una_maquina 35 Share Posted December 10, 2020 So this isn't like a complaining thread or anything, I just wanna warn you about this: NEVER, EVER, try to do encryption in Java and Python (I mean just choose one of them and stick to it). I've tried doing RSA on both of them (Python works well, as usual, but Java -- nope). Then tried doing some PBKDF2 hashing, same story. I've been at it for hours. I mean encryption and hashing works fine, but it returns different outputs; and it's hell on earth trying to make it work between these programming languages, for example: I get outputs like these "b'[B@2e226daa\r\n'" from Java... And b'xc6\xf7H#\xc0\xd1\x00\x92\xb3\x01\x98_\xcc\x1aT\x9e\x90\xb1\x84\x06\xdc\xeb?\xabc~y\x14\x13*'' from Python. I don't know how I'm gonna authenticate myself to the server with Java, I'll probably have to write in Python and somehow transfer the data to Java. BTW, if you're interested in this: what I'm trying to achieve is authentication to my Python server. So for example when someone connects to my server, they'll have to provide a password. I generate a RSA private and public key on my server, and send the public key to the client. The client then hashes a password using PBKDF2, encrypts it with RSA pub key and sends it to the server. Then the server checks whether the password is correct or not. If not, it'll deny access to the client. (I'm also using select library on Python to have a smooth process). Link to comment Share on other sites More sharing options...
Pandemic 2675 Share Posted December 10, 2020 Hey there, encryption works fine regardless of language, it's best to use a well known library when trying to do it I'm not super familiar with python, but for the Java output at least, it looks like you're printing the reference/pointer of a byte array ([B@2e226daa) that probably contains your actual encrypted data. You'll need to use the actual output and not the pointer to it. Hope that helps! Link to comment Share on other sites More sharing options...
Neffarion 485 Share Posted December 10, 2020 What Pandemic said If what you want is the encrypted bytes in text form you will need to encode them in Base64 Link to comment Share on other sites More sharing options...
una_maquina 35 Author Share Posted December 10, 2020 Yeah guys, I'm just a bit ignorant of how things work with Java still (and got some holes in encryption as a whole); I managed to make it work though, with base64 encoding, yeah. Also I was doing things in a ridiculous way: I was hashing the password on the client, sending it to the server, and then hashing password on the server too lmao. Now I just encrypt the plaintext password with public RSA key on the client, and have 1 pre-defined hash alongside salt stored in the server. When encrypted password arrives to the server, it gets decrypted with RSA private key, and gets hashed, then the server checks if the hashes match for authentication. Also switched to Scrypt for hashing, heard it's more secure, right? Link to comment Share on other sites More sharing options...
una_maquina 35 Author Share Posted December 11, 2020 You know, going through such a hell makes it all worth it when you see stuff like this This is a screenshot from the server: Link to comment Share on other sites More sharing options...
Neffarion 485 Share Posted December 11, 2020 Nice one I must give you some advice though, you generally shouldn't encrypt the data you want with RSA because there is a small limit on the data size you can encrypt (equal to the key size). You want to create a random key for symetric encryption like AES for example, encrypt the data with it and encrypt that said key with the RSA key you have and then send the encrypted AES key along your encrypted data, then on the server you decrypt the AES key and decrypt the data with that decrypted AES key Link to comment Share on other sites More sharing options...
una_maquina 35 Author Share Posted December 11, 2020 28 minutes ago, Neffarion said: Nice one I must give you some advice though, you generally shouldn't encrypt the data you want with RSA because there is a small limit on the data size you can encrypt (equal to the key size). You want to create a random key for symetric encryption like AES for example, encrypt the data with it and encrypt that said key with the RSA key you have and then send the encrypted AES key along your encrypted data, then on the server you decrypt the AES key and decrypt the data with that decrypted AES key Absolutely dude, I'll use RSA to create AES symmetric encryption; this is common knowledge to me, I was just focusing on the authentication for now, and I don't really care if my communication between the clients aren't encrypted yet (I'm not encrypting the traffic with RSA, it's plaintext for now), there's no sensitive data. But yeah, I'll encrypt it anyways later on. I also don't want to waste resources before authentication is completed. That's why I'd just rather use RSA for the authentication. Then after the client has authenticated, I can establish AES with it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.