Unknown command beginning “administer…”

SQL> ADMINISTER KEY MANAGEMENT CREATE KEYSTORE ‘C:\app\oracle\product\11.2.0\dbhome_1\NETWORK\ADMIN\WALLET’ IDENTIFIED BY Welcome@123;
SP2-0734: unknown command beginning “ADMINISTER…” – rest of line ignored.

I have created a wallet and while creating a key I am getting the error as shown above. How can I resolve the issue? I have tried using ” set sqlblanklines on;” , it didn’t work.

AES-256-CTR Encryption in node JS and decryption in Java

I am trying to encode in nodejs and decryption for the same in nodejs works well. But when I try to do the decryption in Java using the same IV and secret, it doesn’t behave as expected.

Here is the code snippet:

Encryption in nodeJs:

var crypto = require('crypto'),
algorithm = 'aes-256-ctr',
_ = require('lodash');

var secret = 'd6F3231q7d19428743234@123nab@234';

function encrypt(text, secret) {
    var iv = crypto.randomBytes(16);
    console.log(iv);
    var cipher = crypto.createCipheriv(algorithm, new Buffer(secret), iv);
    var encrypted = cipher.update(text);

    encrypted = Buffer.concat([encrypted, cipher.final()]);

    return iv.toString('hex') + ':' + encrypted.toString('hex');
}
var encrypted = encrypt("8123497494", secret);
console.log(encrypted);

And the output is:

<Buffer 94 fa a4 f4 a1 3c bf f6 d7 90 18 3f 3b db 3f b9>
94faa4f4a13cbff6d790183f3bdb3fb9:fae8b07a135e084eb91e

Code Snippet for decryption in JAVA:

public class Test {

    public static void main(String[] args) throws Exception {
        String s = "94faa4f4a13cbff6d790183f3bdb3fb9:fae8b07a135e084eb91e";
        String seed = "d6F3231q7d19428743234@123nab@234";

        decrypt(s, seed);
    }

    private static void decrypt(String s, String seed)
            throws NoSuchAlgorithmException, NoSuchPaddingException, UnsupportedEncodingException, InvalidKeyException,
            InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
        String parts[] = s.split(":");
        String ivString = parts[0];
        String encodedString = parts[1];
        Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");

        byte[] secretBytes = seed.getBytes("UTF-8");

        IvParameterSpec ivSpec = new IvParameterSpec(hexStringToByteArray(ivString));

        /*Removed after the accepted answer
        MessageDigest md = MessageDigest.getInstance("MD5");
        byte[] thedigest = md.digest(secretBytes);*/ 

        SecretKeySpec skey = new SecretKeySpec(thedigest, "AES");

        cipher.init(Cipher.DECRYPT_MODE, skey, ivSpec);
        byte[] output = cipher.doFinal(hexStringToByteArray(encodedString));

        System.out.println(new String(output));
    }
}

Output: ?s?8??

I am getting some junk value in the response. Tried a lot of options, but none of them seem to be working. Any lead/help is appreciated.

How can recreate IvParameterSpec from the same byte array

I wrote code to encrypt and decrypt using AES CBC algorithm. I would store the encrypted session key, the IV bytes, and the cipher text as String and whereas I could recover the byte cipher text and the session key, I couldn’t recover the ivParameterSpec from the same init bytes. I narrowed the problem down to this issue:

byte[] iv = { 0, 1, 0, 2 , 0, 3, 0, 4, 0, 5, 0, 6, 0, 7, 0, 8};
IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
System.out.println(ivParameterSpec);
IvParameterSpec ivParameterSpec1 = new IvParameterSpec(iv);
System.out.println(ivParameterSpec1);

The output is:

javax.crypto.spec.IvParameterSpec@7852e922
javax.crypto.spec.IvParameterSpec@4e25154f

My goal is to be able to create the same IvParameterSpec twice from the same byte array

Encrypted Password doesn’t match at login from firebase database using AES algorithm

I have been trying to register a new user. At the time of the registration I encrypted the password in the Firebase Database using AES.The Algorithm.password encryption is succesfully. But when I am trying to login the user with the email id and the password, the passwords which I entered in
the registration form are not matching. Instead the password matches with the encryption string which is stored in the firebase database.

Register Activity

  public class RegisterActivity extends AppCompatActivity implements
  View.OnClickListener {

    private static final String TAG = "MAGIC";
    Firebase mref= null;
    private User user;
    private EditText name;
    private EditText phoneNumber;
    private EditText email;
    private EditText password;
    private EditText address;
    private Button register;
    private FirebaseAuth mAuth;
    private ProgressDialog mProgressDialog;

    @Override
    protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_register);

    Firebase.setAndroidContext(this);
    mAuth = FirebaseAuth.getInstance();
}

    @Override
    protected void onStart() {
    super.onStart();
    name = (EditText) findViewById(R.id.edit_text_username);
    phoneNumber = (EditText) findViewById(R.id.edit_text_phone_number);
    email = (EditText) findViewById(R.id.edit_text_new_email);
    password = (EditText) findViewById(R.id.edit_text_new_password);
    address = (EditText) findViewById(R.id.edit_text_address);
    register = (Button) findViewById(R.id.button_register);

    register.setOnClickListener(this);
}
    @Override
    public void onStop() {
    super.onStop();
}

    //This method sets up a new User by fetching the user entered details.
    protected void setUpUser() {
    user = new User();
    user.setName(name.getText().toString().trim());
    user.setPhoneNumber(phoneNumber.getText().toString().trim());
    user.setAddress(address.getText().toString().trim());
    user.setEmail(email.getText().toString().trim());
    user.setPassword(password.getText().toString().trim());

}
    @Override
    public void onClick(View v) {

    encryption(password.toString());
    mref = new Firebase("https://encryptlogin.firebaseio.com/");
  createNewAccount(email.getText().toString(),password.getText().toString());

}
    private void createNewAccount(String email, String password) {
    Log.d(TAG, "createNewAccount:" + email);
    if (!validateForm()) {
        return;
    }
    //This method sets up a new User by fetching the user entered details.
    setUpUser();
    //This method  method  takes in an email address and password, validates them and then creates a new user
    // with the createUserWithEmailAndPassword method.
    // If the new account was created, the user is also signed in, and the AuthStateListener runs the onAuthStateChanged callback.
    // In the callback, you can use the getCurrentUser method to get the user's account data.

    showProgressDialog();
    mAuth.createUserWithEmailAndPassword(email, password)
            .addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
                @Override
                public void onComplete(@NonNull Task<AuthResult> task) {



                 Log.d(TAG, "Register Successfully " + task.isSuccessful());
                    hideProgressDialog();

      // If sign in fails, display a message to the user. If sign in succeeds
          // the auth state listener will be notified and logic to handle the
                    // signed in user can be handled in the listener.

     if (!task.isSuccessful()) {
     Toast.makeText(RegisterActivity.this, "Registration failed.",  Toast.LENGTH_SHORT).show();
                        hideProgressDialog();

                    } else {
        onAuthenticationSuccess(task.getResult().getUser());
        Toast.makeText(RegisterActivity.this, "Register Successful.", Toast.LENGTH_SHORT).show();
                    } hideProgressDialog();
                }
            });
}
    private void onAuthenticationSuccess(FirebaseUser mUser) {
    // Write new user
    saveNewUser(mUser.getUid(),  user.getName(),user.getPhoneNumber(), user.getEmail(), user.getPassword()); 
    signOut();
    // Go to LoginActivity
    Intent i =new Intent(RegisterActivity.this, MainActivity.class);
    startActivity(i);
}
private void saveNewUser(String userId, String name, String phone, String               email, String password) {

    User user = new User(userId,name,phone,email,password);
    mref.child("Users").child(name).setValue(user);
}
private void signOut() {
    mAuth.signOut();
}
//This method, validates email address and password
private boolean validateForm() {
    boolean valid = true;

    String userEmail = email.getText().toString();
    if (TextUtils.isEmpty(userEmail)) {
        email.setError("Required.");
        valid = false;
    } else {
        email.setError(null);
    }

    String userPassword = password.getText().toString();
    if (TextUtils.isEmpty(userPassword)) {
        password.setError("Required.");
        valid = false;
    } else {
        password.setError(null);
    }

    String userPhoneNumber = phoneNumber.getText().toString();
    if (TextUtils.isEmpty(userPhoneNumber)){
        phoneNumber.setError("Required");
        valid = false;
    }else {
        phoneNumber.setError(null);
    }

    String userAddress = address.getText().toString();
    if (TextUtils.isEmpty(userAddress)){
        address.setError("Required");
        valid = false;
    }else {
        address.setError(null);
    }
    if(!Patterns.EMAIL_ADDRESS.matcher(userEmail).matches()){
    Toast.makeText(getApplicationContext(),"please enter valid email",
    Toast.LENGTH_LONG).show();
    }

    if (userEmail.isEmpty() && userPassword.isEmpty()userAddress.isEmpty()
    && userPhoneNumber.isEmpty()){
    Toast.makeText(getApplicationContext(),"all fields are mandatory",
    Toast.LENGTH_LONG).show();
    }

    return valid;
}
public void showProgressDialog() {
    if (mProgressDialog == null) {
        mProgressDialog = new ProgressDialog(this);
        mProgressDialog.setMessage("Loading");
        mProgressDialog.setIndeterminate(true);
    }
    mProgressDialog.show();
}

public void hideProgressDialog() {
    if (mProgressDialog != null && mProgressDialog.isShowing()) {
        mProgressDialog.dismiss();
    }
}
    public void encryption(String pass){
    String seedValue = "secKey";
    try {
        password.setText(AESHelper.encrypt(seedValue,pass));
    }catch (Exception e){
        e.printStackTrace();
    }
}  
}

Login Activity

  public class MainActivity extends AppCompatActivity  {


EditText Email, pwd;
Button login;
TextView Register,Forgetpwd;
FirebaseAuth mAuth;
ProgressDialog progressDialog;

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);

    Firebase.setAndroidContext(this);

    mAuth = FirebaseAuth.getInstance();

    if (mAuth.getCurrentUser() != null) {
        startActivity(new Intent(MainActivity.this, Forget_password.class));
        finish();
    }

    Email = (EditText) findViewById(R.id.myEmail);
    pwd = (EditText) findViewById(R.id.editpassword);
    login = (Button) findViewById(R.id.buttonlogin);
    Register = (TextView) findViewById(R.id.register);
    Forgetpwd = (TextView) findViewById(R.id.reset);

    mAuth = FirebaseAuth.getInstance();


    Register.setOnClickListener(new View.OnClickListener() {
        @Override
        public void onClick(View v) {
            startActivity(new Intent(MainActivity.this, RegisterActivity.class));
        }
    });

    Forgetpwd.setOnClickListener(new View.OnClickListener() {
        @Override
        public void onClick(View v) {
            startActivity(new Intent(MainActivity.this, Forget_password.class));
        }
    });

    login.setOnClickListener(new View.OnClickListener() {
        @Override
        public void onClick(View v) {


            String email = Email.getText().toString();
            final String password = pwd.getText().toString();


            if (TextUtils.isEmpty(email)) {
                Toast.makeText(getApplicationContext(), "Enter email address!", Toast.LENGTH_SHORT).show();
                return;
            }

            if (TextUtils.isEmpty(password)) {
                Toast.makeText(getApplicationContext(), "Enter password!", Toast.LENGTH_SHORT).show();
                return;
            }

            if(!Patterns.EMAIL_ADDRESS.matcher(email).matches()){
                Toast.makeText(getApplicationContext(),"please enter valid email",Toast.LENGTH_LONG).show();
            }

            if (email.isEmpty() && password.isEmpty()){
                Toast.makeText(getApplicationContext(),"all fields are mandatory",Toast.LENGTH_LONG).show();
            }

            showProgressDialog();
            mAuth.signInWithEmailAndPassword(email, password)
                    .addOnCompleteListener(MainActivity.this, new OnCompleteListener<AuthResult>() {
                        @Override
                        public void onComplete(@NonNull Task<AuthResult> task) {
                            // If sign in fails, display a message to the user. If sign in succeeds
                            // the auth state listener will be notified and logic to handle the
                            // signed in user can be handled in the listener.
                          /*  progressBar.setVisibility(View.GONE);*/
                            if (!task.isSuccessful()) {
                                // there was an error
                                if (password.length() < 6) {
                                    Toast.makeText(getApplicationContext(), "minimum password!", Toast.LENGTH_SHORT).show();
                                } else {
                                    Toast.makeText(getApplicationContext(), "Authentication failed!", Toast.LENGTH_SHORT).show();                                    }
                            } else {
                                Toast.makeText(getApplicationContext(), "Login Successful", Toast.LENGTH_SHORT).show();
                                Intent intent = new Intent(MainActivity.this, Forget_password.class);
                                startActivity(intent);
                                finish();
                            }
                            hideProgressDialog();
                        }
                    });
        }
    });
}

private void showProgressDialog() {

    if (progressDialog == null) {
        progressDialog = new ProgressDialog(this);
        progressDialog.setMessage(getString(R.string.loading));
        progressDialog.setIndeterminate(true);
    }

    progressDialog.show();
}

public void hideProgressDialog() {
    if (progressDialog != null && progressDialog.isShowing()) {
        progressDialog.dismiss();
    }
}    
 }

AESHelper Class

  import javax.crypto.Cipher;
  import javax.crypto.KeyGenerator;
  import javax.crypto.SecretKey;
  import javax.crypto.spec.SecretKeySpec;

  public class AESHelper {
  public static String encrypt(String seed, String cleartext 
     throwsException{

    byte[] rawKey = getRawKey(seed.getBytes());
    byte[] result = encrypt(rawKey, cleartext.getBytes());
    return toHex(result);
   }

      public static String decrypt(String seed, String encrypted) 
     throwsException{
       byte[] rawKey = getRawKey(seed.getBytes());
       byte[] enc = toByte(encrypted);
       byte[] result = decrypt(rawKey, enc);
       return new String(result);
   }
    private static byte[] getRawKey(byte[] seed) throws Exception {
    KeyGenerator kgen = KeyGenerator.getInstance("AES");
    SecureRandom sr = SecureRandom.getInstance("SHA1PRNG","Crypto");
    sr.setSeed(seed);
    kgen.init(128, sr); // 192 and 256 bits may not be available
    SecretKey skey = kgen.generateKey();
    byte[] raw = skey.getEncoded();
    return raw;
  }
    private static byte[] encrypt(byte[] raw, byte[] clear) throws Exception{ 
    SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
    byte[] encrypted = cipher.doFinal(clear);
    return encrypted;
}
   private static byte[] decrypt(byte[] raw, byte[] encrypted)throws
   Exception{
    SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.DECRYPT_MODE, skeySpec);
    byte[] decrypted = cipher.doFinal(encrypted);
    return decrypted;
   }
  public static String toHex(String txt) {
    return toHex(txt.getBytes());
   }
    public static String fromHex(String hex) {
    return new String(toByte(hex));
   }

    public static byte[] toByte(String hexString) {
    int len = hexString.length()/2;
    byte[] result = new byte[len];
    for (int i = 0; i < len; i++)
    result[i] = Integer.valueOf(hexString.substring(2*i, 2*i+2), 16).
    byteValue();
    return result;
  }
    public static String toHex(byte[] buf) {
    if (buf == null)
        return "";
    StringBuffer result = new StringBuffer(2*buf.length);
    for (int i = 0; i < buf.length; i++) {
        appendHex(result, buf[i]);
    }
    return result.toString();
   }
     private final static String HEX = "0123456789ABCDEF";
     private static void appendHex(StringBuffer sb, byte b) {
    sb.append(HEX.charAt((b>>4)&0x0f)).append(HEX.charAt(b&0x0f));
  }
  }

what do I do to match password at login activity. help me plz…

How to store RSA Private Key into app given by backend? [on hold]

I am developing an android app, in which I have to use payload encryption. For this backend giving me a pre generated key pair (RSA Public and Private key) for encryption and decryption.

As of now I am keeping these 2 keys (RSA public and private) in string hardcoded, but everyone knows that it’s not a secure way to do this.

So in this process, client will send the request encrypted using server’s public key, and server will decrypt it using their own private key. And the response can be decrypted only by client’s private key because it was encrypted by client’s public key.

Note – RSA public & private key will be static for my app, and I want to manage it put in a secure place.

So the main problem is where should I keep that private key in my app. Key is static in my app because server people distribute it to mobile team. And we can not use our self generated private key.

So what can be the best way to secure this first time givin private key at client side.

I tired this link & this, but none suitable for me.

Happy coding 🙂

Can someone tell what Hash is used here?

My quetion is simple, here’s a JSON :

[{"event_type":2,"match_id":0,"deck_id":1,"opponent_id":5011,"season_id":1,"team_effect_card_ids":[],"friend_user_id":991092230,"coop":{"coop_id":0},"is_ad_effect":false},"80db826a05000d6b4ce056483813e722d3ab54e6"]

This JSON is received by an App that rejects it if you change the slightest part of it.

This App is probably or obviously able to check the integrity of the JSON thanks to hash at the end : 80db826a05000d6b4ce056483813e722d3ab54e6

Can you find what hash is used ?

I tried MD5 ans SHA1 but i never get back the same hash, maybe i’am doing it wrong ?

Thank you

Not sure how to make sense of this data [on hold]

I obtained something that looks like Hex from an API that I am trying to debug. Unfortunately, I don’t have access to it other than through a proxy.
It seems like hex, and I assume its encrypted. Is there any way to make sense of this?

8EC06612 60245542 C1F39DF4 33487DFD 5BB74645 81993032 64CD0989 2914E225 9B12B56A 3FE090E7 7FAB69D1 1FE137DE B00CC805 189133E9 109DA0B5 EF38C23C 5C68BD14 DED2B4FF 67BF342B 886EA434 78F87C6B 85629E69 FCDAFF8C B65071B7 F11313E2 0D86527A A581B711 45F4253A 83FB5FB9 37B16C92 84C43154 A4883CD8 C859C819 39576B59 7A377690 8DF42649 890413AB 23F719DF 588D5FDC 24660C80 2F8D859A BD7A14FD 9D8079FA D2D711E1 9FE9EBFF 75073ADC 0ACE9454 9101DA74 AD107864 6FB7EB8D E5754FDA 06129D08 E437E1FE 45A7CDF1 7AD49C97 E3C6E6A9 0FA0E443 7718990E 5DE70216 6408A78D BDE0D951 209640A4 979D1185 1C3FE55D B01668AB 1C0B2B35 4074E354 12C6BBC0 400E1806 00F6A777 8DDC0D42 BA705E26

KeyStore vs KeyChain

I have an app that generates a key for encryption/decryption and it is working just fine. I store my key in KeyStore and IV as first 12B in encrypted file saved on external storage. When I want to decrypt the file, I get the file from external storage (hence I get IV) and key from KeyStore, and I am able to get original content. My second application App2 can access file in external storage (hence it can get IV), but it can’t get key from App1 KeyStore. I was reading about KeyChain and it says in official documentation it is not app private (Use the KeyChain API when you want system-wide credentials). Can I somehow store my key in this KeyChain or somewhere else so my App2 can get it (with some user approval or something similar). Here is the code I used to create and store key in App1.

 private static SecretKey createAndStoreKey() {
        KeyGenerator keyGen;
        try {
            // Generate 256-bit key
            keyGen = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, KEY_STORE_NAME);

            final KeyGenParameterSpec keyGenParameterSpec = new KeyGenParameterSpec.Builder(KEY_ALIAS,
                    KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                    .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
                    .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
                    .build();

            keyGen.init(keyGenParameterSpec);

            SecretKey secretKey = keyGen.generateKey();
            if(secretKey != null)
                return secretKey;
            else
                return null;
        }
        catch (NoSuchProviderException e){
            e.printStackTrace();
            return null;
        }
        catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return null;
        }
        catch (InvalidAlgorithmParameterException e){
            e.printStackTrace();
            return null;
        }
    }

Thank you all for the help.