The Security services API doesn't appear to allow me to compute a hash directly. There are plenty of public domain and liberally licensed versions available, but I'd rather use a system library implementation if possible.
The data is accessible via NSData, or plain pointers.
The cryptographic strength of the hash is important to me. SHA-256 is the minimum acceptable hash size.
My app communicates with server interface (classic ASP) through HTTPS.
It has been workd very well in prior version of Android 7.0 Nougat. (until 6.0)
But, Connection closed by peer Error occurs in Android 7.0 phone and AVD(Android virtual device).
Server is Windows 2003 Server SP2 (SSL Certificate was updated from SHA1 to SHA256 in Jul 23th, 2016), HTTPS, Classic ASP
Server's SSL certificate installation check status of GeoTrust is like below
GeoTrust check status screen shot of my Server's certificate
(Protocols not enabled : TLS1.1, TLS1.2)
In my opinion, Android 7.0 fails SSL handshaking with Windows 2003 Server of TLS1.0(only TLSv1.1, TLSv1.2 can support successful handshaking with SHA256 certificate?)
Is this right?
And I just found this hot fix : http://support.microsoft.com/kb/968730
Is this can be a solution?
How could I fix this problem
I understand that you have a hex string and perform SHA256 on it twice and then byte-swap the final hex string. The goal of this code is to find a Merkle Root by concatenating two transactions. I would like to understand what's going on in the background a bit more. What exactly are you decoding and encoding?
transaction_hex = "93a05cac6ae03dd55172534c53be0738a50257bb3be69fff2c7595d677ad53666e344634584d07b8d8bc017680f342bc6aad523da31bc2b19e1ec0921078e872"
transaction_bin = transaction_hex.decode('hex')
hash = hashlib.sha256(hashlib.sha256(transaction_bin).digest()).digest()
I have signed a file using openssl SHA256 and a private key as follows:
with subprocess.Popen( # Pipe the signature to openssl to convert it from raw binary encoding to base64 encoding. # This will prevent any potential corruption due to line ending conversions, and also allows # a human to read and copy the signature (e.g. for manual verification). 'openssl dgst -sha256 -sign private.key sign_me.zip | openssl base64 > signature.sha256', stdout=subprocess.PIPE, stderr=subprocess.STDOUT, shell=True,) as proc: out, _ = proc.communicate()
public_key.crtto verify that
sign_me.ziphas not been modified.
I've done a lot of searching trying to figure out how to do this, but I haven't been able to find a satisfactory answer. Here is a list of things I've tried and/or researched:
I am able to manually verify the signature via the following shell command. This won't work as a permanent solution due to requirement 3.
openssl dgst -sha256 -verify <(openssl x509 -in public_key.crt -pubkey -noout) -signature signature.sha256 sign_me.zip
I found this question, which is almost exactly what I want to do. It hasn't been answered or even commented on in nearly 2 years. It mentions the ssl python library, which deals mostly with client/server certificates and sockets.
verify()method documentation in the Python 2.7 crypto module that the question references.
Perhaps I'm missing something obvious? I haven't done much work with security/encryption/hashing, so feedback is welcome.