I was able to encode a string with uuid_3 but I can not figure out a way to decode it.
My code to encrypt:
new_id = uuid.uuid3(uuid.NAMESPACE_URL, url)
You will not be able to decrypt your uuid. uuid3 is based on an md5 hash, which is an irreversible hashing algorithm. A uuid really shouldn't be relied upon for encryption anyways, since they are just identifiers. There are encryption/decryption schemes designed for this such as foreign key encryption and symmetric key encryption, to name a few.
Related
I am trying to create a smart contract where I have to encrypt (and decrypt) data that I receive from a Python script running on a client. The data will be encrypted on the client-side, and I will have to decrypt it on the smart contract.
I got a smart contract code which can generate a key pair here. I am new to cryptography, and I tried looking up how I can encrypt plaintext using the public key and decrypt using the private key, but I am not getting a proper answer anywhere.
It will be great if someone can guide me to a relevant resource. Thank you.
Actually, this document does a pretty good job of going through the steps of using one particular Python elliptic curve library.
Note that you don't actually encrypt or decrypt large amounts of data using the public/private key. Instead, one uses ECC to create a shared secret key, and then that shared secret key is used with AES or whatever is your encryption algorithm of choice.
I struggle to understand the correct use of an IV (Initialization Vector) when encrypting data in AES.
Precisely, I'm not sure where to store my randomly generated IV: in my script, the data will be encrypted, then saved to a file, then the program will terminate. During the next session, the previously saved data must be decrypted. If my understanding of IVs is correct, I have to use the same IV for decryption as for encryption (but another random-IV for every single encryption process).
Thus, I have to store the IV somewhere - some people recommend prepending it to the encrypted data, but if I get it right that won't work in my case, because I need the IV in order to be able to decrypt it.
Is this correct or did I misunderstand something? I want to avoid saving the encrypted/hashed key and the IV (even if hashed itself) inside some unencrypted plain-text-settings-file or something.
The IV itself is not sensitive data; its just used to scramble the state of the first cipher-text block and the scrambling is not recoverable from the IV itself (the key adds in the "secret" factor).
For "proper" chaining modes the IV is separate from the cipher text (you need the initial IV for both encryption and decryption) and must be stored separately and passed separately to the crypto library API. After encryption you can store the IV however you like - just don't lose it ;).
You can certainly "prepend" / "append" to the cipher text so you only have to store a single blob of data - but you'll just have to split it off prior to decryption as that is what the API will expect.
The "unproper" way to do an IV (e.g. if your crypto library API doesn't have native IV support, but does support chaining) is just to prepend a single block of random data to the plaintext before encrypting it. In this case there isn't any IV to store separately - you simply encrypt the entire IV+message binary pair - and then you simply delete the first block of data after decrypting it. The "random data" you prepend has the same constraints as a real IV (don't reuse the same random data with the same key, etc).
The two approaches are semantically different at the API level, but the effect on the actual encryption is the same (scamble the first block of real payload unpredictably).
In terms of how the IV is used - there are many possible schemes. See the wikipedia article on block chaining here for a convenient picture showing how the IV can be used in various chaining modes when it is really store separately.
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
I have a program that uses the .NET method ProtectedData.Protect to encrypt a password using DataProtectionScope.LocalMachine. I have the decrypted password. From what it looks like the encryption algorithm is TripleDES.
I would like to use Python+Pycrypto to decrypt this password, but I'm not sure what the IV is. Is it reasonably possible to figure out what the IV is and decrypt the PW with Pycrypto?
I want to apply an AES 128b encryption (probably CBC + Padding) on a data stream.
In case it matters, I'm sending chunks of around 1500bits each.
I work in Python, and I did a small test with M2Crypto with AES encrypt in one side and decrypt at the other side. It works perfect, but probably don't really secures anything since I use the same key, same IVS and all that.
So, the question is: What the best approach for AES encryption on large data streams?
I thought about loading a new 'keys' file from time to time. Then, the application will use this file to expend and extract AES keys or something like that, but it still sounds awful to build a new AES object for each chunk, so there must be a better way.
I believe I can also use the IVS here, but not quite sure where and how.
I'm having a download application and I want to encrypt the links for file downloads, so that the user doesn't know the id of the file. Furthermore I'd like to include date/time in the link, and check when serving the file if the link is still valid.
There's a similar question asked here, but I'm running into problems with the character encodings, since I'd like to have urls like /file/encrypted_string/ pointing to the views for downloading, so best would be if the encrypted result only contains letters and numbers. I prefer not using a hash, because I do not want to store a mapping hash <> file somewhere. I do not know if there's a good encryption out there that fulfills my needs...
Sounds like it would be easy, especially if you don't mind using the same encryption key forever. Just delimit a string (/ or : works as well as anything) for the file name, the date/time, and anything else you want to include, then encrypt and b64 it! Remember to use urlsafe_b64encode, not the regular b64encode, which will produce broken urls. It'll be a long string, but so what?
I've done this a few times, using a slight variation: Add a few random characters as the last piece of the key and include that at the beginning or end of the string - more secure than always reusing the same key, without the headaches of a database mapping. As long as your key is complex enough the exposed bits won't be enough to let crackers generate requests at will.
Of course, if the file doesn't exist, don't let them see the decoded result...
By far the easiest way to handle this is to generate a random string for each file, and store a mapping between the key strings and the actual file name or file id. No complex encryption required.
Edit:
You will need to store the date anyway to implement expiring the links. So, you can store the expiration date, a long with the key, and periodically cull out expired links from the table.
If your problem is just one of encryption and decryption of short strings, Python's Crypto module makes it a breeze.
You can encode any character into the url, with django, you may use it's urlencode filter.
However, generating a random string and saving the mapping is more secure.