Posts Tagged encrypt

http/2.0 sslciphersuites with 256 bit alias crypto wars part four

To get rid of 128 bit encryption I had to disable

ECDHE-RSA-AES128-GCM-SHA256

But then I got error messages from the popular browsers Server negotiated HTTP/2 with blacklisted suite. That is caused by DHE-RSA-AES256-SHA and ECDHE-RSA-AES256-SHA

With a lof of trial and error I came to the following

Listen 443
<If "%{SERVER_PORT} == '443'">
    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15553000; preload"
    </IfModule>
</If>

ProtocolsHonorOrder On
Protocols h2c h2 http/1.1

SSLUseStapling off
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256 

However that has the negative effect that Android smaller than 7 and smaller than IE 11 can’t connect to the server. Also some older Firefox versions can’t connect. Depending on the application it might be worth to use such a config that doesn’t allow 128 bit encrypted connections.

Tags: , , ,

PHP crypt command line

crypt

#!/usr/bin/php
< ?php
require "crypt.php";

$type = $argv['1'];
$string = $argv['2'];
$key = $argv['3'];
if($type !='' &&  $string != '' && $key != ''){
        if($type=="e"){
                echo encrypt($string,$key);
                echo "\n";
        }
        elseif($type=="d")
        {
                echo decrypt($string,$key);
                echo "\n";
        }
        else
        {
                die('WRONG TYPE');
        }
}
else
{
        echo 'crypt TYPE STRING KEY';
        echo "\n\n";
        echo "TYPE:\n";
        echo "e encrypt\n";
        echo "d decrypt\n";
        echo "\n\n";
        echo "STRING Your string\n";
        echo "KEY Crypt key\n\n";
}
?>

crypt.php

< ?php
/**
 * encrypt()
 *
 * @param mixed $string
 * @param mixed $key
 * @return mixed $retrun
 */
function encrypt($string, $key){

        $result = '';
        $lentgh = strlen($string);
        for($i = 0; $i < $lentgh; $i++) {
                $char = substr($string, $i, 1);
                $keychar = substr($key, ($i % strlen($key))-1, 1);
                $char = chr(ord($char) + ord($keychar));
                $result .= $char;
        }

        return base64_encode($result);
}

/**
 * decrypt()
 *
 * @param mixed $string
 * @param mixed $key
 * @return mixed $return
 */
function decrypt($string, $key){

        $result = '';
        $string = base64_decode($string);
        $lentgh = strlen($string);

        for($i = 0; $i < $lentgh; $i++) {
                $char = substr($string, $i, 1);
                $keychar = substr($key, ($i % strlen($key))-1, 1);
                $char = chr(ord($char) - ord($keychar));
                $result .= $char;
        }

        return $result;
}
?>

Tags: , , , , ,

Archives by Subject:

Archives by Month: