[Glass] Encryption in GemStone
Locked
[Glass] Encryption in GemStone
 
|
Hi guys. I need both types of encryption: one-way and 2-way. In pharo I am using SecureHashAlgorithm for one way and for 2 way I use Blowfish (plus some add ons I put).
What do you use in GemStone? I didn't fine anything in the programming guide.
_______________________________________________ Glass mailing list [hidden email] http://lists.gemtalksystems.com/mailman/listinfo/glass |
Re: [Glass] Encryption in GemStone
|
|
Hi Mariano,
I don't have a solution for Blowfish Grease has an abstraction for the secure hash: GRPlatform>>secureHashFor: Last summer, I tried to use the port of the Cryptography package to Gemstone [3] but I ended up only using/porting the parts to make SHA256 work because I was under time pressure to deliver an implementation that uses Json Webtoken [1][2]. My version of the Cryptography core for Gemstone and the SHA256 package are still on a local repository. I dit not make it public yet because of it's intermediate ported state. Also: loading Cryptography on Pharo 2.0 causes a lot of dirty packages.... so I wonder about its future in Pharo. I notice there is an implementation of Blowfish in the squeak/pharo version. Is this the one you are using? Johan [1] http://tools.ietf.org/html/draft-ietf-oauth-json-web-token [2] http://smalltalkhub.com/#!/~JohanBrichau/Json-WebToken [3] http://seaside.gemtalksystems.com/ss/Cryptography.html On 20 Nov 2013, at 04:01, Mariano Martinez Peck <[hidden email]> wrote: > Hi guys. I need both types of encryption: one-way and 2-way. In pharo I am using SecureHashAlgorithm for one way and for 2 way I use Blowfish (plus some add ons I put). > > What do you use in GemStone? I didn't fine anything in the programming guide. > > Thanks! > > -- > Mariano > http://marianopeck.wordpress.com > _______________________________________________ > Glass mailing list > [hidden email] > http://lists.gemtalksystems.com/mailman/listinfo/glass _______________________________________________ Glass mailing list [hidden email] http://lists.gemtalksystems.com/mailman/listinfo/glass |
Re: [Glass] Encryption in GemStone
|
|
On Wed, Nov 20, 2013 at 4:49 AM, Johan Brichau <[hidden email]> wrote: Hi Mariano, Hi Johan, Somehow I thought the Pharo's version of Blowfish was ported to GemStone, since the developer is Paul DeBruicker, but maybe it is not :( Grease has an abstraction for the secure hash: GRPlatform>>secureHashFor: Thanks, yes, I noticed we have SecureHashAlgorithm in GemStone.
Would be nice to have SHA256 :) I notice there is an implementation of Blowfish in the squeak/pharo version. Is this the one you are using? Yes. Maybe (if it is just the Smalltalk part) it is not difficult to port. What I am not sure is that sometimes these algorithms assumes the size of the world (32 bits or 64 bits)... so that would be a difference between Pharo and GemStone.
I will see if I can make it work. Thanks Johan,
Mariano http://marianopeck.wordpress.com _______________________________________________ Glass mailing list [hidden email] http://lists.gemtalksystems.com/mailman/listinfo/glass |
Re: [Glass] Encryption in GemStone
|
|
Well, it seems to work for my small test. I needed to add #unsignedLongAt: index bigEndian: aBool to ByteArray to my compatibility layer.
Then I modified #decryptString: aString with: aKey and #decryptToString: someData with: aKey to do a ^ decryptedData asByteArray asString. instead of ^String fromByteArray: decryptedData asByteArray . Because GemStone String does not implement #fromByteArray: and to avoid another extension method...
Paul, shall I commit this change to the Pharo version since in Pharo #fromByteArray: ends up doing the same? Thanks,
Mariano http://marianopeck.wordpress.com _______________________________________________ Glass mailing list [hidden email] http://lists.gemtalksystems.com/mailman/listinfo/glass |
Re: [Glass] Encryption in GemStone
|
|
Ok, and after a few more extensions, all tests are green. Maybe it is time to start committing to the new compatibility repo... Cheers, On Wed, Nov 20, 2013 at 10:20 AM, Mariano Martinez Peck <[hidden email]> wrote:
Mariano http://marianopeck.wordpress.com _______________________________________________ Glass mailing list [hidden email] http://lists.gemtalksystems.com/mailman/listinfo/glass |
Re: [Glass] Encryption in GemStone
|
|
Mariano, If you register on GemSource I'll add you to GLASS_DEVS which gives you write access to a bunch of projects ... Alternatively we can create repos up on glassdb/github ... also do you have a github id? Dale From: "Mariano Martinez Peck" <[hidden email]> _______________________________________________ Glass mailing list [hidden email] http://lists.gemtalksystems.com/mailman/listinfo/glass |
Re: [Glass] Encryption in GemStone
|
|
In reply to this post by Mariano Martinez Peck
Hi Mariano, Yes I think you should commit your version to the smalltalkhub repo. I originally wrote it to eventually have a Smalltalk bcrypt implementation. I stopped work on the Smalltalk bcrypt version (& Blowfish) when I could determine that my version was going to be about 5000x slower than the C version you could access through FFI. As we've discussed the Blowfish implementation works on Pharo for 8 byte chunks only. I'd need to implement cipher block chaining [0] to have it work for longer strings For one-way hashes be aware that SecureHashAlgorithm implements SHA-1 which has been shown to be vulnerable to attack [1] since 2005. In the Cryptography repo on GemSource [2] there is the PasswordHashingFFI which on linux at least gives you access to bcrypt and the more modern one way SHA algorithms in the crypt(3) library. For bcrypt you'll need a 64 bit version of libxcrypt installed for GemStone Thanks for keeping up on this Paul [0] https://en.wikipedia.org/wiki/Cipher_block_chaining [1] https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html [2] http://seaside.gemtalksystems.com/ss/Cryptography |
Re: [Glass] Encryption in GemStone
|
|
On Wed, Nov 20, 2013 at 12:29 PM, Paul DeBruicker <[hidden email]> wrote: Mariano Martinez Peck wrote Hi Paul, Did you write a FFI wrapper already for that? As we've discussed the Blowfish Yes, I know :( if you have a string bigger than 8 characters the rest remains unencrypted :( But this is the only two-way encrypting we have out of the box for GemStone, isn't it?
For one-way hashes be aware that SecureHashAlgorithm implements SHA-1 which OK, good to know. Thanks for keeping up on this Mariano http://marianopeck.wordpress.com _______________________________________________ Glass mailing list [hidden email] http://lists.gemtalksystems.com/mailman/listinfo/glass |
Re: [Glass] Encryption in GemStone
|
|
Paul, may I ask if at least you could encrypt multiple chunks of 8 chars?
For example: | enc encryptedString key decrString | key:='mySecretKey'. enc:=Blowfish encryptString:'1234567812345678' with: key.
encryptedString := enc asByteArray asString. Transcript show: ' encrypted: ', encryptedString; cr. decrString:=Blowfish decryptString: encryptedString with: key. Transcript show: ' decrypted: ', decrString; cr.
I would love if you would be able to encrypt the whole string...I mean, you encrypt as much multiples of 8 as you can, and only let the rest (always will be smaller than 8 chars) unencrypted...
is that doable without much work? Thanks
Mariano http://marianopeck.wordpress.com _______________________________________________ Glass mailing list [hidden email] http://lists.gemtalksystems.com/mailman/listinfo/glass |
Re: [Glass] Encryption in GemStone
|
|
The wikipedia article I posted is all I know about it. It doesn't seem like too much work. You need a way to make a random 8 byte initialization vector (nonce). Then it looks like you just xor the first 8 byte block of your plaintext with the intialization vector and encrypt the result of the xor calculation to get an encrypted 8 byte block. With the newly encrypted 8 byte block you: 1. store it in your encrypted string and 2. use it in place of the initialization vector for the next block of your plaintext. Then keep doing that xor, encrypt, store, move to next 8 byte block cycle until you reach the end of your string. You could probably even pad your string to a multiple of 8 bytes before starting to be able to encrypt everything. Then when decrypting you do the opposite. I think you need a way to store the initialization vector at the start or end of the encrypted string to use when decrypting. It seems like a fun problem to solve but not one I have time for now. Does that help? Paul |
«
Return to GLASS
|
1 view|%1 views
| Free forum by Nabble | Edit this page |