We help IT Professionals succeed at work.

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

I have C++ Code for cryptography (Secret-Key Encryption Lab), I need to convert to python code , can you assist me
#include <openssl/conf.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>

int hex_to_int(char c){
        int first = c / 16 - 3;
        int second = c % 16;
        int result = first*10 + second;
        if(result > 9) result--;
        return result;
}

int hex_to_ascii(char c, char d){
        int high = hex_to_int(c) * 16;
        int low = hex_to_int(d);
        return high+low;
}

int main(int arc, char *argv[])
{
        unsigned char outbuf[1024];
        unsigned char cipher[1024];
        unsigned char temp, key[16];
        int outlen, tmplen, l, i, length, count, found =0, k = 0;
        size_t nread, len;
        FILE *in;
        unsigned char iv[17];

        for(i = 0; i < 17; i++)
           iv[i] = 0;
        iv[16] = '\0';

        char intext[] = "This is a top secret.";
        char st[] = "8d20e5056a8d24d0462ce74e4904c1b513e10d1df4a2ef2ad4540fae1ca0aaf9";
        i = 0;
        while(i < 64)
        {
           if(st[i] >= 'a' && st[i] <= 'z')
                 st[i] = st[i] - 32;
           i++;
        }

        length = strlen(st);
        char buf = 0;
        for(i = 0; i < length; i++)
        {
           if(i % 2 != 0)
           {             
              cipher[k] = hex_to_ascii(buf, st[i]);
              k++;
           }
           else
           {
      

Open in new window

0
Lenovo T430s - With Win Prof 10  - Does it have a TPM in the BIOS or is BIOS ready for Bit Locker?  Im Newish  To Bitlocker
0
We are trying to setup Bit Locker on our new DELL Latitude 3301 and when I go to start it I get the error:-

Ths PC requires a startup option that isn't supported by BitLocker setup. Please contact your system administrator to turn on BitLocker.

I have done a little bit of googling and I have found there are some issues with certain Latitude's but this one isn't listed int he models. I have also tried to run the DELL TPM Utility 2.0 update but it says this laptop isn't compatible with the driver.

I have also run powershell.exe get-tpm and I get:-

TPMPresent :TRUE
TPMReady :TRUE

Not sure where to go from here. We use DELL's across the board and this has always worked.

Thanks in advance,

Glenn
0
Data encryption from App to web. We have apache 2.4 version as web servers. Tomcat 9 version as app server.

Updated configuration in web servers as shown below. Apache version is 2.4.
Listen 443
<VirtualHost *:443>

  ServerName ej.dev.nsf.gov
  SSLCertificateFile "/etc/httpd24/conf.d/certs/servercert.cer"
  SSLCertificateKeyFile "/etc/httpd24/conf.d/certs/server.key"
  SSLEngine on
  DocumentRoot "/var/www/httpd24/html"

Port used in web server as 443.

[root@s-web-l-ej01 conf.d]# netstat -na | grep 443

tcp6       0      0 :::443                  :::*                    LISTEN


Configuration in App server as shown below. Version is Tomcat 9.

<Connector port="8443" maxThreads="150" scheme="https" secure="true" SSLEnabled="true"
        keystoreFile="/usr/share/tomcat/conf/certs/server.jks" keystorePass="nsf1234"
        clientAuth="false" sslProtocol="TLS"/>

Port using in App server is 8443.

F5 has been updated from port 80 to 443.

Issue is Not able to access Application url. Please help me in resolving the issue. I am ok with webex session.
0
Hello, Experts,

I am new to the encryption world. I have some python experience under my belt but not much when it comes to encrypting passwords. I have compiled a python script that is very simple. It queries a directory > grabs a specific type of file > starts a FTP transmission > ends.

Currently, in testing, my python script has the URL, username, password in cleartext. For obvious reasons, I want to move away from that. What is the best practice to encrypt my data?

Assumptions:
  • Script will be downloaded from an FTP host to various machines
  • The script will be placed in a hidden dir
  • Service will run to kick off-script during an interval

It would make sense for me since this script will be deployed globally to encrypt password once, store in some sort of file, then reference later in the script.

I am looking for some pointers, examples, and best practices.

#import libraries
import os
import pysftp

# query for file to ftp
alr_file = '/Users/path/to/file/to_ftp'
ftpALR = []

def findFile():

    for item in os.listdir(alr_file):
        if item.endswith('.mdb'):
            ftpALR.append(alr_file + '/' + item)

# ftp transmission function
def ftpTransmit():
    # list ftp dir
    cnopts = pysftp.CnOpts()
    cnopts.hostkeys = None
    with pysftp.Connection(host='ftp.acme.com',
                              username='cloudUser',
                              password='NOT_A_REAL_PWD',
             

Open in new window

0
Hi experts,

I am learning how to use Wireshark to capture and analyze traffic on my home network so that I will be able to use this skill set at work.

I am using SSH to manage the switch and router and I am analyzing the ssh encryption traffic. I can see when both client and server exchange the keys etc.

Where in the capture can I find the username and password that I enter into the putty session to remote into the switch?

I know this information will be encrypted but I just would like to know where to find it, which packet contains this information?
0
Hi Experts,

I am new to Bitlocker and we are now in a pilot phase of encrypting all corporate devices using Bitlocker integrated with AD for recovery information. Everything is working well but there are few PCs that already had Bitlocker enabled and when I move them to the OU where GPO for AD integration is applied, the recovery password does not show up in the BitLocker Recovery tab in the PC's properties in AD.

Any idea how we can get that fixed ? Do we have to disable bitlocker and then reencrypt it ?
0
Hi

Staff email confidential PDF documents  to other organizations and they would like to password protect the PDF document when they email.
Is there any free software or paid software that can password protect a PDF document?

Any help much appreciated

Thanks
0
I have a spare Lenovo thinkcentre that I have been working on for several weeks with an issue involving Bitlocker encryption and TPM.  Have tried too many things to mention and now am to a point where the tech I am working with has advised that I need to "change the default boot mode to UEFI (currently set on Auto or Legacy) and redeploy the OS (Windows 10).  Supposedly TPM 2.0 should work with the UEFI boot on a GPT partition.  When I change the boot mode to UEFI in the BIOS and restart I get an error 1962 - no operating system found.  Any guidance you can provide on how to deploy the OS with the default boot mode set to UEFI would be appreciated.  Thank you
0
Do Bullrun and Edgehill, along with some of the inbuilt shortcomings of SSL/TLS itself, mean that encryption amounts to not much more than a myth ?
0
I have a 1Tb disk running Windows 10. The system partition was encrypted by veracrypt but I later wanted to switch to bitlocker instead.  What I didn't realise on enabling bitlocker was that the partition was still encrypted by veracrypt.  So now the system partition has  encryption from bitlocker and the whole thing is also encrypted by Veracrypt.  So when you boot up, you have to put in the veracrypt password.  Then, since TPM was causing issues with bitlocker (not the problem I'm trying to solve here), you then had to put in the bitlocker recovery key, each time. Windows would then boot as normal, until you next rebooted when that 2-step process had to be repeated.

In an attempt to try update the bios, I wanted to install W10 temporarily on an external disk.  Unfortunately, in my haste, I deleted all but the recovery partition on the PC's hard disk during windows 10 install.  I didn't actually install anything - I realised what I had done and cancelled the whole process.

So, my issue is to recover these deleted partitions.  

I've tried testdisk, but after the 2hr search I get this:

 
92fbfd67-7fb8-4f5f-bb70-2ae647f4b2e6.jpg
I declined to do the more in-depth test

I next tried Acronis Recovery Expert from within Acronis Disk Director.  This, has found dozens of partitions formatted Ext4, which I guess is because of veracrypt.  The first few are of size 913.4Gb, then the next few are 913.3Gb and so on until 913.1Gb.  I'm going to leave it run over night, but this does not …
0
Hi,
A client was having a Samsung S8 mobile phone, and he used SD encryption to encrypt the photos and media he has. Accidentally the phone was broken and is no longer working, so he bought a Samsung S9 mobile. When he put the SD card, the media are encrypted. The old phone (S8) is not working so we can decrypt the SD on the phone.

Any ideas on how to decrypt the SD card to work in S9?
attached one of the photos that are encrypted.
20171222_161738.jpg
0
We are working with two outbound providers on our on-premise Exchange 2013 environment:  ProofPoint which provides encryption on demand and Mailjet which gives us detailed deliverability stats and reports.  Unfortunately, we're stuck with using one or the other, mainly because Mailjet has authentication requirements that ProofPoint's configuration can't meet.  So, is there a way to configure Exchange so that all messages with the "[ENCRYPT]" in the Subject or Body would go through the ProofPoint connector and anything else through the Mailjet one?  Ideally, if we could find a provider that gives both the reporting AND the encryption-on-demand, that would probably be the optimal option.  Thanks!
0
just booted a new lenovo PC for the first tine ...

warning ... clearing erases information stored on TPM.
you will loose all created keys and access to data encrypted by these keys .press f12 to clear TPM
esc to reject this change request and continue

Weill I waited and it just booted to win 10 pro setup and I don’t know what default was chosen.

I’ve three more to setup
what should I choose ?

I don’t need encryption but wouldn’t mind know if I do/don’t choose it will the users be prompted for a more security every boot?

note - I want to keep things simple, it’s for an adult education simple class

thanks
0
Hi Folks! I have a need to get a software that will allow me to create PGP keys and encrypt/decrypt individual files. Years ago I used PGP Desktop for this. Can someone recommend a simple application that will allow me to do this using strong encryption strength (2048 bit keys and higher) ? I have a Windows 10 Pro desktop.
0
I have PDF files which I need to access because I forgot my password I am not able to open it anymore. I bought a System Tools program which said it would be able to remove the passwords or reset it, but what they said is this:


"Dear Customer,

Thanks for your email.

We are unable to recover/reset the password from your pdf file due to AES encryption. "

I know that there are some tools to remove this password and access the PDF files. I am an IT Security graduate and I have seems many tools to do many things.

Would you be able to advise which tools I could use for that?
0
In a new environment one of the projects left behind by a predecessor was to upgrade the encryption on their DMVPN from 3DES to AES 256. That's a good goal to be up to modern standards. But I see a lot of other areas of greater vulnerability. And the update and verification of hundreds of spoke sites will take considerable time. My question: how vulnerable is a 3DES encrypted DMVPN network?
0
Hi I have just started using always encrypted. I am using it on a webserver.
When i connect using sql managment studio it works fine however on the website thows and error about the permisions.

1st question, is it it safe to use on a webserver as the certificates and data are on the same device.
2nd question, how do i get it to work on IIS website?
0
I want to back up my machine using Acronis.  But it says it can't back it up until I turn off Bitlocker.
When I go to Control Panel --> System and Security --> Bitlocker Drive Encryption, it says "BitLocker waiting for activation".  There is an icon to "Turn on BitLocker".  

Do I have to turn it on before I turn it off?
0
I am on a new gig where the client has small spoke sites talking to a hub at the data over DMVPN with IPSec encryption. The edge devices at the spoke sites are Cisco ISRs. They complain about the performance of Horizon VDI not infrequently. One thing I was wondering is - what would be the performance knock of their sending their already secure PCOIP traffic over the encrypted DMVPN? It seems they could just send the traffic to the VDI farm without it needing to travel through the tunnel. Might it improve VDI performance from the perspective of the end  to have those connection bypass the tunnel and just traverse the Internet without a second encryption operation.
0
Hi,

I d like to protect my One Drive files with an encryption so that if my files would end up being downloaded or hacked, they are not readable for anybody who hasn't got a decryption key.

Is that possible and how would that then work? I could make a container/vhdx on OneDrive but then the full container would need to close before a sync happens and the full container would be synced on any smallest change of a file.


J
0
I'm unable to decrypt a file using the key I created early. The problem is didn't I create a Passphrase.
 Below is my key generation out and Passphrase request when trying to decrypt file



gpg2 --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: eeeeee
Email address: eeeem@mmmmm.com
Comment: This key pair is use for use for encryption and decryption files.
You selected this USER-ID:
    "eeeee (This key pair is use for use for encryption and decryption files.)<eeeem@mmmmm.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some …
0
I need to send 10-15 pdf attachments (encrypted with password protection) to client. How can I do that? What tools or software can i use so that client can open by entering the password
0
Hello,

how secure is 7zip password protection?

Thank you
0
Does TDE encrypt  just the database or the entire SQL server?     I need to have just one of our databases encrypted (for now)  and need to make sure using TDE only that database is affected.

I currently have one database where I am encrypting a single column but the one in question is a separate database on the same server that also has many other databases.
0

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.