new Cryptography package, usable in squeak and pharo (was Re: Announce: whisper updated)
I wanted to give you a heads up about my new effort at SecureSession, below, renamed to whisper from old days. In the course of development, I consolidated the Cryptography package and conformed it to be installable into both squeak or pharo, by ensuring the RandomGenerator class>>#unpredictableStringsDo: works in both environments. In addition, I added a more artifacts I developed in whisper, including RSA <-> Asn1 module definitions, a PBEEncryptor and a PBKDF2WithHmacSHA1 keyy derevation function. A couple of tests were also added.
Unfortunately, I lost my password to the Cryptography squeaksource site and so I am unable to push the new code there. If someone could help me reset that password, that would be quite helpful; I asked on list to no avail and it may not be possible.
The biggest help would be to get this new version in play, if someone could load it: https://jumpshare.com/v/f4HwsX5nzEKQkeSaly7y and push to the canonical Cryptography repo on squeaksource.
Follows is a list of changes made, which does include some protocol changes to ASN1 for marshalling and hydration, conforming to #asAsn1DerBytes and @fromAsn1DerBytes:.
Cryptography is now the shared package between Squeak and Pharo
- RandomGenerator class>>#unpredictableStringsDo: changed details to be squeak/pharo compliant (see comment) - senders/implementers of #asAsn1Bytes (removed) changed to #asAsn1DerBytes - senders/implementers of #fromAsn1Bytes: (removed) changed to #fromAsn1DerBytes: - X509Certificate class>>#fromFile: changed use of #fromBytes: (removed) to #fromAsn1DerBytes: - X509CertificateDerReader>>#asCertificate changed use of #fromBytes: (removed) to #fromAsn1DerBytes: - all CryptoX509Test>>#certificateX changed use of #fromBytes: (removed) to #fromAsn1DerBytes: - moved asn1 module definitions and support accessers for RSA and DSA Keys to Cryptography - changed DiffieHellman>>sendMessage to use SecureRandom>>#nextBits: to keep bitSize - added CryptoHashFunctionTest tests for HMAC Specs - added String>>#padLeftTo:with: for squeak - fixed padding mode to set and retrieve the IV vector
kind regards, Rob
On 10/16/2016 7:22 PM, Robert Withers wrote:
Folks, I have updated whisper or SecureSession to provide Java/Squeak/Pharo interoperability. I am no longer able to access the Cryptography repo so I cannot push code, but the squeak/pharo code is in the squeak-pharo directory in the whisper github project. Here is the GitPages link: https://robertwithers.github.io/whisper, with all other links.
whisper is osi Layer 5 SecureSession with modern crypto: Java/Squeak/Pharo interoperability. * flips normative osi layer 5 and 6 on its head: now, 5 is crypto and 6 is session state resumption * 3-way DH-2048/RSA-2048/RSAPublicKey ASN1DER encoding * 256-bit AES/CBC/PKCS7Padding, 128-bit IV, 160-bit SHA1 E&M * PBEEncryptorAES-256 with PBKDF2WithHmacSHA1Rob
Hi Rob!
I’ve uploaded the version you posted to squeak source. Thanks for all your work!
I’m not sure if you can register a new account on squeaksource but if you do I’m happy to add you as admin.
All the best,
Ron
From: cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] On Behalf Of Robert Withers Sent: Monday, October 17, 2016 9:22 PM To: Cryptography Mailing List Subject: [Cryptography Team] new Cryptography package, usable in squeak and pharo (was Re: Announce: whisper updated)
I wanted to give you a heads up about my new effort at SecureSession, below, renamed to whisper from old days. In the course of development, I consolidated the Cryptography package and conformed it to be installable into both squeak or pharo, by ensuring the RandomGenerator class>>#unpredictableStringsDo: works in both environments. In addition, I added a more artifacts I developed in whisper, including RSA <-> Asn1 module definitions, a PBEEncryptor and a PBKDF2WithHmacSHA1 keyy derevation function. A couple of tests were also added.
Unfortunately, I lost my password to the Cryptography squeaksource site and so I am unable to push the new code there. If someone could help me reset that password, that would be quite helpful; I asked on list to no avail and it may not be possible.
The biggest help would be to get this new version in play, if someone could load it: https://jumpshare.com/v/f4HwsX5nzEKQkeSaly7y and push to the canonical Cryptography repo on squeaksource.
Follows is a list of changes made, which does include some protocol changes to ASN1 for marshalling and hydration, conforming to #asAsn1DerBytes and @fromAsn1DerBytes:.
Cryptography is now the shared package between Squeak and Pharo
- RandomGenerator class>>#unpredictableStringsDo: changed details to be squeak/pharo compliant (see comment) - senders/implementers of #asAsn1Bytes (removed) changed to #asAsn1DerBytes - senders/implementers of #fromAsn1Bytes: (removed) changed to #fromAsn1DerBytes: - X509Certificate class>>#fromFile: changed use of #fromBytes: (removed) to #fromAsn1DerBytes: - X509CertificateDerReader>>#asCertificate changed use of #fromBytes: (removed) to #fromAsn1DerBytes: - all CryptoX509Test>>#certificateX changed use of #fromBytes: (removed) to #fromAsn1DerBytes: - moved asn1 module definitions and support accessers for RSA and DSA Keys to Cryptography - changed DiffieHellman>>sendMessage to use SecureRandom>>#nextBits: to keep bitSize - added CryptoHashFunctionTest tests for HMAC Specs - added String>>#padLeftTo:with: for squeak - fixed padding mode to set and retrieve the IV vector
kind regards, Rob
On 10/16/2016 7:22 PM, Robert Withers wrote:
Folks, I have updated whisper or SecureSession to provide Java/Squeak/Pharo interoperability. I am no longer able to access the Cryptography repo so I cannot push code, but the squeak/pharo code is in the squeak-pharo directory in the whisper github project. Here is the GitPages link: https://robertwithers.github.io/whisper, with all other links.
whisper is osi Layer 5 SecureSession with modern crypto: Java/Squeak/Pharo interoperability.
* flips normative osi layer 5 and 6 on its head: now, 5 is crypto and 6 is session state resumption * 3-way DH-2048/RSA-2048/RSAPublicKey ASN1DER encoding * 256-bit AES/CBC/PKCS7Padding, 128-bit IV, 160-bit SHA1 E&M * PBEEncryptorAES-256 with PBKDF2WithHmacSHA1
Rob
Hey Ron, that's good, thanks. Is there no admin for squeaksource that could help me with my password? I am surprised. I took your suggestion and I was able to add myself as a new member. Could you add 'rwww' please? I want to clean up the mess I left behind in there.
Kind regards, Rob
On 10/18/2016 10:35 AM, Ron Teitelbaum wrote:
Hi Rob!
I’ve uploaded the version you posted to squeak source. Thanks for all your work!
I’m not sure if you can register a new account on squeaksource but if you do I’m happy to add you as admin.
All the best,
Ron
*From:*cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] *On Behalf Of *Robert Withers *Sent:* Monday, October 17, 2016 9:22 PM *To:* Cryptography Mailing List *Subject:* [Cryptography Team] new Cryptography package, usable in squeak and pharo (was Re: Announce: whisper updated)
I wanted to give you a heads up about my new effort at SecureSession, below, renamed to whisper from old days. In the course of development, I consolidated the Cryptography package and conformed it to be installable into both squeak or pharo, by ensuring the RandomGenerator class>>#unpredictableStringsDo: works in both environments. In addition, I added a more artifacts I developed in whisper, including RSA <-> Asn1 module definitions, a PBEEncryptor and a PBKDF2WithHmacSHA1 keyy derevation function. A couple of tests were also added.
Unfortunately, I lost my password to the Cryptography squeaksource site and so I am unable to push the new code there. If someone could help me reset that password, that would be quite helpful; I asked on list to no avail and it may not be possible.
The biggest help would be to get this new version in play, if someone could load it: https://jumpshare.com/v/f4HwsX5nzEKQkeSaly7y and push to the canonical Cryptography repo on squeaksource.
Follows is a list of changes made, which does include some protocol changes to ASN1 for marshalling and hydration, conforming to #asAsn1DerBytes and @fromAsn1DerBytes:.
Cryptography is now the shared package between Squeak and Pharo
- RandomGenerator class>>#unpredictableStringsDo: changed details to
be squeak/pharo compliant (see comment)
- senders/implementers of #asAsn1Bytes (removed) changed to
#asAsn1DerBytes
- senders/implementers of #fromAsn1Bytes: (removed) changed to
#fromAsn1DerBytes:
- X509Certificate class>>#fromFile: changed use of #fromBytes:
(removed) to #fromAsn1DerBytes:
- X509CertificateDerReader>>#asCertificate changed use of #fromBytes:
(removed) to #fromAsn1DerBytes:
- all CryptoX509Test>>#certificateX changed use of #fromBytes:
(removed) to #fromAsn1DerBytes:
- moved asn1 module definitions and support accessers for RSA and DSA
Keys to Cryptography
- changed DiffieHellman>>sendMessage to use SecureRandom>>#nextBits:
to keep bitSize
- added CryptoHashFunctionTest tests for HMAC Specs
- added String>>#padLeftTo:with: for squeak
- fixed padding mode to set and retrieve the IV vector
kind regards, Rob
On 10/16/2016 7:22 PM, Robert Withers wrote:
Folks, I have updated whisper or SecureSession to provide Java/Squeak/Pharo interoperability. I am no longer able to access the Cryptography repo so I cannot push code, but the squeak/pharo code is in the squeak-pharo directory in the whisper github project. Here is the GitPages link: https://robertwithers.github.io/whisper, with all other links. whisper is osi Layer 5 SecureSession with modern crypto: Java/Squeak/Pharo interoperability. * flips normative osi layer 5 and 6 on its head: now, 5 is crypto and 6 is session state resumption * 3-way DH-2048/RSA-2048/RSAPublicKey ASN1DER encoding * 256-bit AES/CBC/PKCS7Padding, 128-bit IV, 160-bit SHA1 E&M * PBEEncryptorAES-256 with PBKDF2WithHmacSHA1 Rob
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
cryptography@lists.squeakfoundation.org
-
Robert Withers -
Ron Teitelbaum