encryption – Curve25519 vs. Curve25519 and AES Key vs. Curve25519 AES Ciphertext (Instagram)

I am trying to send a password from a client to the server. I just don’t know how to encrypt it.

  1. method:
    I used a website (Instagram) as a guide here.
    Here the password is encrypted with AES and the key is then encrypted with a Curve25519 public key and sent to the server together with the encrypted text.

  2. method:
    I wonder why you only encrypt the key. I mean then you can already see how long the password has to be by using the AES encrypted password, or not?

    So why not encrypt the AES key and the encrypted password with Curve25519?

  3. method.
    The only problem is when you get the private key. Yes, just decrypt the text and you have the key to decrypt the AES directly. So the password is basically only encrypted with Curve25519. Is that enough?

Why does Instagram use Method 1? Reasons for performance?

Instagram always gives the same IV encrypted with the AES … is that bad if a new key is always generated?

I would appreciate a helpful answer 🙂
best regards

routing – Wireguard client communication without peer key via 1 router server

I have this setup:

—server 1 config—

[Interface]
Address = 10.200.200.1/24
ListenPort = 6666
PrivateKey = server_private_key

[Peer]
PublicKey = client1_public_key
AllowedIPs = 10.200.200.2/32
PersistentKeepalive = 21

[Peer]
PublicKey = client2_public_key
AllowedIPs = 10.200.200.4/32
PersistentKeepalive = 21

— client 1 config—

[Interface]
Address = 10.200.200.2/24
PrivateKey = client1_private_key
DNS = 10.200.200.1

[Peer]
PublicKey = server_public_key
Endpoint = server_ip:6666
AllowedIPs = 10.200.200.1/32
PersistentKeepalive = 21

— client 2 config—

[Interface]
Address = 10.200.200.4/24
PrivateKey = client2_private_key
DNS = 10.200.200.1

[Peer]
PublicKey = server_public_key
Endpoint = server_ip:6666
AllowedIPs = 10.200.200.1/32
PersistentKeepalive = 21

I can ping server from client1 and client2, but i can’t ping client1 from client2 and client2 from client1.

Is there a way for client1 ping client2 without adding client2 key to client1 config, since this will make addding client much harder. For example, if i add 1 new client when having 5 clients, all of the config must be changed.

javascript – Filter object properties by key in ES6

Let’s say I have an object:

 var item=   {
      date1: {enabled: false, label: "Date1 Label"},
      date2: {enabled: false, label: "Date2 Label"},
      date3: {enabled: true, label: "Date2 Label"},
    }

Like this I have textbox and dropdown.
I want to create html input , dropdown based on enabled is true
by filtering the object need to get an array which is having enabled option.
I am looking for a clean way to accomplish this using Es6.

encryption – I am unable to use an RSA key generated with the -aes-256-gcm option in openssl, help

When I run:

openssl genrsa -aes-256-gcm -out rootca.key 4096

Then I get the following output:

$ openssl genrsa -aes-256-gcm -out rootca.key 4096
Generating RSA private key, 8192 bit long modulus (2 primes)
..........................................................+++
..........................................................................+++
e is 65537 (0x010001)
Enter pass phrase for rootca.key:
Verifying - Enter pass phrase for rootca.key:

And when I run:

openssl req -sha512 -new -x509 -days 1000 -key rootca.key -out rootca.crt

I get the following error:

$ openssl req -sha512 -new -x509 -days 1000 -key rootca.key -out rootca.crt
Enter pass phrase for rootca.key:
unable to load Private Key
140287193601344:error:0906A065:PEM routines:PEM_do_header:bad decrypt:../crypto/pem/pem_lib.c:461:

For the above, I used OpenSSL 1.1.1f (provided by apt.
I even tried using the latest 3.0.0-alpha version of OpenSSL. But I get a different error when generating the private key first of all:

Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
4067E7A7827F0000:error:0300007A:digital envelope routines:evp_cipher_param_to_asn1_ex:cipher parameter error:crypto/evp/evp_lib.c:160:
4067E7A7827F0000:error:06800072:asn1 encoding routines:PKCS5_pbe2_set_iv:error setting cipher params:crypto/asn1/p5_pbev2.c:81:
4067E7A7827F0000:error:1188000D:PKCS12 routines:PKCS8_encrypt:ASN1 lib:crypto/pkcs12/p12_p8e.c:32:

How can I make this work?? Is AES-256-GCM not supported by OpenSSL? If so, is there an alternative to OpenSSL that can generate this type of key?

Btw, AES-256-CBC works perfectly. But, no luck with GCM.

encryption – I am unable to generate and use a aes-256-gcm key in openssl, help

When I run:

openssl genrsa -aes-256-gcm -out rootca.key 4096

Then I get the following output:

$ openssl genrsa -aes-256-gcm -out rootca.key 4096
Generating RSA private key, 8192 bit long modulus (2 primes)
..........................................................+++
..........................................................................+++
e is 65537 (0x010001)
Enter pass phrase for rootca.key:
Verifying - Enter pass phrase for rootca.key:

And when I run:

openssl req -sha512 -new -x509 -days 1000 -key rootca.key -out rootca.crt

I get the following error:

$ openssl req -sha512 -new -x509 -days 1000 -key rootca.key -out rootca.crt
Enter pass phrase for rootca.key:
unable to load Private Key
140287193601344:error:0906A065:PEM routines:PEM_do_header:bad decrypt:../crypto/pem/pem_lib.c:461:

For the above, I used OpenSSL 1.1.1f (provided by apt.
I even tried using the latest 3.0.0-alpha version of OpenSSL. But I get a different error when generating the private key first of all:

Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
4067E7A7827F0000:error:0300007A:digital envelope routines:evp_cipher_param_to_asn1_ex:cipher parameter error:crypto/evp/evp_lib.c:160:
4067E7A7827F0000:error:06800072:asn1 encoding routines:PKCS5_pbe2_set_iv:error setting cipher params:crypto/asn1/p5_pbev2.c:81:
4067E7A7827F0000:error:1188000D:PKCS12 routines:PKCS8_encrypt:ASN1 lib:crypto/pkcs12/p12_p8e.c:32:

How can I make this work?? Is AES-256-GCM not supported by OpenSSL? If so, is there an alternative to OpenSSL that can generate this type of key?

Btw, AES-256-CBC works perfectly. But, no luck with GCM.

cryptography – Why is a password encrypted with AES and then sent back to the server together with the key with RSA (Instagram)?

I am trying to understand an encryption process on a website (Instagram). As far as I know, a public key is sent from the server to the client. Then the password is encrypted with AES_GCM_256 and packed together with the AES key in an array and then in a sealed box with the public key from the Server.

Is a sealed box the same as simply encrypting the array with RSA?

Why do you do that?

I mean, if you find out the RSA private key and then decrypt the data encrypted with RSA, wouldn’t you also have the AES key to decrypt the password?

And the public key is very short:

297e5cd13e20f701d57bd5a1ee82bcead9a20e4080bc6c737917b868eb65f505

Only 64 characters so 512 bits.

Is that even safe enough for RSA?
Or is the key Curve25519?

As far as I know, should an RSA key be at least 2048 bit large?

I would appreciate a link or the answer to a few questions 🙂

Best regards

settings – Any way to preserve portable hotspot configuration (SSID, key)?

How can I preserve my initial portable hotspot configuration (mainly current SSID, encryption) settings on my device. I noticed when I use 3rd-party applications (such as WiFi transfer, Mi Drop etc) my hotspot configuration gets messed up and worse deletes the previous encryption, sometimes I only find out later that situation.

So in case of unattended session, I would love to preserve my initial config, to prevent unauthorised access to portable hotspot, which could incur significant data charges. Is there a way to achieve that (Running Android 7.0, Miui 11)

I had automation in mind to restore back to original setting, (but can’t figure out full workaround) where the trigger type is WIFi tethering state → Enabling(but the limitation here I can’t put the desired config rather its just an on switch AFAIK but I may be wrong)

enter image description here

encryption – When is a private and public key given to a user, and why can the private key not get hacked?

Trying to understand assymetric encryption. To my knowledge, it deals with the key management problem by having each user have their own private key and public key. But when is this private and public key pair generated for the user? Does each user have a unique and persistent private and public key?

Also, why are hackers unable to get a private key?

broken screen – Permanent adb RSA key authorization

My phone screen is broken but I managed to finally tap the allow button for ADB authorization so I can access the device via adb. My question is, is there a way to do this once and never be asked again or backup the RSA which I can then push to the device via adb if it happens to need re-authorization again (since i have a broken screen can’t just tap allow again)

I have enabled do not ask again on this device, but that does not seem to work from past experience and it keeps asking me to authorize of I reboot the phone.

Thanks