User Profile

Posts

Posts

Post marked as solved
7 Replies
Replied In Cryptokit - How to get PEM representation of Curve25519 Public Key
The server was generating using a different library, hence what Eskimo was telling right. Though we were sending the correct keys, server was expecting something else. The server was accepting requests based on a Java library, so it was working on Android. In the end we switched to using Tink library by Google for iOS
Post marked as solved
7 Replies
Replied In Cryptokit - How to get PEM representation of Curve25519 Public Key
As of now, the said reply works for me, but the server is still not accepting it. We're waiting for talks from them to finalise on the format. Thank you Eskimo :)
Post marked as solved
7 Replies
Replied In Cryptokit - How to get PEM representation of Curve25519 Public Key
Hi Eskimo, Somehow, the suggested prefix is not working with the server. The server is expecting something similar to this (I got this from the hex of the given server public key's data) Data([0x30, 0x82, 0x01, 0x31, 0x30, 0x81, 0xea, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30, 0x81, 0xde, 0x02, 0x01, 0x01, 0x30, 0x2b, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x20, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xed, 0x30, 0x44, 0x04, 0x20, 0x2a, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x98, 0x49, 0x14, 0xa1, 0x44, 0x04, 0x20, 0x7b, 0x42, 0x5e, 0xd0, 0x97, 0xb4, 0x25, 0xed, 0x09, 0x7b, 0x42, 0x5e, 0xd0, 0x97, 0xb4, 0x25, 0xed, 0x09, 0x7b, 0x42, 0x5e, 0xd0, 0x97, 0xb4, 0x26, 0x0b, 0x5e, 0x9c, 0x77, 0x10, 0xc8, 0x64, 0x04, 0x41, 0x04, 0x2a, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xad, 0x24, 0x5a, 0x20, 0xae, 0x19, 0xa1, 0xb8, 0xa0, 0x86, 0xb4, 0xe0, 0x1e, 0xdd, 0x2c, 0x77, 0x48, 0xd1, 0x4c, 0x92, 0x3d, 0x4d, 0x7e, 0x6d, 0x7c, 0x61, 0xb2, 0x29, 0xe9, 0xc5, 0xa2, 0x7e, 0xce, 0xd3, 0xd9, 0x02, 0x20, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0xde, 0xf9, 0xde, 0xa2, 0xf7, 0x9c, 0xd6, 0x58, 0x12, 0x63, 0x1a, 0x5c, 0xf5, 0xd3, 0xed, 0x02, 0x01, 0x08, 0x03, 0x42, 0x00]) If I add this prefix to the raw bytes, and then base64 encode it, I get something like this: MIIBMTCB6gYHKoZIzj0CATCB3gIBATArBgcqhkjOPQEBAiB/////////////////////////////////////////7TBEBCAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqYSRShRAQge0Je0Je0Je0Je0Je0Je0Je0Je0Je0Je0JgtenHcQyGQEQQQqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq0kWiCuGaG4oIa04B7dLHdI0UySPU1+bXxhsinpxaJ+ztPZAiAQAAAAAAAAAAAAAAAAAAAAFN753qL3nNZYEmMaXPXT7QIBCANCALG4aNI0Dxlyo1FqE+EUPCzIiSIYcchBQSjdzazH7eI6 which is somewhat similar to the expected string. So I'm guessing I need to find out what THIS particular header corresponds to (client confirms that this is curve25519 key ) Any help with this header? :)
Post marked as solved
7 Replies
Replied In Cryptokit - How to get PEM representation of Curve25519 Public Key
Hard luck :( I tried this method but the online pem parser - (8gwifi.org/PemParserFunctions.jsp) and server are returning an error : java.lang.Exception: Error Performing Parsing java.lang.Exception: org.bouncycastle.openssl.PEMException: unable to convert key pair: no such algorithm: 1.3.101.110 for provider BC
Post marked as solved
7 Replies
Replied In Cryptokit - How to get PEM representation of Curve25519 Public Key
Wow!!! That's just super awesome.. base64encoded text, and then remove the Hey Eskimo, will the reverse work ? Like I can convert the pem to input for curve25519 for creating public key?
Post marked as solved
11 Replies
Replied In CryptoKit - generate Curve25519 public key from a long base 64 string given from server
Yes, I did understand during my investigation that Curve25519 wasn't working. But using SecKey was working. I was able to generate a SecKey like so : let keyDict:[NSObject:NSObject] = [         kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,         kSecAttrKeyClass: kSecAttrKeyClassPublic,        ]      let publicKey= SecKeyCreateWithData(serverPublicKeyData.suffix(65) as NSData, keyDict as NSDictionary, &error) but then encryption using this was failing        cipherData = SecKeyCreateEncryptedData(publicKey as! SecKey, .eciesEncryptionStandardVariableIVX963SHA256AESGCM, message as CFData, &error)as Data? with the error Error Domain=NSOSStatusErrorDomain Code=-26275 "ECpriv failed to compute shared secret (err -1)" Then I realised it must be because I wasn't creating a shared secret to pass to SecKeyCreateEncryptedData. I tried creating Shared Secret so : swift      guard let randomPrivateKey = SecKeyCreateRandomKey(attributes as CFDictionary, &error) else { return }          guard let sharedSecret = SecKeyCopyKeyExchangeResult(randomPrivateKey, .ecdhKeyExchangeStandardX963SHA256, publicKey, dict as   CFDictionary, &error) else {return} But that as well returned the error Error Domain=NSOSStatusErrorDomain Code=-26275 "ECpriv failed to compute shared secret (err -1)" Please help Eskimo!
Post marked as solved
11 Replies
Replied In CryptoKit - generate Curve25519 public key from a long base 64 string given from server
Right, but it’s a public key so it doesn’t have to be kept secret. If your crypto needs to keep public keys private then you have bigger problems (-: haha okay :D here's the original string without any tampering :) MIIBMTCB6gYHKoZIzj0CATCB3gIBATArBgcqhkjOPQEBAiB/////////////////////////////////////////7TBEBCAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqYSRShRAQge0Je0Je0Je0Je0Je0Je0Je0Je0Je0Je0JgtenHcQyGQEQQQqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq0kWiCuGaG4oIa04B7dLHdI0UySPU1+bXxhsinpxaJ+ztPZAiAQAAAAAAAAAAAAAAAAAAAAFN753qL3nNZYEmMaXPXT7QIBCANCAARaJnOn+Y99BHnVk06kR5/JFgEjwWwU3Vj+VeHGyQHyLGs8DqgeVf4a2GfazF+j9HKMWtS3DCHQWKjaRhrg5qZy So, the CryptoKit raw representation for a Curve 25519 key is 32 bytes of unstructured data, but you’re trying to feed it a whole bunch of ASN.1. I tried manually taking out the BIT STRING part.. but I guess I'm no good at extracting.. plus I would definitely need the iOS swift code for extracting the BIT STRING but hours of rummaging through stack overflow or internet hasn't helped me. (you're my last hope Mr. Eskimo :) ) As to how you can strip this header, the best option depends on your platform. Are you targeting macOS? Or an iOS-based platform? Yes, I guess that's where I'm getting stuck. I am not able to properly extract the required public key info. I'm targeting an iOS-based platform (an iPhone app) and I'm using swift language
Post marked as solved
11 Replies
Replied In CryptoKit - generate Curve25519 public key from a long base 64 string given from server
I also tried creating encrypted data using        cipherData = SecKeyCreateEncryptedData(publicKeyUsingSecKey, .eciesEncryptionStandardVariableIVX963SHA256AESGCM, message.jsonData as CFData, &error)as Data? but that also returns nil with error: Error Domain=NSOSStatusErrorDomain Code=-26275 "ECpriv failed to compute shared secret (err -1)" UserInfo={numberOfErrorsDeep=0, NSDescription=ECpriv failed to compute shared secret  what would that mean? the secKey just needs to be from the public key right
Post marked as solved
11 Replies
Replied In CryptoKit - generate Curve25519 public key from a long base 64 string given from server
The encryption was sadly failing :(      status = SecKeyEncrypt(publicKeyUsingSecKey!, .PKCS1SHA256, message, message.count, &encrypted, &size)     if status != noErr {       print("encryption error")     } I'm getting status as -50
Post marked as solved
11 Replies
Replied In CryptoKit - generate Curve25519 public key from a long base 64 string given from server
Wow!!! adding suffix(65) worked :D :D Thanks a lot Eskimo!! I was able to pass that to SecKeyCreateWithData, and that worked!!  let keyDict:[NSObject:NSObject] = [        kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,        kSecAttrKeyClass: kSecAttrKeyClassPublic,        ]      let publicKeyUsingSecKey = SecKeyCreateWithData(serverPublicKeyData.suffix(65) as NSData, keyDict as NSDictionary, &error) Although it didn't work for creating the public key using      let serverPublicKeyUsingCurve25519= try! Curve25519.KeyAgreement.PublicKey(rawRepresentation: serverPublicKeyData.suffix(65)) But alas I DID get a SecKey!! now I can encrypt using this..!! Thank you Eskimo :D .. I'll update after I Encrypt :D
Post not yet marked as solved
20 Replies
Replied In MacOS: EC public key creation from data failed
I'm sorry but I didn't get you :( what value should I base64 encode ?
Post not yet marked as solved
20 Replies
Replied In MacOS: EC public key creation from data failed
Hi Eskimo, I'm also trying to extract the BIT STRING part so as to create public key using SecKeyCreateWithData, but was failing with "EC public key creation from data failed" So I tried checking out with the same string that's discussed here. I created txt file with the base64 encoded string echo "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAECDDYmcIpUxC2EVJu8o/qPHPoZMId11A/2nVAXJByFOYSigUnZ6njK4qZQMGxLr3xNND17yYoXZ21QKus4bUHfg==" new.txt Then I base64 decoded it to a file base64 --decode new.txt decoded.asn1   Then I checked with dumpasn1 $ dumpasn1 -p decoded.asn1 SEQUENCE {  SEQUENCE {   OBJECT IDENTIFIER ecPublicKey (1 2 840 10045 2 1)   OBJECT IDENTIFIER secp256k1 (1 3 132 0 10)   }  BIT STRING   04 08 30 D8 99 C2 29 53 10 B6 11 52 6E F2 8F EA   3C 73 E8 64 C2 1D D7 50 3F DA 75 40 5C 90 72 14   E6 12 8A 05 27 67 A9 E3 2B 8A 99 40 C1 B1 2E BD   F1 34 D0 F5 EF 26 28 5D 9D B5 40 AB AC E1 B5 07   7E  } The output was the same as yours Then I tried hexdump: hexdump -Cv decoded.asn1  00000000 30 56 30 10 06 07 2a 86 48 ce 3d 02 01 06 05 2b |0V0...*.H.=....+| 00000010 81 04 00 0a 03 42 00 04 08 30 d8 99 c2 29 53 10 |.....B...0...)S.| 00000020 b6 11 52 6e f2 8f ea 3c 73 e8 64 c2 1d d7 50 3f |..Rn...s.d...P?| 00000030 da 75 40 5c 90 72 14 e6 12 8a 05 27 67 a9 e3 2b |.u@\.r.....'g..+| 00000040 8a 99 40 c1 b1 2e bd f1 34 d0 f5 ef 26 28 5d 9d |..@.....4...&(].| 00000050 b5 40 ab ac e1 b5 07 7e              |.@.....~| 00000058 but as you can see, the complete data was getting converted. So I tried using hexdump with offset 23. hexdump -Cv -s 23 decoded.asn1 hexdumped.dat          00000017 04 08 30 d8 99 c2 29 53 10 b6 11 52 6e f2 8f ea |..0...)S...Rn...| 00000027 3c 73 e8 64 c2 1d d7 50 3f da 75 40 5c 90 72 14 |s.d...P?.u@\.r.| 00000037 e6 12 8a 05 27 67 a9 e3 2b 8a 99 40 c1 b1 2e bd |....'g..+..@....| 00000047 f1 34 d0 f5 ef 26 28 5d 9d b5 40 ab ac e1 b5 07 |.4...&(]..@.....| 00000057 7e                        |~| 00000058 this gave me the desired output. But when I try to base64 encoding, this is what I got base64 -b 76 hexdumped.dat            MDAwMDAwMTcgIDA0IDA4IDMwIGQ4IDk5IGMyIDI5IDUzICAxMCBiNiAxMSA1MiA2ZSBmMiA4ZiBl YSAgfC4uMC4uLilTLi4uUm4uLi58CjAwMDAwMDI3ICAzYyA3MyBlOCA2NCBjMiAxZCBkNyA1MCAg M2YgZGEgNzUgNDAgNWMgOTAgNzIgMTQgIHw8cy5kLi4uUD8udUBcLnIufAowMDAwMDAzNyAgZTYg MTIgOGEgMDUgMjcgNjcgYTkgZTMgIDJiIDhhIDk5IDQwIGMxIGIxIDJlIGJkICB8Li4uLidnLi4r Li5ALi4uLnwKMDAwMDAwNDcgIGYxIDM0IGQwIGY1IGVmIDI2IDI4IDVkICA5ZCBiNSA0MCBhYiBh YyBlMSBiNSAwNyAgfC40Li4uJihdLi5ALi4uLi58CjAwMDAwMDU3ICA3ZSAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHx+fAowMDAwMDA1OAo= This is not at all like the string that you got - BAgw2JnCKVMQthFSbvKP6jxz6GTCHddQP9p1QFyQchTmEooFJ2ep4yuKmUDBsS698TTQ9e8mKF2d tUCrrOG1B34= What could have gone wrong? can you help me out? If I can find the issue, maybe I'll be able to fix it for my actual string as well. Why is it that the base64 string is different?
Post marked as solved
11 Replies
Replied In CryptoKit - generate Curve25519 public key from a long base 64 string given from server
I haven't put the exact string as it's given by the client, But have altered it still maintaining the length : "MIIBMTCB6gYHKoZIzj0CATCB3gIBATArBgcqhkjOPQEBAiB/////////////////////////////8888888888//7TBEBCAqqqqqqqqqqqqqqqqqttttttttttqffffffffYSRShRAQge0Je0Je0Je0Je0Je8Kr0Je8Kr0Je0Je0JgtenHcQyGQEQQQqqqqqqqqggggggggggqqqqqqqqqqqgggggggggg0kWiCuGaG4oIa04B7dLHdI0UySPU1+bXxhsinpxaJ+ztPZAiAQAAAAAAAAAAFFFFFFFFFFFN753qL3nNZYEmMaXPXT7QIBCBNCFFRaJnOn+Y99BHnVk06kR5/JFgEjwWwU3Vj+VeHGyQHyLGs8DqgeVf4a2GfazF+j9HKMWtS3DCHQWKjaRhrg5qZy" It does look like some tampered string... but the encryption and key creation works in android - so it's valid
Post not yet marked as solved
20 Replies
Replied In MacOS: EC public key creation from data failed
Thanks a lot for the reply Eskimo, but what I wanted to know was, why was the base64 string different in my case ? base64 -b 76 hexdumped.dat           MDAwMDAwMTcgIDA0IDA4IDMwIGQ4IDk5IGMyIDI5IDUzICAxMCBiNiAxMSA1MiA2ZSBmMiA4ZiBlYSAgfC4uMC4uLilTLi4uUm4uLi58CjAwMDAwMDI3ICAzYyA3MyBlOCA2NCBjMiAxZCBkNyA1MCAgM2YgZGEgNzUgNDAgNWMgOTAgNzIgMTQgIHw8cy5kLi4uUD8udUBcLnIufAowMDAwMDAzNyAgZTYgMTIgOGEgMDUgMjcgNjcgYTkgZTMgIDJiIDhhIDk5IDQwIGMxIGIxIDJlIGJkICB8Li4uLidnLi4rLi5ALi4uLnwKMDAwMDAwNDcgIGYxIDM0IGQwIGY1IGVmIDI2IDI4IDVkICA5ZCBiNSA0MCBhYiBhYyBlMSBiNSAwNyAgfC40Li4uJihdLi5ALi4uLi58CjAwMDAwMDU3ICA3ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHx+fAowMDAwMDA1OAo= This is not at all like the string that you got - BAgw2JnCKVMQthFSbvKP6jxz6GTCHddQP9p1QFyQchTmEooFJ2ep4yuKmUDBsS698TTQ9e8mKF2d tUCrrOG1B34= I used the same string for checking