Encryption

6K

Solutions

31

Articles & Videos

8K

Contributors

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have an ADFS server set up that we use authenticate our domain users for Skype for Business online. This works successfully so I know that the basic configuration is correct. I have created a relay trust with one of our application partners, who have written their own STS system. When clicking on the link to the application, we are redirected to our AD FS front end but we're unable to login. Speaking to our partner, they're saying that the claim we're producing does not include the name id which they need to allow us to login. The relay trust has been set up without encryption or signing requirements and I have set up a rule that based on the Mapping of LDAP Attributes to outgoing claim types with the LDAP attribute being E-Mail-Addresses and the outgoing claim type Name ID.

When trying to connect, 2 events are generated in the AD FS Admin log of the ADFS server. These events are;
1)   Event 303. The Federation Service encountered an error while processing the SAML authentication request (MSIS0037: No signature verification found for issuer https://xxxxxx
2) Event 364 . Encountered error during federation passive request (MSIS0037: No signature verification certificate found for issuer https://xxxxxx

The site https://xxxxxx (which is set up as the identifier in the relay party trust) has a mismatched certificate name but as signing and encryption are switched off on the trust, I don't understand why I'm seeing the message and why the token is not being generated.
0
On Demand Webinar: Networking for the Cloud Era
LVL 8
On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Hello sir , i'm using WCF services in both web application and android . Now i want to implement encryption and decryption of various id's  so if i apply the encryption and decryption then on the web end i can easily manage the code but for android developer this is very hectic problem therefore suggest me how can i manage the code.
0
I got hit with Amnesia Ransomeware...
Any help to decrypt?
0
Hi all,

I'm after your thoughts.  USB drives are a big risk to any network.  However, if a business enforces the encryption of USB Drives once they have been attached to a computer and are also scanned by an anti virus product, just how much risk do they now pose?

Any corporate data on there is now encrypted incase it is lost or stolen and any malware/virus should be detected before it is able to run (as long is it is not 0 day for example).

Should we still be concerned?  Many in the business want USB drives disabled by default, where as other think that the above controls mitigate the risks and will only force people to start printing (and losing) paper documents.
0
Hi,
    I got a error while installing Lync 2010 client install in Windows 7 32 bit machine.Please find the attachment file.

Error :- "cannot determine the encryption status of the temporary files folder"
Screenshot_1.png
0
I have a number of old word documents that I need to migrate to pdf but first I need to save them as DOCX but I want to save them without the Encryption password (which I have).

Anybody know how to do this?
0
As the title states we use Outlook 2010, in this case a service mailbox with a domain user account. The recipient is external.

The user opens a specific Outlook profile which has a certificate and under the S/MIME settings i use SHA 512 & AES 256.

However....all mails send are signed and encrypted, but.... 168 bits 3DES.

I published the certificate to the GAL after reading some info regarding that but that changed nothing.
Hope that anyone can help me sort out whats wrong?

Can the certificate used be the cause?

The certificate used is sha256RSA 2048 Bits.
Under Enhanced KeyUsage:

Client Authentication (1.3.6.1.5.5.7.3.2)
Secure Email (1.3.6.1.5.5.7.3.4)

Any tips appriciated!
0
We have a GPO in place to restrict who can use USB removable storage on workstations.  I'd like to know if there is a solution to require the USB devices to be encrypted.

Thanks,
 Troy Taylor
0
I set up one of four laptops as usual, enabling TPM, turn on bitlocker and require a bitlocker PIN at boot to log onto the computer. In my setup, I create an original admin account (named - pallap005), a standard account (named - clinical) and then enable the default admin account. Once that is done then I disable the pallap005 admin account. In this case, I disabled my pallap005 admin account  before I enabled the default admin account leaving only my standard user account (clinical) available. I need to know if I can enable the admin account and how do I go about doing this?
0
Hello,



As part of an audit, I need to furnish the encryptions ciphers used by our mail server, which in our case is

an Exchange 2016 CU 17 server.



Specifically, here's the question:



If TLS is being used, are cryptographically strong key exchange and message encryption ciphers being used?



<The preference order of key exchange and encryption ciphers is:



 



1.Key exchange: Elliptic Curve Diffie–Hellman (ECDH), Encryption: AES in Galois Counter Mode (AESGCM)


2.Key Exchange: Diffie–Hellman (DH), Encryption: AES in Galois Counter Mode (AESGCM)


3.Key Exchange: Elliptic curve Diffie–Hellman (ECDH), Encryption: AES-256 (AES256)


4.Key Exchange: Diffie–Hellman (DH), Encryption: AES-256 (AES256)


5.Key Exchange: Elliptic Curve Diffie–Hellman (ECDH), Encryption: AES-128 (AES128)


6.Key Exchange: Diffie–Hellman (DH), Encryption: 128 or 256 bit AES (AES)


7.Key Exchange: RSA, Encryption: AES in Galois/Counter Mode (AESGCM)




  No other key-exchange and encryption ciphers are allowed>



I'm not quite sure how to check and see what it uses.  Can you offer any suggestions?



Thanks in advance.



Regards,

Real-Timer
0
Free Tool: IP Lookup
LVL 8
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Hi All,

 

I have been tasked with setting up a secure file transfer mechanism for our organisation.

We have created the private keys etc. using Kleopatra and are able to encrypt/sign (with asci armor) and decrypt and exchange files with our partners successfully.

I would like to automate the process as follows.

Users place files in a folder based on a Fileserver.

GPG4Win (based on our SFTP Server) is scheduled to check the folder, encrypt any files it finds placing the encrypted file on the SFTP server’s Outbound folder and DELETING the original file on the Fileserver.

I am able to automate the encryption but the original file stays in place. When using the GUI there are options for the following, “Remove unencrypted original file when done”

I am using the following syntax

 

Gpg2 –batch –recipient xxxxx  –encrypt-files –armor C:\Location\*.txt

Which creates the encrypted the files in the same location and the orginal files still remain.

 

I have tried a number of different options, none of which worked for me.

If I am able to to encrypt/decrypt and point the files to an alternative location and remove the orginals then I would be extremely grateful for the help.
0
One PCI DSS assessor had suggested that our Data Domain (sort of VTL as we have
replaced tapes with disks which we backup to remotely to our DR site) ought to be
encrypted.

Internally storage team argued that shouldn't we
a) encrypt at source & only selective sensitive data ?   Then we have much less
    to encrypt
b) encrypting entire data domain will entails more load (tho I've seen EMC's
     solution for this)
c) our assessor's justification is there may be sensitive data (eg: PAN or
    credit card#) in the logs that get backup from our Prod to DR site thus
    the need to encrypt it at destination
d) I know encrypting tapes is highly recommended as tapes are transported
    offsite (for storage) during transit, tapes may get lost.  But if we are using
    point-to-point link between our Prod & DR sites, there's no risk of losing
    media in transit.  Is this argument valid?
e) Also, should a HDD in a SAN get faulty & is being returned to vendor, what
    are the chances anyone or even a determined hacker could read the faulty
    (or even if it's not faulty) HDD for sensitive data?  Data is spliced randomly
    in SAN's HDD, virtually making data in the HDD undecipherable?  
f) when data is being backup from our Prod datacentre to DR site using
    point-to-point leased line (assuming the line do not have encryption),
    what's the risk it could be tapped or subject to MITMA?  Any security
    guideline that says backup traffic that is not …
0
I am using C# in SSIS Script Task and PGP Command Line tool for decrypting symmetric encrypted pgp file.
But this is not working, the command window appears and then hides showing a message:

pgp:decrypt < 3001:input file not found>
:decrypt <3090:operation failed, had parameters>

What is wrong with the code?

System.Diagnostics.Process p = new System.Diagnostics.Process();
                p.StartInfo.WorkingDirectory = @"C:\Program Files\PGP Corporation\PGP Command Line";
                p.StartInfo.FileName = @"C:\Program Files\PGP Corporation\PGP Command Line\pgp";
                string args = @"/c pgp --decrypt ""G:\MYHR\Payroll\PGP\ENCRYPTED\ECMC.TUR.PayrollExtract-Transactions.504001631112121.zip"" --symmetric-passphrase ""Example1"" --overwrite remove --output ""G:\MYHR\Payroll\PGP\DECRYPTED""";
                p.StartInfo.Arguments = " " + args;
                MessageBox.Show(p.StartInfo.Arguments);
                p.Start();
                p.WaitForExit();
                Dts.TaskResult = (int)ScriptResults.Success;

Open in new window

0
I've been chasing my tail trying to solve an issue after authenticating with ADFS 4.0 against even a basic SSO site. It would bring me to
https://FQDN/adfs/ls/idpinitiatedsignon.aspx, but after authenticating it would immediately throw a 400 error. Logging only showed:

S4U Logon for user with upn 'USERNAME' threw the following exception: 'The encryption type requested is not supported by the KDC'

After hours of checking things, I figured out that the local GPO needed to have RC4_HMAC_MD5 enabled under:
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Network Security: Configure encryption types allowed for Kerberos.

I wanted to post this to save someone the 72 hours it took to solve this issue in a highly secure environment.
0
Right now we are using BitLocker integrated with Active Directory for our laptops.

We also have few MAC laptops.

Is there any possibility to encrypt these MAC laptops with the help of BitLocker?
0
0
down vote
favorite
We have the application done C# and passing parameter to Java application. To make it secure we Java application developer come up with AES encryption. The developer gave sample code in Java. Kindly somebody helps me. How can I encrypt same way in C#

//    Cryptix imports
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;

import cryptix.provider.key.RawSecretKey;
import cryptix.util.core.Hex;

import xjava.security.Cipher;

public class AESEncryption {

    private Cipher m_alg;
    private RawSecretKey m_key;

    private static final String RIJNDAEL = "Rijndael"; //mode of encryption
    private static final String PROVIDER_CRYPTIX = "Cryptix"; // Cryptography algorithm providers

    /**
     * Must (once) be dynamically installed. - could alternatively be set
     * statically in $JAVAHOME/lib/security by changing security provider.
     *
     */
    static {
        java.security.Security.addProvider(new cryptix.provider.Cryptix());
        System.out.println(" Java Security - Add security provider - Cryptix provider added");
    }

    public AESEncryption(String secretKey)
        throws java.security.NoSuchProviderException, java.security.NoSuchAlgorithmException {

        //System.out.println("Key used for encryption/decryption :- " + secretKey);

        m_alg = Cipher.getInstance(RIJNDAEL, PROVIDER_CRYPTIX);
        m_key = new RawSecretKey(RIJNDAEL, …
0
We are developing a customer facing web portal which will require a user to authenticate themselves against encrypted data stored on our Power 8 by way of a URL request and an SQL or C# intermediate function (although we are open to other concepts and suggestions).

Even though I've read a great many article relating to this subject, I would be grateful for any current guidance on the type of encryption to employ, coding language to use and examples of implementations.

Thanks in advance.
0
We have a Dell E7270 Ultrabook, it has McAfee disk encryption. When the machine starts up and shoots off a 'USB transfer error'.
What has been tried,
1. Move all usb from the back of the docking station PR02X to the side - or vice or versa.
2. Swapped out the docking station to a 'K090A' station - Error still happens
3. Updated McAfee, updated the Bios (not sure the versions)

found a temporary work around
Turn off the machine, undock the Ultrabook, turn it on. Pre-boot McAfee will not give the error message.
boot to Windows, go to the pc power settings and change "what happens to the pc when the lid closes"
then re-dock.

Has Anyone else run into this issue? any information would be awesome.
Thanks in advance.
0
Domain oriented PC has been encrypted with Bitlocker for the past year and now all of a sudden the bitlocker prompt came up. Suspended the bitlocker and restarted to clear the bitlocker prompt during startup, and now when I try to re-enable bitlocker, I get prompted with "Wizard initialization has failed" One or more bitlocker key protectors are required you cannot delete the last key on this drive. When I try to   check the TPM in the BIOS, it is completely missing. What would cause this and how can I fix it? I have also downgraded the BIOS and re-flashed it and nothing changes.
0
[Webinar] How Hackers Steal Your Credentials
LVL 8
[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Team, need help resolving a laptop build that's continously failing at the bitlocker stage of task sequence, it's specific to just this model laptop, and I suspect it's related to some BIOS config.
Can you advise or direct me please,
Laptop Model = HP Elite X2 1012

______________________________________________________________________________________________________________________________________________
Error in logs:

... r
Initial TPM state: 55
Creating TPM owner authorization value
Succeeded loading resource DLL 'C:\Windows\CCM\1033\TSRES.DLL'
Taking ownership of TPM
uStatus == 0, HRESULT=80070005 (e:\nts_sccm_release\sms\framework\tscore\tpm.cpp,645)
pTpm->TakeOwnership( sOwnerAuth ), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\bitlocker.cpp,522)
InitializeTpm(), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\bitlocker.cpp,1313)
ConfigureKeyProtection( keyMode, pwdMode, pszStartupKeyVolume ), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\bitlocker.cpp,1552)
pBitLocker->Enable( argInfo.keyMode, argInfo.passwordMode, argInfo.sStartupKeyVolume, argInfo.bWait ), HRESULT=80070005 (e:\nts_sccm_release\sms\client\osdeployment\bitlocker\main.cpp,382)
'TakeOwnership' failed (2147942405)
Failed to take ownership of TPM. Ensure that Active Directory permissions are properly configured
ccess is denied. (Error: 80070005; Source: Windows)
0
I was given the task of holding all files(mainly Word, Excel and PDf's)  that 2 sites will use in my location and then the users will map a drive to have access. Permissions will also be an issue not all users can see every folder.
Also we need to think about encryption ( don't need files on server to be encrypted) just the transfer of the files.

We will also need to backup to their location for disster recovery.

We do not want to put files in the cloud.....

Looking for advice, experiences that could help us decide which is the right route to take.
Thanks in advance
0
I've got a Windows 7 machine where the system drive was encrypted with VeraCrypt. After the VC boot loader verifies the password, I get a Windows splash screen, followed by a BSOD informing me that the boot sector is corrupted. As far as I can tell, no one here has the rescue disk for the machine.

I'd like to run the Windows boot repair from the installation disc, but I can't do it directly from the BIOS because the volume is encrypted. I can't decrypt the volume (I don't think) because I don't have the rescue disk, and I can't get into Windows to run a disk check because the system won't boot.

Does anyone have any ideas for recovering data from this drive? Any suggestions are appreciated.
0
Hi

I need to upload a file to a FTP Server where the encryption is Explicit FTP over TLS.

I have googled and it mentions 3rd Party add ons.

Does the later .NET allow this with out the use of 3rd party add ons.

Thanks,
0
Hi,

While using the encryption type RC4-HMAC-NT, AES128-SHA1 or AES256-SHA1 connection to the principal is failed due to KRB_AP_REQ cannot be decrypted by the principal.
 After configuring the DES-BSC-CRC and DES-CBC-MD5 encryption type, from the client machine connection to the principal becomes successful.

Setup is as follows:
1. KDC server [windows server 2012 R2 64 bit]
2. Client machine [windows 8.1 64 bit]
3. Principal [BS2000 machine]
4. Kerberos sources [MIT kerberos 1.13.2]

To perform the kerberos connection test configuration is done as follows:

1. Set up AD DC on windows server 2012 R2

2. Created a domain user and checked the corresponding option in case of AES128-SHA1 "This account supports Kerberos AES 128 bit encryption" and "do not require Kerberos pre authentication".

3. On the windows server 2012 R2, in local Policies->Security Options ->"Network Security: configure encryption type allowed for Kerberos" AES_128_HMAC_SHA1 and AES_256_HMAC_SHA1 is selected

4. On windows 2012 R2, by using ADSIEDIT.msc, value of  msDS-SupportedEncryptionTypesis set to 28.

5. On the windows client machine [windows 8.1] which is in same domain, in local Policies->Security Options ->"Network Security: configure encryption type allowed for Kerberos" AES_128_HMAC_SHA1  and AES_256_HMAC_SHA1 is selected.

6. Created keytab file on windows 2012 Server R2 by using the KTPASS command [corresponding encryption type is used with -crypto option]

ktpass …
0
How to write program for  encryption and decryption input text using RC4 algorithm in Matlab?
0

Encryption

6K

Solutions

31

Articles & Videos

8K

Contributors

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.