All Questions

Tagged with
657 questions with no upvoted or accepted answers
Filter by
Sorted by
Tagged with
8votes
0answers
857views

Keystore getEntry returns NULL on Android 9

cI have encrypted and decrypted a login password which is stored in the Android Keystore. On Android 9, I observed that the app crashes when trying to decrypt the password(I am not able to reproduce ...
user avatar
  • 1,262
8votes
0answers
2kviews

iOS App Security Best Practices (API Keys, Constants, WS URLs, Credentials)

What are the best practices to add the extra security in iOS App so Attackers/Hackers can not easily find the Secure Private Keys, Constants strings inside the code. P.S: I found some other related ...
user avatar
  • 931
6votes
0answers
2kviews

Securing data at rest in Kafka

We are preparing for our first deployment of Kafka to production, and I'm wondering about the best way to implement data-at-rest security. I've seen a few articles talking about end to end security/...
user avatar
  • 486
6votes
2answers
6kviews

What is the most secure way to encrypt data on iphone/ipad's persistent storage?

I need to temporary store images on iphone/ipad during the session. Once session is finished, I need to delete data downloaded during the session. I want to protect the data while it is on iphone/ipad'...
user avatar
5votes
0answers
413views

What's the best practice to store secret information in memory in Python?

So the problem is that I have some secrets (TOTP/HOTP keys) that need to be used consistently by my program, but I don't want a memory dump to just show them all. I'm talking about common people whose ...
user avatar
5votes
1answer
828views

Securely store user data in DB with Symfony

I want to store data from users so that they become useless even if the database gets leaked somehow. I also don't want to be able to encrypt the data, so I encrypt all my data via `openssl_encrypt' ...
user avatar
  • 2,251
5votes
1answer
247views

How to get unique and consistent device id on Apple device

I need to generate a device ID that complies the following criteria: It is universally unique. It is consistent (as much as possible), i.e. it stays the same for the same device. It requires minimal ...
user avatar
  • 747
5votes
0answers
1kviews

Secure BLE pairing - is it possible?

I'm trying to make a BLE device that actually pairs securely. As far as I know the transport encryption (using AES) is secure in all versions of BLE, once the 'Long Term Key' has been exchanged. BLE 4....
user avatar
  • 76.3k
4votes
1answer
103views

Securing HTML contents from servers of same origin

It's not a common question, but I wonder if any tricks or upcoming standards exist. Belows are a flow and what I want to implement. Web application loaded from server-side Client-side script loads ...
user avatar
  • 1,747
4votes
0answers
785views

How to safely pass user access token (sensitive data) to another iOS app when deep-linking

I am working on an iOS app which will handle user login for other apps. When a login is successful the user will be redirected to user's selected app (if installed) with iOS deep linking using URL ...
user avatar
  • 4,158
4votes
1answer
87views

How can I register a new user with a user-defined unique identifier when leveraging OAuth code flow?

I'm building a sign-up / login flow for a web site. I plan to use Facebook as my identity provider instead of rolling my own. I have a good feel for the server-side login flow with Facebook: Call FB ...
user avatar
  • 1,492
4votes
1answer
2kviews

Phonegap / Cordova: Storing password securely?

I'm developing a Cordova app (at this moment just for iOS) and I need to store the user's password that is used to call some web services to retrieve data. I've been searching information about this, ...
user avatar
  • 959
4votes
1answer
446views

Does jar file change the contents of an encoded text file, when we reimport it?

I have a Java application where I need to protect contents in a text file before it is exported in a jar file. So I encode the file using BlowFish algorithm provided by "javax.crypto.Cipher". And I ...
user avatar
  • 5,755
3votes
3answers
887views

How we can store API keys encrypted inside .net core console application

I am working on a .NET core console application which integrates with 3rd party APIs. and to do the integration I need to pass the API keys inside the API requests. so my question is where/how I can ...
user avatar
  • 7,749
3votes
0answers
832views

How to correctly deal with API keys and storing data locally (C# wpf app)

I'm currently facing a few issues which I need advice on. I apologise in advance if the questions don't make much sense or if they have been answered before (I found somewhat relevant questions, but ...
user avatar
  • 31
3votes
0answers
147views

What happens if my recaptcha secret key is stolen?

In the google website says The secret key authorizes communication between your application backend and the reCAPTCHA server to verify the user's response. The secret key needs to be kept safe for ...
user avatar
3votes
0answers
296views

Doing AES-GCM encryption on Android API Level 15+

I want to do AES-256-GCM encryption on Android API 15+. Here is my code: import android.util.Base64 import java.security.SecureRandom import javax.crypto.Cipher import javax.crypto.SecretKey import ...
user avatar
  • 612
3votes
0answers
517views

Can I cache java.security.PrivateKey object so that I do not have to create PrivateKey by reading it from private key file for better performance

Is java java.security.PrivateKey thread safe? I have to verify digital singature for every request, so I was thinking, once I load the private key file from a physical location, after converting it to ...
user avatar
  • 421
3votes
0answers
296views

Obtaining sensitive data from the user and storing it without hashing so that it can be restored

I'd like to ask for some advice on the app security when it comes to getting the password from the user and storing it. I'm developing a tool using .NET Core (console project) and Selenium WebDriver ...
user avatar
3votes
0answers
76views

Attempting to improve Math.random() in browser

Looking for a little expert advice on this one, my knowledge of cryptography is cursory at best. I'm wondering if this is a viable solution for generating cryptographically secure random numbers. ...
user avatar
3votes
1answer
635views

What's the most secure way to store and use API keys and secret?

It's for a desktop app. I have an API key and secret but I don't know the most secure way to store and use them. If my computer was lost or hacked for example, I want the keys and secret to be ...
user avatar
  • 289k
3votes
0answers
247views

Key Kollision in DES3 Implementation of PyCrypto

I'm pretty new to cryptography and only a user really. I stumbled however over a very interesting "vulnerability" of the DES3 Cipher of the PyCrypto library. I experimented with generating Private ...
user avatar
3votes
0answers
245views

Is that safe to send sensitive data via RabbitMQ messages?

I need to send sensitive data via RabbitMQ. How messages are stored in queue, when ssl is used? Is it guaranteed that noone can get access messages without certificate or i need to somehow encrypt ...
user avatar
3votes
0answers
262views

Cross platform compatibility of iOS encryption

I'm using iOS Security framework for encryption. Specifically I'm using the ECIES encryption which seems to be very specific in the selection of key exchange, derivation, hashing and authenticated ...
user avatar
3votes
0answers
267views

Is there any way of keeping a AndroidKeyStoreEntry even if the App is uninstalled?

Is there any way of keeping a KeyStoreEntry of an App even if the App is uninstalled? We are generating a RSA-KeyPair for a secure device identification, which is stored on the KeyStore. The ...
user avatar
3votes
0answers
83views

Is Azure Cloud Service Local Storage encrypted?

Is Azure Cloud Service Local Storage encrypted? I would like to utilize Local Storage for my worker role as a scratch disk for image manipulation. I'm currently using an encrypted Azure file share,...
user avatar
3votes
0answers
4kviews

Java unable to use security.addProvider (bouncy castle)

I'm trying to create a KeyAgreement with bouncyCastle. It needs EC because I'm working with javacards. Unfortunately it gives an error when I use Security.addProvider(new BouncyCastleProvider());: ...
user avatar
  • 1,386
3votes
0answers
179views

Translating Java RSA encryption routine to Objective-C

I am trying to duplicate an encryption process that is working in Java over to iOS/OSX. My Java code is as follows: PublicKey publicKey = KeyFactory.getInstance("RSA"). ...
user avatar
  • 9,873
3votes
0answers
418views

How does firefox sync password recovery work?

According to Mozilla's article, Firefox Sync's new security model, Firefox servers are not able to decrypt your sync data without your password. So I figure that the browser generates a key from ...
user avatar
3votes
1answer
180views

Is it appropriate to encrypt a file using identifierForVendor?

I'm pondering the correct way to encrypt a file in my application. The following applies to the data stored in the file: The data is not very sensitive The data can be recreated if lost (although it'...
user avatar
  • 5,655
3votes
1answer
1kviews

When to use on the fly AES encryption and fixed key AES encryption?

I am working on AES security in Contiki OS.I have AES library, which supports two type of encryption/decryption: On the fly Fixed key In on-the-fly, when I encrypt data using key, new key and ...
user avatar
3votes
1answer
80views

Should paypal data be encrypted before it's stored?

Just to clarify, I'm not talking about PayPal buttons here. I'm referring to response data I receive when making API calls including IPN. The response data I'm looking to store includes transaction ...
user avatar
  • 3,014
3votes
1answer
2kviews

javax.crypto.BadPaddingException in decrypt method using Base64

I am encrypting and decrypting a password with below the code. public static String encrypt(String data, Key key) throws Exception { Cipher cipher = Cipher.getInstance("RSA"); cipher.init(...
user avatar
3votes
2answers
678views

Application-specific data protection on iOS

I've seen some documentation and videos from WWDC about data protection in iOS5 and it seems very nice since it can encrypt all your application data and keep it protected as long as your device is ...
user avatar
  • 2,875
3votes
1answer
539views

Python encryption scheme that supports multiple decryption keys

Is there a python library that supports (symmetric) encryption of data with the possibility of using multiple decryption keys. I have (sensitive) user data that must be stored encrypted in a database,...
user avatar
3votes
0answers
1kviews

Secure licensing system for iOS app

A few similar questions have been asked before on SO, but I've yet to find one that pinpoints exactly what I'm trying to do. I have an iOS app that I'm trying to build a reasonably secure licensing ...
user avatar
3votes
0answers
6kviews

Error occurred while decoding OAEP padding

I am half way through my problem.. Please Help.. I have successfully encrypted the text using public key of digital signatures but while decrypting it, I am getting the error. Error occurred while ...
user avatar
3votes
3answers
1kviews

Best Practices / Patterns for Enterprise Protection/Remediation of SSNs (Social Security Numbers)

I am interested in hearing about enterprise solutions for SSN handling. (I looked pretty hard for any pre-existing post on SO, including reviewing the terriffic SO automated "Related Questions" list, ...
user avatar
2votes
0answers
28views

Make relational data unreadable to developers with credentials

I'm trying to implement a simple system where some relational data is hidden even from me the developer and sysadmin. I'm not sure what is the right approach and here's my main use case for ServiceX: ...
user avatar
2votes
0answers
211views

Encrypt all user data in my web application

This is not a typical StackOverflow question as it is quite specific and bound to my current project. Given my project (GitHub link), I would like to encrypt or handle all user data in a way that ...
user avatar
  • 1,781
2votes
1answer
337views

Storing key securely using TPM2

I'm working on an embedded system running linux for embedded. The HW has TPM chip. I've made some preparations, I installed the tpm2-tss and tpm2-tools sw libs and I've test them by hashing some data ...
user avatar
  • 123
2votes
0answers
611views

Migrate web.config to appsettings.json with encryption | ASP.NET MVC to ASP.NET CORE

This is a follow up to a question and excellent answer on: ASPNET_REGIIS: Place AES key and IV into a KeyContainer What is the appropriate way for managing secret data that should be encrypted? The ...
user avatar
  • 3,083
2votes
1answer
357views

How do i store sensitive data (such as Database passwords) in an Oracle Database

Basically i'm building a WebApp (ASP.NET MVC5) working with Oracle Database. The application connects to multiple oracle databases and an admin should be able to dynamically add new database ...
user avatar
  • 373
2votes
1answer
1kviews

What are the possible ways to secure sensitive data in my Spring Boot app's database?

I have a spring boot app that has a database which stores customer sensitive data. I want to know how I can: 1. Secure database credentials in properties file. I have heard of libraries that encrypt ...
user avatar
  • 341
2votes
0answers
163views

How to get the type of encryption used in a SecKey?

I get a SecKey from given certificates. Depending on the certificate, the SecKey can use either RSA or EllipticCurve encryption. let certificate = SecCertificateCreateWithData(...
user avatar
2votes
3answers
1kviews

Asp.Net Core Data Protection API to protect data in database

I would like to encrypt some confidential information and save it to a database, and later decrypt it. I've got all of this working fine, and I am protecting and persisting the key on Aws S3 and KMS....
user avatar
2votes
0answers
43views

Is it possible to securely generate two identical outputs based on one input, i.e. hashing that cannot be brute-forced

If you have a distributed system that requires generation of a secure output based on a certain sensitive input, the safest way is to simply use some form of database key that has no relationship to ...
user avatar
  • 86
2votes
1answer
6kviews

Encrypting messages when storing in RabbitMQ persistence storage

I'm using RabbitMQ as the message broker for my application and uses persistent storage as the message storage mechanism. Some of the messages I send to RabbitMQ has sensitive data which needs not be ...
user avatar
  • 1,671
2votes
0answers
184views

VS2017 15.5.1 SSDT Security Change from TripleDES to AES256-CBC?

I am working to establish a CI pipeline for SSIS, with the first step automating the creation of ISPAC deployment packages. I am using the code from: https://github.com/rtumaykin/ssis-build which ...
user avatar
  • 289
2votes
3answers
2kviews

Hashing MAC addresses Java/Android

I want to scan nearby wifi routers and store their mac addresses in a secure manner such that the original mac addresses cannot be reconstructed (or be infeasible to do so). The mac addresses are ...
user avatar
  • 9,406

15 30 50 per page
1
2 3 4 5
14