Cryptography October 2016

cryptography@lists.squeakfoundation.org

2 participants
2 discussions

Re: Announce: whisper updated
by Robert Withers 27 Oct '16

27 Oct '16

Though the whisper code is currently language inter-inoperable, the latest code is being hosted on gitlab with International Rabbits, as voix-basse-mourde. Here is the code: https://gitlab.com/des-lapins-internationale. If you would like to help, Java could be brought forwards adding PBEReader/PBEWriter, dataEncoding negotiation, SecureSessionSpecification with filtered cryptoProtocolNames, dataEncoderNames, scopeMaker and the traceDomains to parameterize the server behavior. On the Smalltalk side, Whisper_json, Whisper_magma and Whisper_fuel could be implemented. Matching JSON on the Java side. FEC Reed-Solomon could be tested and repaired (it's broken). kerkkutatti is the Java code for remote promises and has the Smalltalk porcini code too. With Whisper's new SecureServerSpecification, the injection of a scopeMaker and encoder is all the config after push into the stack. Lots of work there on both sides, to get them talking. If you want to help, have a beer and I'll match you, let me know what you want to work on and I can add you as a gitlab rabbit. Best, Rob On 10/16/2016 7:22 PM, Robert Withers wrote: > > Folks, I have updated whisper or SecureSession to provide > Java/Squeak/Pharo interoperability. I am no longer able to access the > Cryptography repo so I cannot push code, but the squeak/pharo code is > in the squeak-pharo directory in the whisper github project. Here is > the GitPages link: https://robertwithers.github.io/whisper, with all > other links. > > whisper is osi Layer 5 SecureSession with modern crypto: > Java/Squeak/Pharo interoperability. > > * flips normative osi layer 5 and 6 on its head: now, 5 is > crypto and 6 is session state resumption > * 3-way DH-2048/RSA-2048/RSAPublicKey ASN1DER encoding > * 256-bit AES/CBC/PKCS7Padding, 128-bit IV, 160-bit SHA1 E&M > * PBEEncryptorAES-256 with PBKDF2WithHmacSHA1 > > Rob >

1 1

new Cryptography package, usable in squeak and pharo (was Re: Announce: whisper updated)
by Robert Withers 18 Oct '16

18 Oct '16

I wanted to give you a heads up about my new effort at SecureSession, below, renamed to whisper from old days. In the course of development, I consolidated the Cryptography package and conformed it to be installable into both squeak or pharo, by ensuring the RandomGenerator class>>#unpredictableStringsDo: works in both environments. In addition, I added a more artifacts I developed in whisper, including RSA <-> Asn1 module definitions, a PBEEncryptor and a PBKDF2WithHmacSHA1 keyy derevation function. A couple of tests were also added. Unfortunately, I lost my password to the Cryptography squeaksource site and so I am unable to push the new code there. If someone could help me reset that password, that would be quite helpful; I asked on list to no avail and it may not be possible. The biggest help would be to get this new version in play, if someone could load it: https://jumpshare.com/v/f4HwsX5nzEKQkeSaly7y and push to the canonical Cryptography repo on squeaksource. Follows is a list of changes made, which does include some protocol changes to ASN1 for marshalling and hydration, conforming to #asAsn1DerBytes and @fromAsn1DerBytes:. Cryptography is now the shared package between Squeak and Pharo - RandomGenerator class>>#unpredictableStringsDo: changed details to be squeak/pharo compliant (see comment) - senders/implementers of #asAsn1Bytes (removed) changed to #asAsn1DerBytes - senders/implementers of #fromAsn1Bytes: (removed) changed to #fromAsn1DerBytes: - X509Certificate class>>#fromFile: changed use of #fromBytes: (removed) to #fromAsn1DerBytes: - X509CertificateDerReader>>#asCertificate changed use of #fromBytes: (removed) to #fromAsn1DerBytes: - all CryptoX509Test>>#certificateX changed use of #fromBytes: (removed) to #fromAsn1DerBytes: - moved asn1 module definitions and support accessers for RSA and DSA Keys to Cryptography - changed DiffieHellman>>sendMessage to use SecureRandom>>#nextBits: to keep bitSize - added CryptoHashFunctionTest tests for HMAC Specs - added String>>#padLeftTo:with: for squeak - fixed padding mode to set and retrieve the IV vector kind regards, Rob On 10/16/2016 7:22 PM, Robert Withers wrote: > > Folks, I have updated whisper or SecureSession to provide > Java/Squeak/Pharo interoperability. I am no longer able to access the > Cryptography repo so I cannot push code, but the squeak/pharo code is > in the squeak-pharo directory in the whisper github project. Here is > the GitPages link: https://robertwithers.github.io/whisper, with all > other links. > > whisper is osi Layer 5 SecureSession with modern crypto: > Java/Squeak/Pharo interoperability. > > * flips normative osi layer 5 and 6 on its head: now, 5 is > crypto and 6 is session state resumption > * 3-way DH-2048/RSA-2048/RSAPublicKey ASN1DER encoding > * 256-bit AES/CBC/PKCS7Padding, 128-bit IV, 160-bit SHA1 E&M > * PBEEncryptorAES-256 with PBKDF2WithHmacSHA1 > > Rob >

2 2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Cryptography October 2016