MozillaZine

[EXT] CryptoData

Announce and Discuss the Latest Theme and Extension Releases.
pag77
 
Posts: 1380
Joined: December 26th, 2013, 10:46 pm

Post Posted June 16th, 2017, 7:07 am

yes, thank you for your suggestion
please wait new version :)

sojourner312
 
Posts: 1
Joined: June 25th, 2017, 7:33 am

Post Posted June 25th, 2017, 7:46 am

I have been playing with cryptodata for a while now and for cut/paste text it works fine. However, you talk about encrypting an entire web site and actually show a couple of example pages. How did you encrypt them? I have not had any success with any of the php or javascript implementations you point to. Can you please walk through an example of encrypting a file. For example the image.png file at http://www.s3blog.org/crypto-data/aes-ctr/image.png Since I have some data on an aws instance I am really interested in being able to encrypt all the data out there and use cryptodata to view it.
Thanks

VLMin
 
Posts: 55
Joined: April 14th, 2006, 7:15 pm

Post Posted June 25th, 2017, 10:15 am

I have the same request, please.

pag77
 
Posts: 1380
Joined: December 26th, 2013, 10:46 pm

Post Posted June 25th, 2017, 12:48 pm

sojourner312 wrote:I have been playing with cryptodata for a while now and for cut/paste text it works fine. However, you talk about encrypting an entire web site and actually show a couple of example pages. How did you encrypt them? I have not had any success with any of the php or javascript implementations you point to. Can you please walk through an example of encrypting a file. For example the image.png file at http://www.s3blog.org/crypto-data/aes-ctr/image.png Since I have some data on an aws instance I am really interested in being able to encrypt all the data out there and use cryptodata to view it.
Thanks

This solution is for webmasters only.
If you own any web server and can make a change to php, perl or other executable files - then you can encrypt both the entire site as a whole and its individual elements

Example:
http://www.s3blog.org/crypto-data.html

I'll show examples for Perl, because I know more about it, but for php the same situation.
Before using need install from cpan Crypt::AES::CTR and Digest::MD5

This code encrypts the text 'Hello World!':
Code: Select all
#!/usr/bin/perl -w
use strict;
use Crypt::AES::CTR;
use Digest::MD5 qw(md5_hex);

print "Content-Type: text/html; charset=utf-8\r\n";
print "Cache-Control: no-store, no-cache, must-revalidate\r\n";
print "Pragma: no-cache\r\n\r\n";

my $key = 's3blogtest';
my $text = 'Hello World!';
my $crypt_text = Crypt::AES::CTR::encrypt($text, $key, 256);

my $md5 = substr(md5_hex($text), 0, 4);
$md5 = uc($md5);

print 'S3CRYPT:BEGIN:AESCTR:' . $md5 . ':' . $crypt_text . ':END';
exit 0;


But you can change 'Hello World!' to the html-page and encrypt it:
Code: Select all
my $text = '<html><body><b>Hello World!</b></body></html>';


If you use "HTML::Template":
Code: Select all
.....
my $tpl = HTML::Template->new(
   filename => 'test.html',
   die_on_bad_params => 0,
   loop_context_vars => 1,
   global_vars => 1,
);
$tpl->param( { your_data=> 'abcdefgh' } );
my $text = $tpl->output();
.....
my $crypt_text = Crypt::AES::CTR::encrypt($text, $key, 256);
.....


Encrypt image/(or other any file):
you can try 2 way:
----
way 1: dynamic
example link: http://your.site/image.crypt.cgi (or image.crypt.php , or image.crypt.pl, or etc...)
----
in your nginx or apache (or other web-server system) set execution script image.crypt.cgi and add this code to main code:
Code: Select all
...
open(F, 'image.png');
my $text = join('', <F>);
close F;
.....
my $crypt_text = Crypt::AES::CTR::encrypt($text, $key, 256);
.....


----
way 2: permanently
example link: http://your.site/image.crypt.txt
----
Pre-encrypt your images and save them in separate text files (for test you can create file-crypt-code using this page(only for RC4): http://www.s3blog.org/crypto-data/cipher/file.html)
example from s3blog: http://s3blog.org/files/others/s3crypt/s3crypt_image_aes_ctr.txt
Use this link in your html:
Code: Select all
<img src="http://s3blog.org/files/others/s3crypt/s3crypt_image_aes_ctr.txt">


If you use CryptoData and use key "s3blogtest" and in settings->encryption of web-site add domain "s3blog.org" then you can see the picture :)
Code: Select all
[img]http://s3blog.org/files/others/s3crypt/s3crypt_image_aes_ctr.txt[/img]

Image

smorgasb
 
Posts: 2
Joined: September 9th, 2017, 7:34 pm

Post Posted September 9th, 2017, 7:41 pm

How does CryptoData identify which of multiple stored keys is the one to attempt to use for a given encryption stream? I tried to use it with a friend, and we immediately ran into a strange issue. I have her stored as:
description: myfriend key:whatever

She has me stored as:
description: smorgasb key:whatever

So our descriptions are different, but our keys match identically. She encrypted a message for me and I attempted to decrypt. CryptoData challenges me that the key was not found. The only way I could get it to work was by creating an entry identical to hers, so I end up with the same key twice:

description: myfriend key:whatever
description: smorgasb key:whatever

Are you using the description field to locate the key? Why would I have to create an entry with an identical description to the one she had?

pag77
 
Posts: 1380
Joined: December 26th, 2013, 10:46 pm

Post Posted September 10th, 2017, 11:24 pm

The key name does not affect the password!
For example:
key name: smorgasb
key value: yutfy%hgfh

Please copy key value without spaces and set another key name and decrypt this text:
S3CRYPT:BEGIN:AESCTR:5346:TgLCoULDiSvCtlnDjMOGw4nCkxbCmMO9Y3vCicKwwoXChmPDsc
OPwrHDnlzCsyzCvcK0Pk3CjsKSCcO9wq5Bw4rDtA3Cv8OabcOP
F8KkLQwEw5vDuMOuMn4dw5gHecO7w7LCuTs=:END

smorgasb
 
Posts: 2
Joined: September 9th, 2017, 7:34 pm

Post Posted September 10th, 2017, 11:34 pm

pag77 wrote:The key name does not affect the password!
For example:
key name: smorgasb
key value: yutfy%hgfh

Please copy key value without spaces and set another key name and decrypt this text:
S3CRYPT:BEGIN:AESCTR:5346:TgLCoULDiSvCtlnDjMOGw4nCkxbCmMO9Y3vCicKwwoXChmPDsc
OPwrHDnlzCsyzCvcK0Pk3CjsKSCcO9wq5Bw4rDtA3Cv8OabcOP
F8KkLQwEw5vDuMOuMn4dw5gHecO7w7LCuTs=:END

I am able to decrypt this message without a problem.

So what is your theory about why CryptoData was unable to handle the first encrypted message from my correspondent? I definitely checked for embedded spaces including at the end of the key string.

And is it correct to deduce from all of this that your software is using some kind of brute-force decoding method and trying out all of the available keys until it locates one that works to decode the message?

pag77
 
Posts: 1380
Joined: December 26th, 2013, 10:46 pm

Post Posted September 11th, 2017, 3:04 am

smorgasb wrote:So what is your theory about why CryptoData was unable to handle the first encrypted message from my correspondent?

I do not know.
Please, send me: your key name, key value, encrypted text

smorgasb wrote:And is it correct to deduce from all of this that your software is using some kind of brute-force decoding method and trying out all of the available keys until it locates one that works to decode the message?


S3CRYPT:BEGIN:<encryption method>:<check sum>:<encrypted text>:END
The program checks all the keys one by one until the checksum matches the decryption of the text

Return to Extension/Theme Releases


Who is online

Users browsing this forum: No registered users and 4 guests