cryptography

问题 I have generated a RSA public-private keypair in HSM using PKCS11Interop generate key API. I want to export the keypair. I used Findobject API to get the keys, the API returs an ObjectHandle , while reading attributes using GetAttributeValue API , I am not able to read the key's value. And when I set the key's attribute to CKA_EXTRACTABLE to true, I am not able to generate the key altogether. Also I need to import externally provided keypair in HSM. Any help is highly appreciated. 回答1: What

问题 I'm trying to compute SHA1 of an integer array in the Linux kernel. I have gone through crypto.c / crypto.h and security/integrity/ima/ima_crypto.c but I can't figure out how to init and then update the SHA1 computer. Can someone point me to a tutorial or guide on how to go about doing this? 回答1: There's a pretty good introduction to the linux cryptography api in Documentation/crypto/api-intro.txt. Also check out fs/ecryptfs/crypto.c for a real-life example of how the functions are used. Here

问题 I have a publicKey/privateKey pair generated from this function: public static void generateKey() { try { final KeyPairGenerator keyGen = KeyPairGenerator.getInstance(ALGORITHM); keyGen.initialize(2048); final KeyPair key = keyGen.generateKeyPair(); File privateKeyFile = new File(PRIVATE_KEY_FILE); File publicKeyFile = new File(PUBLIC_KEY_FILE); // Create files to store public and private key if (privateKeyFile.getParentFile() != null) { privateKeyFile.getParentFile().mkdirs(); }

问题 I am using OpenSSL's EVP interfaces to implement AES encryption using GCM mode. Now GCM, being one of the authentication modes, provides cipher text integrity. Meaning it generates a tag (MAC - message authentication code) on the cipher text (and additional data, if provided). This tag can later be checked before decryption, to ensure that the cipher text has not been modified. I have implemented the encryption as per this blog post: http://incog-izick.blogspot.in/2011/08/using-openssl-aes

问题 I had some problems where RSA keys created using the Security.Cryptography.RSAParameters were working only most of the time with RSACryptoServiceProvider.ImportParameters. After a bunch of debugging it appears that the properties of that object want very specific byte buffer sizes. My ASN.1 parsing code has zero-byte-prefix elimination. In fact, some fields of the RSAParameters only work after zero-byte-prefix elimination and others don't work at all if zero-byte-prefix elimination has been

问题 I'm trying to verify PDF's digital signatures. I know that when a PDF is signed, a byterange is defined, the certificates get embedded, and from what i've read, the signed message digest and the timestamp are also stored in the PDF. I already can extract the certificates and validate them. Now I'm trying to validate the pdf's integrity and my problem is I don't know where the signed message digest is located. In this sample signed pdf from Adobe (http://blogs.adobe.com/security

问题 I am currently writing a linux application in C that reads from a configuration file. This configuration file contains some data that I would like to encrypt so it is not plain text. I have spent hours researching this and have not found a viable solution. Since the application will need to read from the configuration I will need to be able to encrypt it and decrypt it on the fly. So far from research I really like openSSL crypto library. I know from the command line you can do: openssl enc

问题 I need to design an application that protects some data in a database against root attack. It means, that even if the aggressor takes control over the machine where data is stored or machine with the application server, he can't read some business critical data from the database. This is a customer's requirement. I'm going to encrypt data with some assymetric algorithm and I need some good ideas, where to store private keys, so that data is secure as well as the application usability was

问题 I need to be compatible with Solaris crypto mech SUN_CKM_AES_CCM. In Linux, I believe I should setup an AEAD request to get "ccm(aes)" mech. Documentation for Linux Crypto does seem rather poor, the best example appears to be tcrypt.c test, and kernel sources. From Solaris, I did a test encryption of a 512 byte block, with 16 byte hmac, and 12 byte iv. This needs to stay the same, and hopefully the results be identical. However, what I think should would work, does not; struct crypto_aead

问题 I am using WinVerifyTrust to verify the validity of some Windows executables with the following function, called in a loop from _tmain : int signature_is_valid(const wchar_t *filepath) { GUID guid = WINTRUST_ACTION_GENERIC_VERIFY_V2; WINTRUST_FILE_INFO file_info = { 0 }; WINTRUST_DATA wd; file_info.cbStruct = sizeof(file_info); file_info.pcwszFilePath = filepath; file_info.hFile = NULL; file_info.pgKnownSubject = NULL; ZeroMemory(&wd, sizeof(wd)); wd.cbStruct = sizeof(wd); wd.dwUIChoice = WTD