Asymmetric encryption resources?

[simo]

Hello,

As I am working on activation part of my openFL project,I wonder if there is haxe libraries that can handle encryption?

I have posted a question here http://stackoverflow.com/questions/20741811/how-to-safely-store-secret-key but I need a hint from haxe community ..

Any one can help?

Thanks

[Sam MacPherson]

Caffeine-hx (https://code.google.com/p/caffeine-hx/) has support for forms of cryptography including asymmetric. Unfortunately the library is not maintained anymore and hasn't been ported to haxe3. Other then that I am not aware of any other Haxe libraries for asymmetric crypto.

Looking at your problem though you may not need to deal with crypto at such a low level. If you are in control of the server you could just use a https connection via the haxe.Http class.

[Samir Sabri]

Thank you!, I will definitely check haxe.Http, yes I am in control of the server, but will need to encrypt hardware id at each device, any encryption level would be fine though. .

Samir

--
To post to this group haxe...@googlegroups.com
http://groups.google.com/group/haxelang?hl=en
---
You received this message because you are subscribed to a topic in the Google Groups "Haxe" group.
For more options, visit https://groups.google.com/groups/opt_out.

[Samir Sabri]

I just found that haxe has built in crypto! http://haxe.org/api/haxe/crypto

May be thats why Caffeine-hx is no more maintained..

[Sam MacPherson]

The crypto provided there is very limited. Only hashing is provided which is not encryption. I'm still not entirely sure what you want to do, but if you need symmetric of asymmetric encryption you will need to use caffeine-hx for low level crypto stuff.

[Samir Sabri]

I want to store encrypted deviceid locally to mark my software as activated, wouldn't haxe built in encrypto do the job? Please advice.

[Sam MacPherson]

Can you explain what you want to do in more detail? There may be an easier solution then putting together your own custom crypto algorithm.

[Samir Sabri]

Thanks, I'e sent you an email ..

--
Kind Regards,

--------------------------------------------- 

Samir Sabri
Software Architect& Developer

www.dcaclab.com

Jordan-Middle East

[Sam MacPherson]

Judging by your email it looks as though you are wanting to protect the data in a file stored on the client's device from tampering. Be sure you understand that although encryption will make it harder for people to tamper with the file, it will not make it impossible since you are doing this on the client. If you are okay with that then there are three options.

Hashing:

-supported directly in haxe3 library (I recommend Sha1 or Sha256 in my pull request https://github.com/HaxeFoundation/haxe/pull/2368)

-cannot retrieve data after it's been hashed

Symmetric Key Cryptograpy:

-much simpler to implement than asymmetric

-use AES (https://code.google.com/p/caffeine-hx/source/browse/trunk/ext3/chx/crypt/symmetric/Aes.hx)

Asymmetric Key Cryptograpy:

-if the user discovers your encryption key they cannot decrypt previously encrypted data

-caffeine-hx supports RSA (https://code.google.com/p/caffeine-hx/source/browse/trunk/ext3/chx/crypt/#crypt%2Frsa)

If you need to be able to decrypt the data then I recommend using AES otherwise I recommend using hashing as it's the simplist. Hope this helps.

[Samir Sabri]

Thanks for insightful hints, I know that my protection can be broken by hackers,  but at least I have to do what I can about it.

How about generate the secret key randomly at server side and store it locally? Can I hide it? Or store it encrypted at least?

--

[David Holaň]

So we are assuming the attacker knows what a secret key is and where it is, that sounds like a competent hacker. Now you want to encrypt the key by another locally stored key, right? You can absolutely do that, but it seems you are just adding another level of defense that the hacker already knows how to break. Would it deter such a hacker? That depends on his determination.

-David Holaň

You received this message because you are subscribed to the Google Groups "Haxe" group.

[Samir Sabri]

May be I can store sekret key as colored pixels in an image, then when reading the pixels in specific order for ex .. the key would be retrieved .. good?

[Sam MacPherson]

I think it may be sufficient to store your secret key as a plaintext string in your program. David is right; if the hacker is smart enough to know how to look for a key and use AES, then there's not much you can do to prevent that. Really the degree of obfuscation is up to you, but just keep in mind who you are trying to stop. An average user? A script kiddie? Actual hacker? etc

[Samir Sabri]

Hmm .. that's right, so to save time and efforts, I think using hashing would be sufficient, as I don't need to decrypt the data locally..

thanks for sharing the thoughts..

[Achmad Aulia Noorhakim]

https://github.com/Meychi/ASCrypt ?

[Samir Sabri]

@Achmad ,  Really how would I know that such library exists? thank you!