I know it’s not specifically your question, but S3 has an inbuilt ability to encrypt/decrypt already, and it’s probably a better solution.
Here’s how it works, when you upload the data to S3, you specify a kms key to encrypt the data. Ensure your IAM role assigned to your ubuntu machine must have the right permissions to do upload and encryt, namely kms:Encrypt.
Then for downloading and decrypting this data, ensure that the downloading machine has the right IAM role with the right permission to decrypt it, namely kms:Decrypt.
This ensures that data is viewable only to the party that has the right permission (AWS Credentials) to both download & decrypt the file — without the need for client-side encryption that can get both messy and insecure.
Let’s Encrypt is a free https certificate you can install on your cheap VPS for free, browser-validated https. In this tutorial, we’ll walk through setting up Let’s Encrypt https on an nginx host running on Debian 10.
We’ll be installing nginx from scratch but not will not be getting into php-fpm and other extensions in this tutorial. I’ll be starting from a spanking new VPS on Vultr.
This tutorial assumes that you’ve already got your DNS records setup. In other words, if you’re setting up for www.example.com, then www.example.com already has an A record or CNAME that points to your VPS. Note that the certbot installer we’ll be using will query DNS, so this must be working properly.
We want separate logs for each domain we host, and we want to rotate those logs. We can Debian’s log rotation system to accomplish this. We do this by placing the appropriate rules file in /etc/logrotate.d. Start with nginx’s basic log rotation rule:
I have a mobile application and the backend is hosted on a cloud provider. I would like to ask for feedback on encrypting all REST API calls that will be used to communicate with the server, if we should or we shouldn’t do it.
for example instead of having a proper rest object
I understand the normal operation is to encrypt with someone’s public key and decrypt with the private. And I’m also aware of how signatures usually work. However I’d like to ensure that in order to access the data, the recipient has actually gotten my public key and decrypted the data with it. My understanding this is possible with RSA. Is that correct that this is possible?
If so, how do I do this? And how do I then decrypt the resulting file? Ideally this is something that GPG would be able to do (tho it doesn’t look like Kleopatra on windows is able to do that that I can see).
Isn't that enough for it or should I encrypt the answer because I'm exposing user_id or username to clients? Does WordPress provide any native encryption / decryption function or method?
I required to share some variables among 5 actions. I choose set_transient to share form data in all actions. Is efficient? Or should I go for SESSION? I heard that some hosting servers remove session id from the header. It is? Any efficient performance alternative please?
I need to encrypt my Windows disks with full disk encryption. Windows is already installed and all drives have data.
My drives / disks:
1 SSD – C: drive
1 HDD – D: drive and I have a drive where Linux is installed
I need to encrypt C: and D: drives so that no one will see my files in case they access my PC or use Live Boot CD to boot.
I reviewed Veracrypt. It is open source, but allows only my C: to be encrypted because Veracrypt system encryption encrypts a partition or drive where Windows is installed and booted from. So my D: remains unencrypted.
Then I checked Bitlocker. I can use it, because I use Windows Enterprise. They are closed sources, but I saw different articles like Crack Bitlocker, Delete Bitlocker while searching on Google about Bitlocker. I don't know if that software works. Bitlocker will allow me to encrypt all my Windows C: and D: drives. But do I want to know if Bitlocker is safe?
What encryption should I use in my case? Maybe some other encryption software?
I want to encrypt / decrypt a plain text file with a single password in Python. It will be used in a simple text editor / note application, not on a strong system, but I want it to have a decent level of security.
What I tried so far was to take a password, use this password as seed to generate a random psuedo-string to use as salt, and pass the password and salt to the PBKDF2 function to generate a 16-bit key which is then used to AES encryption:
from Crypto.Cipher import AES
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Util.Padding import pad, unpad
BLOCK_SIZE = 32
password = "takenFromUser"
salt = ''.join(random.choice(string.ascii_lowercase) for i in range(32))
key = PBKDF2(password, salt, 16, 1000, None)
cipher = AES.new(key, AES.MODE_ECB)
msg_to_encrypt = b'plain text string'
encoded_msg = cipher.encrypt(pad(msg_to_encrypt, BLOCK_SIZE))
decoded_msg = unpad(cipher.decrypt(encoded_msg), BLOCK_SIZE)
However, it works. I have very limited encryption knowledge, so I want to know if this system is reliable or not for what it is supposed to do.
1 – Does this make no sense?
2 – Does the salt generated with random.seed() it will always be the same regardless of the system, time, etc.