Does setting Aes KeySize generate a new key? - system.security

According to Microsoft's documentation on System.Security.Cryptography.Aes, the key size can simply be changed by setting the KeySize property.
Does changing the key size automatically generate a new random key of the new key size? The documentation is not clear.

Yes, or no, depending.
Setting KeySize makes the object forget the key. If a new one is provided by setting Key no new key was technically generated. But when the object has no key, but needs one, a new key (of size KeySize) is created and remembered.
In general, you should either set KeySize (to make a random one) or Key (which adjusts KeySizeValue), not both.

Related

What are the main requirements on the RSA 1024 key pair to be usable in javax.crypto.Cipher/BouncyCastle?

While fighting with another problem described Is it possible to use javax.crypto.Cipher RSA 1024 to decrypt the message with the public key? Maybe public key can be used for encryption only? I have observed that javax.crypto.Cipher/BouncyCastle has very harsh constraints on the allowed RSA key pairs. In fact - I have no managed to come up with the RSA key pair that satisfies their requirements. The different error messages were:
java.lang.IllegalArgumentException: RSA publicExponent is even
at com.android.org.bouncycastle.crypto.params.RSAKeyParameters.<init>(RSAKeyParameters.java:28)
at com.android.org.bouncycastle.jcajce.provider.asymmetric.rsa.RSAUtil.generatePublicKeyParameter(RSAUtil.java:48)
at com.android.org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineInit(CipherSpi.java:293)
at com.android.org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineInit(CipherSpi.java:411)
at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2984)
at javax.crypto.Cipher.tryCombinations(Cipher.java:2891)
at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2796)
at javax.crypto.Cipher.chooseProvider(Cipher.java:773)
at javax.crypto.Cipher.init(Cipher.java:1143)
at javax.crypto.Cipher.init(Cipher.java:1084)
javax.crypto.BadPaddingException: error:03000068:bignum routines:OPENSSL_internal:CALLED_WITH_EVEN_MODULUS
at com.android.org.conscrypt.NativeCrypto.RSA_public_encrypt(Native Method)
at com.android.org.conscrypt.OpenSSLCipherRSA$DirectRSA.doCryptoOperation(OpenSSLCipherRSA.java:398)
at com.android.org.conscrypt.OpenSSLCipherRSA.engineDoFinal(OpenSSLCipherRSA.java:316)
at javax.crypto.Cipher.doFinal(Cipher.java:2055)
java.lang.IllegalArgumentException: RSA modulus has a small prime factor
at com.android.org.bouncycastle.crypto.params.RSAKeyParameters.validate(RSAKeyParameters.java:50)
at com.android.org.bouncycastle.crypto.params.RSAKeyParameters.<init>(RSAKeyParameters.java:32)
at com.android.org.bouncycastle.jcajce.provider.asymmetric.rsa.RSAUtil.generatePublicKeyParameter(RSAUtil.java:48)
at com.android.org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineInit(CipherSpi.java:293)
at com.android.org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineInit(CipherSpi.java:411)
at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2984)
at javax.crypto.Cipher.tryCombinations(Cipher.java:2877)
at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2796)
at javax.crypto.Cipher.chooseProvider(Cipher.java:773)
at javax.crypto.Cipher.init(Cipher.java:1143)
I established pretty simple workflow for the generation of key pairs for my tests: I used https://www.csfieldguide.org.nz/en/interactives/rsa-key-generator/ (1024 bits/Format scheme PCKS #1 (base64)) for the generation of pairs and then I copy/pasted public key to the https://lapo.it/asn1js/ and made decoding the public key into 2 integers. I immediately rejected the pair if at least one of the integers was an even number.
But apparently, there are more constraints. What are those constraints? I would be nice to have some (at least partial) list of them so I can implement them in my program that generates kay pairs to reject any pair that does not satisfy this list of requirments.

How to do SSL public key pinning in flutter/dart?

relatively new to Flutter here (and programming in general). Only familiar with the more basic stuffs but I've now encountered the need to use a CertificatePinner such as this in flutter/dart:
https://square.github.io/okhttp/3.x/okhttp/okhttp3/CertificatePinner.html (I've successfully implemented this in my previous kotlin/java project in android studio). My goal is to pin public key (not certificate)
All I have is the public key in the form of a string like shown below, nothing else:
"sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
How do I go about achieving this? I've asked this in an open issue on github but haven't gotten any responses yet (https://github.com/dart-lang/sdk/issues/35981). Hoping someone has managed to achieve this.
I've also scoured through other sources. I think the closest one to a solution for me is How can I do public key pinning in Flutter?
but I don't quite get what is being done there and I can't comment to ask questions there since I don't have enough reputation yet.
For comparison, all I want to do is achieve the same thing in flutter/dart what I could in java/kotlin with these few lines of code:
String hostname = "publicobject.com";
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
.build();
Thanks for your help
Start with the code in the answer you refer to. That takes the certificate in DER format and starts decoding it.
ASN1Parser p = ASN1Parser(der);
ASN1Sequence signedCert = p.nextObject() as ASN1Sequence;
ASN1Sequence cert = signedCert.elements[0] as ASN1Sequence;
ASN1Sequence pubKeyElement = cert.elements[6] as ASN1Sequence;
// this is the Subject Public Key element, which describes the type of key and actual value
For example, if we decode the certificate of pub.dev we find that it's an RSA key with a modulus of 65537 and a value of 2347......:
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1)
NULL
BIT STRING (1 elem)
SEQUENCE (2 elem)
INTEGER (2048 bit) 234782553149463204049153749736864715384123240676730175743244004248041…
INTEGER 65537
From the RFC, the SPKI fingerprint is the SHA-256 hash of this whole element.
// you need to import dart:convert and package:crypto/crypto.dart
var hash = base64.encode(sha256.convert(pubKeyElement.contentBytes()).bytes);
var spkiFingerprint = 'sha256/$hash'; // should match the value you have
Caveats
The badCertificateCallback doesn't deliver the whole certificate chain, so you can't walk up the whole chain. What's worse is that it doesn't always seem to deliver the leaf certificate! Sometimes it delivers an intermediate certificate.

Rundeck - dynamic mapping for ssh keys

I am looking into importing my nodes using the EC2 plugin
My mapping is setup to import the key as one of the values, but I don't seem to be able to figure out how to concatenate the dynamic value coming from the node with the string that will represent the ssh key path. Effectively what I would like to achieve is something along those lines:
ssh-keypath.default=/path/to/key/directory/${keyName}.pem;
this, however sets my keypath to literal "/path/to/key/directory/${keyName}.pem"
I figured out how to do this:
In Mapping Params i set keyName.selector=keyName;
In Default Node Executor / SSH Key File path i can now set /path/to/keys/${node.keyName}.pem
This means that if I add all of my keys to /path/to/keys/ they will load dynamically as long as the keyName is correct.

Powershell and AES: If the Salt and IV are both fixed or known, is the encryption inherently unsafe or easier to crack?

I have recently been using this script to do some data encryption for a different script that I will later on be passing to other users, and I'm currently using a fixed IV and Salt. The reason I am currently using a fixed Salt and IV is that the data I have encrypted only needs to be encrypted once, but will need to be decrypted every time my script is run. As such, having everything fixed means that only the password needs to be known to other users of my script.
From reading around, it seems that having the Salt known does not make too much difference to the ease at which the data can be maliciously decrypted if it is unique, however I assume that by using a fixed Salt I am currently mooting the point of applying it.
My Password that I am passing into this script is entered at the point of encryption/decryption, and is not stored anywhere.
By keeping the Password completely secret, does this strengthen the encryption somewhat?
In addition, does anyone have any advice for a potentially safer implementation?
Many thanks for all help.
Salts and IV's serve the same purpose, preventing the re-use of work by starting at a random starting point. When you are hashing you call it a Salt, when you are encrypting you call it a IV.
Having a fixed Salt and VI is the same affect as having no Salt or IV, the entire point of those two things is they are different every time so if I crack the key on File A I can't reuse the work for File B, I have to start from scratch again.
Normally the Salt and IV are just prepended to the front of the file or are in the file header. When you go to decrypt the file you read in the IV/Salt first then start reading your encrypted data.
What I would do is instead of using a fixed salt and fixed IV I would just let the program generate the Salt and IV.
$r = new-Object System.Security.Cryptography.RijndaelManaged
$r.GenerateIV();
#generate a new instance of our KDF with a random 32 bit salt.
$deriveBytes = new-Object Security.Cryptography.Rfc2898DeriveBytes($Passphrase, 32)
$r.Key =$deriveBytes.GetBytes(32) #generate a 32 bit key based off of $Passphrase
#store $r.IV.Length, $r.IV, $deriveBytes.Salt at the front of your file ($deriveBytes.Salt we know will be 32 bytes big because we set it)
Further reading:
- Is it safe to have the salt equal to IV?
- Secret vs. Non-secret Initialization Vector
- Why would you need a salt [...] when IV is already randomly generated and stored with the encrypted data?

Couchbase startkey as literal value

I am using couchbase to save objects.
The key of a document looks like this
"xxxx_someRandomValue"
For example, i can have this keys
aaaa_1
aaaa_2
aaab_1
aaab_2
I am making a view, which should return me all the documents of which key starts with literal "aaaa".
But, if i specify startKey="aaaa", it also finds for me "aaab", because it is comparing it in unicode values.
Can i force the view to return me just the documents of which key start with literal "aaaa_" ?
Found the solution:
To work as a prefix, this should work
startkey="aaaa"&endkey="aaaa\u02ad"
documentation
Have you tried with an endkey value in addition to your startkey, something like
&startkey="aaaa"&endkey="aaaa\uefff"
You can find more information about sorting here:
http://blog.couchbase.com/understanding-letter-ordering-view-queries
try this one
startkey=aaaa&endkey=aaab
The API startKey(final String KEY) returns all the jsons whose keys (document name) are bigger or equal than the unicode value of KEY.
The API endKey(final String KEY) returns all the jsons whose keys (document name) are smaller than the unicode value of KEY.
So in your case startkey="aaaa"&endkey="aaab" (as suggested by avsej) should give you the desired result.
So the common sense says the API endKey is about compare the end of the key but it's false.