Tag: decrypt

Choosing the right cipher / alias crypto wars part twelve

Posted on by mario

Choosing the right cipher for your server.

The wanted options:

  • Only 256 bit
  • Only Mac AEAD[1]  since in TLS 1.3 that is only allowed.
  • Kx (Key exchange) and Au (Authentication) PSK (pre-shared key) is not an option for a webserver
  • DSS cipher is for key auth
  • Kx=DH without an EC ( Elliptic curves) is not secure enough
  • Kx=RSA is weak
  • AESCCM is also a Cipher Block Chaining (CBC)
  • Aria is for Secure Real-Time Transport Protocol (SRTP)
  • DHE-RSA-AES256-GCM-SHA384 and DHE-RSA-CHACHA20-POLY1305 have no EC (elliptic curves)
/opt/openssl/bin/openssl ciphers -v ALL:COMPLEMENTOFALL | grep -v "(128)" | grep "Mac=AEAD" | grep -v "Kx=PSK" | \
grep -v "Au=PSK" | grep -v "Kx=RSAPSK" | grep -v "Au=DSS" | grep -v "Kx=RSA" | grep -v "Enc=AESCCM" | \
grep -v "Enc=ARIAGCM" | grep -v "Au=None" | grep -v "Kx=DH"

The Output

TLS 1.3
TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD

TLS 1.2
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD

At last POLY over AES for speed, and ECDSA over RSA also for speed.

SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384

This was done with the current latest OpenSSL version 1.1.1l

Only for the completeness, GCM is Galois/Counter Mode[2]

 

[1] https://de.wikipedia.org/wiki/Authenticated_Encryption
[2] https://en.wikipedia.org/wiki/Galois/Counter_Mode

PHP crypt command line

Posted on by mario

crypt

#!/usr/bin/php
< ?php
require "crypt.php";

$type = $argv['1'];
$string = $argv['2'];
$key = $argv['3'];
if($type !='' &&  $string != '' && $key != ''){
        if($type=="e"){
                echo encrypt($string,$key);
                echo "\n";
        }
        elseif($type=="d")
        {
                echo decrypt($string,$key);
                echo "\n";
        }
        else
        {
                die('WRONG TYPE');
        }
}
else
{
        echo 'crypt TYPE STRING KEY';
        echo "\n\n";
        echo "TYPE:\n";
        echo "e encrypt\n";
        echo "d decrypt\n";
        echo "\n\n";
        echo "STRING Your string\n";
        echo "KEY Crypt key\n\n";
}
?>

crypt.php

< ?php
/**
 * encrypt()
 *
 * @param mixed $string
 * @param mixed $key
 * @return mixed $retrun
 */
function encrypt($string, $key){

        $result = '';
        $lentgh = strlen($string);
        for($i = 0; $i < $lentgh; $i++) {
                $char = substr($string, $i, 1);
                $keychar = substr($key, ($i % strlen($key))-1, 1);
                $char = chr(ord($char) + ord($keychar));
                $result .= $char;
        }

        return base64_encode($result);
}

/**
 * decrypt()
 *
 * @param mixed $string
 * @param mixed $key
 * @return mixed $return
 */
function decrypt($string, $key){

        $result = '';
        $string = base64_decode($string);
        $lentgh = strlen($string);

        for($i = 0; $i < $lentgh; $i++) {
                $char = substr($string, $i, 1);
                $keychar = substr($key, ($i % strlen($key))-1, 1);
                $char = chr(ord($char) - ord($keychar));
                $result .= $char;
        }

        return $result;
}
?>

Posts Tagged decrypt

Archives by Month: