OK
this is a test file
file returned correctly
Allegra:Hybrid eleanor$ ./server
= = = = = = = = = = User Status = = = = = = = = = =
ID 66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R
Key 6M5V5LC3BXVCQVRNKVX25I5XJSIG56JS6JK4K2GWDY4M3WS5G77A====
Files 0
= = = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = User Status = = = = = = = = = =
ID 66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R
Key 6M5V5LC3BXVCQVRNKVX25I5XJSIG56JS6JK4K2GWDY4M3WS5G77A====
Files 1
= = = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = User Status = = = = = = = = = =
ID 66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R
Key 6M5V5LC3BXVCQVRNKVX25I5XJSIG56JS6JK4K2GWDY4M3WS5G77A====
Files 1
= = = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = User Status = = = = = = = = = =
ID 66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R
Key MD45J5O2JUNTR2OBALT6BWWWBBLU3XS7HSRJWRX5LV5RS2UBQ6FA====
Files 1
= = = = = = = = = = = = = = = = = = = = = = = = = =
= = = = = = = = = = User Status = = = = = = = = = =
ID 66I2PXXEYJ2UU6AY5VTIE4I5KACRVXVN74ADRUFSWPMQED4R
Key MD45J5O2JUNTR2OBALT6BWWWBBLU3XS7HSRJWRX5LV5RS2UBQ6FA====
Files 1
= = = = = = = = = = = = = = = = = = = = = = = = = =
43. func RegisterUser() (u string, k []byte) {
k = GenerateAESKey(256)
if key, e := EncryptRSA(PublicKey, []byte(k), []byte("REGISTER")); e == nil {
if v, e := Do("POST", USER, string(key)); e == nil {
u = printResponse(v, e, k)
}
}
return
}
func RetrieveFile(key []byte, id, tag string) (f io.Reader, e error) {
r, e := Do("GET", FILE, id, tag)
f = bytes.NewBufferString(printResponse(r, e, key))
return
}
github.com/feyeleanor/webcryptodemo
44. func Do(m, r string, p ...string) (b []byte, e error) {
do(NewRequest(m, r, p...), func(res *http.Response) {
b, e = ioutil.ReadAll(res.Body) })
return
}
func DoEncrypted(k []byte, m, r string, p ...string) (b []byte, e error) {
do(NewEncryptedRequest(k, m, r, p...), func(res *http.Response) {
DecryptAES(res.Body, k, func(s *cipher.StreamReader) {
b, e = ioutil.ReadAll(s) }) })
return
}
func do(req *http.Request, f func(*http.Response)) {
if res, e := http.DefaultClient.Do(req); e == nil {
Printf("%v %v --> %vn", req.Method, req.URL, res.Status)
f(res)
} else {
Println(e)
}
return
}
github.com/feyeleanor/webcryptodemo
45. import "crypto/aes"
import "crypto/rand"
func GenerateAESKey(n int) (b []byte) {
switch n {
case 128: b = make([]byte, 16)
case 192: b = make([]byte, 24)
case 256: b = make([]byte, 32)
}
rand.Read(b)
return
}
func GenerateIV() (b []byte, e error) {
b = make([]byte, aes.BlockSize)
if _, e = rand.Read(b); e != nil {
panic(e)
}
return
}
github.com/feyeleanor/webcryptodemo
46. import “crypto/cipher"
import "io"
func SendIV(w io.Writer, k []byte, f func([]byte)) {
if iv, e := GenerateIV(); e == nil {
if _, e = w.Write(iv); e == nil {
f(iv)
} else {
fmt.Println(e)
}
}
}
func EncryptAES(w io.Writer, k []byte, f func(*cipher.StreamWriter)) (e error) {
var b cipher.Block
if b, e = aes.NewCipher(k); e == nil {
SendIV(w, k, func(iv []byte) {
f(&cipher.StreamWriter{S: cipher.NewCFBEncrypter(b, iv), W: w})
})
}
return
}
github.com/feyeleanor/webcryptodemo
47. import "io"
func ReadIV(r io.Reader, f func([]byte)) {
iv := make([]byte, aes.BlockSize)
if _, e := r.Read(iv); e == nil {
f(iv)
} else {
fmt.Println(e)
}
}
func DecryptAES(r io.Reader, k []byte, f func(*cipher.StreamReader)) (e error) {
ReadIV(r, func(iv []byte) {
var b cipher.Block
if b, e = aes.NewCipher([]byte(k)); e == nil {
f(&cipher.StreamReader{S: cipher.NewCFBDecrypter(b, iv), R: r})
} else {
fmt.Println(e)
}
})
return
}
github.com/feyeleanor/webcryptodemo