In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot.
Hi team.
Does anyone has any idea on how to send an encrypted / secure Print from IRIS ( which is hosted on AWS ) to a printer ( which is an on-premise device ).
Thanks
Paras
Asymmetric cryptography is a cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. Effective security only requires keeping the private key private; the public key can be openly distributed without compromising security.
In such a system, any person can encrypt a message using the receiver's public key, but that encrypted message can only be decrypted with the receiver's private key.
Robust authentication is also possible. A sender can combine a message with a private key to create a short digital signature on the message. Anyone with the sender's corresponding public key can combine the same message and the supposed digital signature associated with it to verify whether the signature was valid, i.e. made by the owner of the corresponding private key. (C) Wikipedia.
Now I want to return a large amount of data to the front end. The string length has reached 40000 +, and the returned data needs to be encrypted by AES + Base64. I can convert the string into a stream. AES can use the AESCBCEncryptStream method to encrypt, but Base64 has no stream method。Anyone who get the solution would you kindly share the solution please。
Any help would be appreciated. Thanks!
Hello All,
I am trying to Exporting the InterSystems Cache Encryption Key to an External HSM.
My External HSM supports importing the key.
Is that can be done? or supported.
Regards
Amit Kumar Thakur
+91-9953946465
Personal data privacy regulations have become an indispensable requirement for projects dealing with personal data. The compliance with these laws is based on 4 principles:
I am using the Java Binding to connect a Java Middleware Application to Cache. Originally I was using a CacheListOfDataTypes (JAVATYPE = "java.lang.List") object to bring data back. I was tasked with encrypting the data using AES and I was using the AESCBCEncrypt function on the List elements (up to 20k characters for each element) to bring it back before concatenating it on the middleware. This almost worked. Like 95% of the characters were being decrypted correctly but some text was coming back garbled. I couldn't understand how this was happening.
Requesting assistance on Intersystems Cache Managed Key Encryption.
We have configured the KMIP Server.
The KMIP server is an external HSM box. I was not able to find any info on Key Rotation and what type of encryption does it follow i.e. 1-tier approach or 2-tier approach.
Can someone please assist on the same?
Howdy, Developer Community!
Here’s a fun little formatting problem you may run into when trying to use the RSAEncrypt method of %SYSTEM.Encryption (also useable as $System.Encryption.RSAEncrypt()!), which is documented here:
https://docs.intersystems.com/latest/csp/documatic/%25CSP.Documatic.cls…
This uses either a certificate or public key per the documentation. Quote:
Certificate/PublicKey - Either
An X.509 certificate containing the RSA public key to be used for encryption, in PEM encoded or binary DER format.
Hello.
We have to call a service, and we have to encrypt the request using a public key. We have an example of how to make the call in PHP. Also we have the public key and all the parameters that we need. The example in PHP is this (it uses openssl):
$url = "https://XXXXX/";
$json = '{"api_key":"XXXXX", "id":"1"}';
$jsonEncrypt, = '';
$publicKey = file_get_contents("public.key");
openssl_get_publickey($publicKey);
openssl_public_encrypt($json, $jsonEncrypt, $publicKey);
$jsonEncrypt = base64_encode($jsonEncrypt);
We need to do the same in Ensemble.
Thanks for all replies in advance. We have a security vulnerability that we have to get rid of. We use Putty software to connect to cache as a terminal allowing several users to do maintenance work in cache. this uses telnet Plain text. I know that we can configure telnet to be encrypted using the super server service and I'm looking for software that can work like Putty as a terminal using encryption compatible with cache telnet encryption.
Hello,
Looking for some help on how I actually set the properties to enable tracing for %Net.SSH.Session ?
The doc is here:
https://docs.intersystems.com/latest/csp/documatic/%25CSP.Documatic.cls…
The values look bitwise in their defaultness and I cant seem to figure out how to enable it in my object (or if I am going about this wrong altogether). I am troubleshooting an elusive ssh error: unable to exchange encryption keys in a catch at the moment.
Would appreciate a clue if anybody has experience with it... thank you.
-Ron
Hi,
I have a client who is considering encryption options in order to comply with a tendering requirement.
Were they to encrypt the production database then what would be a reasonable expectation forthe impact on message throughput. Or possibly more easily answered: what would be the expected impact be on I/O rate and CPU utilization. Are there any benchmarks to which could support an estimate ?
How would this compare with plan B: to use disk encryption ?
Thanks
Hello,
Sorry for my epic english :(
I have a strange issue.
I have generated an encryption key with the tool (UI.Portal.EncryptionCreate.zen).
Then I activate my key for data encryption (UI.Portal.EncryptionManaged) and encryption work fine.
But when I reboot my server the key is removed from the data encryption key list (UI.Portal.EncryptionManaged) and I have to re-activate the key.
Perhaps somebody have an idee ?
Cache version : Cache for Windows (x86-64) 2016.2.2 (Build 853U)
Windows: Windows Server 2012 R2 Standard
Thanks
Sébastien
A request came from a customer to estimate how long it would take to encrypt a database with cvencrypt utility.
This question is a little bit like how long is a piece of string — it depends. But its an interesting question. The answer primarily depends on the performance of CPU and storage on the target platform the customer is using, so the answer is more about coming up with a simple methodology that can be used to benchmark the CPU and storage while running cvencrypt.
Hello; We are managing several Ensemble instances on several servers. One server has 4 instances, and two other servers have one instance each (those are production servers). We encrypt all instances using the Caché encryption in the management portal.
Currently we are using two different encryption keys: 1 key on the server with 4 instances, which is used for all 4 instances, and a second key on single-instance server. ( I'm installing the newest production server now.)
What I'd like to know is what are the best practices for managing encryption keys for separate servers.
Hi, Community!
Please find the Developer Community Video of the week on InterSystems Developers YouTube Channel:
System Sizing for Insanely Large Deployments
Trying to use AES encryption for a url. I have a plain text string, a 16-byte key and a initialization vector. I am trying to match a C# implementation that uses RijndaelManaged class with a BlockSize = 128, Mode = CipherMode.CBC, Padding = PaddingMode.PKCS7. The output of the $SYSTEM.Encryption.AESCBCEncrypt(text,key,IV), doesn't match what is coming out of C#. All inputs into the $SYSTEM.Encryption.AESCBCEncrypt(text,key,IV) are converted to UTF8 as in the documentation.
Hi,
I have a situation where I write a character stream to a file. The file content gets signed and the signature is sent to a service provider together with the file content.
The signing is done using openssl.
This works perfectly on a dev PC, which is runnning Windows and has a little-endian architecture.
The problem is as soon as I do this on the server, which has a big-endian architecture, the signed value is incorrect according to the service provider.
The content is signed using RSA SHA256 with PSS padding.
I've had a look at $nconvert, $sconvert, etc., but can't get to a solution.
Hi everyone,
I have a project which requires the sending of JSON messages to an external service provider using REST. The service provider requires the message contents to be signed.
Their instructions:
Encryption of sensitive data becomes more and more important for applications. For example patient names, SSN, address-data or credit card-numbers etc..
Cache supports different flavors of encryption. Block-level database encryption and data-element encryption. The block-level database encryption protects an entire database. The decryption/encryption is done when a block is written/read to or from the database and has very little impact on the performance.
With data-element encryption only certain data-fields are encrypted. Fields that contain sensitive data like patient data or credit-card numbers. Data-element encryption is also useful if a re-encryption is required periodically. With data-element encryption it is the responsibility of the application to encrypt/decrypt the data.
Both encryption methods leverage the managed key encryption infrastructure of Caché.
The following article describes a sample use-case where data-element encryption is used to encrypt person data.
But what if you have hundreds of thousands of records with an encrypted datafield and you have the need to search that field? Decryption of the field-values prior to the search is not an option. What about indices?
This article describes a possible solution and develops step-by-step a small example how you can use SQL and indices to search encrypted fields.
The recent announcement of a collision for the SHA-1 hash algorithm has caused some consternation:
Here is some background to help put this in perspective.
Cryptographic hash functions can have a variety of properties. The property at issue here is:
"Collision resistance - it is computationally infeasible to find any two distinct inputs x, x' which hash to the same output, i.e., such that h(x) = h(x')."
(Menezes, van Oorchot, and Vanstone, "Handbook of Applied Cryptography", section 9.2.
Hi all,
Is there any bcrypt algorithm on HealthShare? We are trying to use it but ww couldn't find it.
Regards
All,
Totally new to Cache and Encryption. Have a project requirement for SHA-512.
I'm currently re-engineering an application from CSP pages directly accessing COS Methods, to an Angular/Material front end accessing a REST DAL. Both the Angular front end and REST services are hosted from the same Caché instance and the same namespace, but the REST services have their own CSP application, with all calls being routed through a Dispatch class.
I've come across an architecture issue recently, and am trying to assess the options I have. At present, we encode a call to a class which takes in an OID and returns the Stream to the browser.
How can we make sure that the Cache userid passwords are encrypted on storage? We want to make sure that the Cache passwords cannot be decrypted - how can we ensure that?
We are currently performing encryption at the OS level but it makes storage expansion complicated. Any feedback on OS encryption vs. Ensemble? Pros/Cons. We will have CentOS7 on our new server.
Thanks
Using Intel® Advanced Encryption Standard New Instructions with InterSystems Caché Substantially Improves Encryption Performance and Reduces Computational Overhead
Executive Summary
Financial services companies have an ever-growing need to encrypt databases containing sensitive customer and trade data. However, using encryption on these databases can require significant computational resources, potentially impacting trading latencies.