Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Share tech news, updates, or what's on your mind.

Sign up to Post

Bitlocker administration is slow to pickup PC's

i have Bitlocker Administration and Monitoring - its picking up PC's on my network via GPO but it does it so slowly, 3 per week, any idea on how i can speed this up?
0
Free Tool: SSL Checker
LVL 12
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I'm trying to decrypt using Rijndael in PHP, but appear to be getting different values compared to what i get when doing it using C#?

Here's my C# code:

    RijndaelManaged rijndaelManaged = new RijndaelManaged();
    rijndaelManaged.KeySize = 256;
    rijndaelManaged.BlockSize = 128;
    rijndaelManaged.Mode = CipherMode.CBC;

    ICryptoTransform decryptor = rijndaelManaged.CreateDecryptor(rgbKey, Array4);

    count2 = fileStream.Read(buffer4, 0, count1); //6D-18-80-01-DD-B6-3E-5B-26-83-CE-30-C7-AC-57-79
    cryptoStream.Write(buffer4, 0, count2);

    ^^ this value is 31-3B-3B-31-3B-3B-40-FD-00-20-A9-A2-00-08-71-CA

Open in new window


And here's my PHP code

    $rgbKey = "de299ceff91f2a216969a22e482a6c1616c6e64e552d46ffafb713f1743e32d1";
    $rgbIv = "ECCD26BE791BB360E2010F6378CD5631";

    $rijndael = new Rijndael();
    $rijndael->setKey($rgbKey);
    $rijndael->setIV($rgbIv);
    $rijndael->enableContinuousBuffer();
    $rijndael->setKeyLength(256);
    $rijndael->setBlockLength(128);

    echo bin2hex($rijndael->decrypt("6D188001DDB63E5B2683CE30C7AC5779")); 

    ^^ this value is c3d0ea2da27565c46fc7f1d2c0684baaf246

Open in new window


I get the correct value here when doing online: http://aes.online-domain-tools.com/link/1300553gqcXhtYR9LB/
0
hi,

as MS SQL has always encrypted feature, what is the diff between Network Encryption and always encrypted?
0
I have a large file containing many sub-folders & files (*.gpg) that are encrypted using gpg. I would like to decrypt them in place and remove the .gpg extension. All have the same passcode. My question is: can I decrypt all files in a folder, at the folder level by using a wildcard (*.gpg), or must I do each file in the folder individually?

my GnuPG command line looks something like this:
gpg  --batch --passphrase-fd 0 --decrypt *.gpg < pass.txt

if possible, a little help with the syntax would be appreciated
0
hi,

what kind of encryption DB2 is offering? what tier are they doing to protect?
0
I have a new request from managment to encrypt all files inside the company so it will be used only in company computers (domain members) by domain users and if it get out by email or flash drive it will not open.but as will ,i have to be able to exclude some users so they will be able to send unencrypted files by email .i have to enforce this policy .i have 200 computers in the network.where could i start?
0
bitlocker encrypted drive on usb: we have a laptop with ssd drive with bitlocker encryption that crashed and won't reboot to windows.  Before reinstalling Windows 10, I'd like to know how to put the drive on external usb on another computer to try to retrieve data from it.  It just says it's not accessible and doesn't have an option to put in the encryption key.
0
Hi,

What encryption MySQL and MariaDB offer? MySQL offer the same as MariaDB ?

Encryption is on  the whole disk level or DB level only ? row level or database file level?
1
I am having and issue with Citrix Receiver on one of the system I manage. I get the error message "This version of Citrix Receiver does not support the selected encryption. Please contact your administrator."  I found several topics suggesting corrupted registry entries and to use the clean-up utility.  I have done all that. I finally resorted to re-imaging the system and starting from scratch. This worked for about and hour until the user restarted the machine.  I have several other systems with the exact same setup that don't have this issue.  Where is this coming from? Has anyone resolved this issue?
0
Hi!
I´m trying to use programm by James-Gourley to decrypt a 1.4.0.0 version of Cryakl  . Some files are decrypted correctly, and other files are not decrypted with  "encryption signature mismatch" message. Help me please. Sample files https://dropmefiles.com/769Q7   More examples of unencrypted files https://dropmefiles.com/CZ7xH
0
Cloud Class® Course: Python 3 Fundamentals
LVL 12
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

We have a McAfee encryption epo 4.5 server that has failed due to a locally attached disk array issue.

The database for this box however is stored on a separate server.

Can a new Mcafee encryption installation be built by attaching to this existing database?
0
How to apply bit locker auto unlock internal fixed data drive without encrypting system drive in windows server 2012
0
RDS - encryption error...

Getting this on a laptop frequently this morning, connected over remote VPN.  

Also get it a few occasions when the user worked on a different machine over site to site VPN tunnel.

Server 2016.
Clients Win10 1803.
Site to site VPN - Cisco ASA 5505
remote VPN Cisco client and more recently cisco anyconnect.

Ideas?
0
Currently our accounting staff has to manually download a file from our bank on a daily or weekly basis.  One of our system programmers wants to automate the process so Accounting does not have waste 1 hour/week on the download.   We have talked to the bank and all I get from them is that we need to open Port 22, setup a SFTP site and PGP for encryption.   The bank did send me some information on setting up PGP.  I have read some articles dealing with Linux  but for us this will be on a Windows 2012R2 server.  My question: Should I do this?  I would rather not due to the security but I will need facts to back me up.  Everything I have read is from 2010 or earlier.  I would like to get your opinions as toward If it is safe to proceed or not.  Also, if you say yes, if you have any thoughts on setup.

Thanks for your help
0
Hello,

I have been using a Netscreen SSG-5 firewall for my home office since 2009. For the first 5-6 years or so I logged into it fairly regularly to check on status, tweak configuration, and update the ScreenOS.  I have not logged into it for the past 2-3 years. I recently received an email from Lifelock warning me about VPNFilter malware that is targeting routers. This made me think about checking the status of my SSG5 to make sure it has the latest firmware and ScreenOS and to possibly change the password.  The problem is when I try to connect to the firewall at https://192.168.X.XX/ using Firefox I get an error message that the Secure Connection Failed with this specific error message:

Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

I then tried using Chrome and received a similar error message:

This site can’t provide a secure connection 192.168.X.XX uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Internet Explorer also failed.

It has been a few years since I have worked with the firewall and I am a bit rusty in terms of the technology.  I did some searching and learned that the latest versions of Firefox, Chrome and IE won't accept weak "ciphers" and that my SSL and/or TLS are outdated.  I found something about RC4 not being safe.  I also think my certificate has expired.  It has been a few years and this is is a bit Greek to me.  All I know …
0
Hi all, with the Mac File vault encrpytion - will this ask for a code on startup - kind of like bitlocker on windows?
0
Hi Guys

Does anyone know what directory role / rights need to be assigned under Azure AD to allow disc encryption VIA powershell?
I dont want to assign full global admin access to support accounts for this to work.

Regards
0
I have reset customer registration to use AES encryption to comply with new regulations.  The MySql is recording the data correct with $salt being used to encrypt the email.
However, I use PHPMAKER to manage the database on my PC (or could use MS Access but I cannot figure how to decrypt and encrypt the email so that I an update data.
The email is the only field of 20 to be encrypted.

Anyone able to help with amending the various PHPMaker scripts or a VB function to import and export to Access 2003
My database is just over 200,000 emails.
0
I would like to check if data at rest encryption is turned on in my Isilon cluster.

From what I have read Isilon does it automatically with the use of SED (Self encrypting drives).

Is my understanding correct?

And how can I check if the drives on my system are self encrytping?

 

Also if we setup cloudpools then how can we make sure that data will be encrypted on the cloudpool side as well?
0
Cloud Class® Course: Microsoft Windows 7 Basic
LVL 12
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

Trying to test EFS Encryption File Recovery within my Windows 2012 R2 Domain (mixed with 2008 R2 DCs and previously upgraded from 2003 DC level - inherited the network in 2008).  Did the following:

1) GPO Management ==> Edit policy, Windows Settings, Security Settings, Public Key Policies, Encrypting File System ==> Create Data Recovery Agent (Administrator account)
2) Forced GPO refreshed
3) Logged into DC as Admin, MMC ==> Certificates, Personal, Request New Certificate, Enrolled "EFS Recovery Agent".
4) Exported EFS Recovery Cert and marked "export private key" and set password.  Saved file as "DRAtest.pfx"
5) created test.txt file and encrypted by administrator@domain.local
6) while logged in as Johnsmith on PC1, did GPO refresh and imported "DRAtest.pfx" into Personal certification Store.
7) checked encryption properties for test.txt and shows being encrypted by "administrator@domain.local" and Recovery Certificate as "Administrators@domain.local" - the imported Certificate Thumbnail of recovery cert matches that of the one imported into personal store of "Johnsmith" login, but can't access test.txt file as Johnsmith.  
8) I also tested it the other around where johnsmith encrypts test2.txt  and while logged in on DC as administrator@domain.local, I can't access/decrypt the file, even through I have the correct cert in personal store of Administrator@domain.local and the recovery certification info matches as well.

At this point I'm stump.  I've also tried …
0
We are removing our full disk encryption software (Symantec PGP) and moving to Bitlocker for our Win10 Pro laptops for various reasons. However, i have many remote VPN users that do not go to a physical office. Therefore i have some hurdles - and want to do this as transparent as possible for all users as well, if possible. GPO settings are ready. I do not have MBAM/don't plan to. Once PGP is unencrypted/removed, i need to remotely (if possible):

1. Turn on TPM chip in laptops. (some laptops do not have it turned on/no GPO setting for this/i dont mean activate in BIOS)
2. Initialize TPM (no GPO setting for this)
3.  enable/start encryption (no GPO setting for this)

My questions are:
1. Can i turn on TPM chip in the OS remotely? Can i do it with csv or some way in batch groups?
2. Can i initialize TPM chip remotely? Can i do it with csv or some way in batch groups?
3. Can i enable encryption/begin encrypting in a remote way? Can i do it with csv or some way in batch groups?

I understand remote abilities for this aren't preferred/perhaps not allowed for obvious reasons, but i'm tryin to do this as easy as possible on my network. The intent is to touch user laptops ONLY if needed/as little as possible.

thanks!
0
I'm fairly new to Java. So I'm call a Java web service through Java.  I set the encryption and signature settings below using the out and interceptors.    The client told me

For requests (outgoing):
-       Signature – keystore 1
-       Encryption – keystore 2

For responses (incoming)
-       Signature – keystore 2
-       Decryption –  keystore 1

I'm not sure what I'm doing wrong here.  Any ideas?

My code:
package esar.ws.esarwsclient;

import static org.junit.Assert.*;
import xxxxx.interfaces.*;

import org.apache.cxf.endpoint.Client;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.junit.Test;
import java.lang.*;
import java.util.HashMap;

public class EsarWsTest {

	@Test
	public void batchSubmissionAckRetrievalRequestReturnValidResult() {
		CORETransactionService service = new CORETransactionService();
		CORETransaction port = service.getCoreSoapPort();
		
		Client client = ClientProxy.getClient(port);
		Endpoint endpoint = client.getEndpoint();
		
		HashMap<String, Object> outProps = new HashMap<>();
		outProps.put(WSHandlerConstants.ACTION, "Encrypt Signature");
		outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordCallbackHandler.class.getName());
		
		

Open in new window

0
I got two key stores from the customer.  One for encryption and one signing.   I'm new to Java (2 days or so in)  and not quite sure how to exactly do this in pom.xml

So lets say I have:
keystoreOneForEncryption.jks    password: 11111
keystoreTwoForSigning.jks          password: 22222

I got it working SOAP UI.  Not sure if this helps but here are the settings I see from there.
incoming.png
outgoing_encryption.png
outgoing_signature.png
0
HI James ..... I´m back here .... Sadly
I've another computer infected with Fairytail .... I think it´s the same version that i've cleaned earlier.
I´ve Just downloaded your decryptor but i think something went wrong with it.
The earlier version worked fine with me .... but this one seems to give me some trouble. I used it in 3 different PCs' and i received the same error. All of them were running Windows 10 64 bits.
I have a clean file and the same file encrypted to use in the decryptor.
But as soon i select the encrypted file, i receive the error i attach
0
I'm using EncryptedXML to decrypt a SOAP message.  I'm loading the certificate manually and trying to decrypt the message.  But I'm getting the following error:

Unable to retrieve the decryption key.

Open in new window


Here is my code:
stream.Position = 0;
var doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.Load(stream);

var clientCertEnc = new X509Certificate2(@"C:\certificates\xxxxxt.pfx", "xxxxxx");
var privateKeyRSAA = (RSACryptoServiceProvider)clientCertEnc.PrivateKey;

var exml = new EncryptedXml(doc);
exml.AddKeyNameMapping("KeyIdentifier", privateKeyRSAA);
exml.DecryptDocument();

Open in new window


Here is my xml:
<s:Envelope 
        xmlns:s="http://www.w3.org/2003/05/soap-envelope" 
        xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <s:Header>
            <VsDebuggerCausalityData 
                xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo4tYpt6X40FEk+VSAe5mc8MAAAAAP497cBuXfk+uFIOY80O0iuLtIW56q7hLktgVYPhbnHMACQAA
            </VsDebuggerCausalityData>
            <o:Security s:mustUnderstand="1" 
                xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                <o:BinarySecurityToken u:Id="uuid-10490fb0-8ee0-4a4c-a8db-77242c9a3b7f-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 

Open in new window

0

Encryption

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.