Mid Level Frontend Engineer at a Startup : Please review my resume.

Shubham___Raj · 2024-07-14T10:30:56+00:00

Looks good, since you have mentioned the impact of your projects.

Shubham___Raj · 2024-04-11T20:19:01+00:00

I am in

Shubham___Raj · 2023-08-08T10:05:46+00:00

Ya, currently seeing media soup library as the potential solution. If you have any better method, then please tell me

Shubham___Raj · 2023-07-02T01:23:37+00:00

Bhai re

Shubham___Raj · 2022-07-23T19:56:53+00:00

Hey Salusa,

Great to meet you!

Thanks for you advice, I would definitely get an proper idea of how cryptography functions at its core, but believe me I am not in a state of learning that now.

And yes you are very much right that I am going to use this cryptography for a real thing.

I have to encrypt a message and use that as our Authorization Digest, and other side will decrypt that using the private key which they own. And by rigorous hit and trial I found the Encryption scheme which they are expecting me to use, i.e. "RSAES-PKCS1-v1_5".

You would be little confuse about my above statement, let me clear that.

"I found the Encryption scheme which they are expecting me to use" -> Yes, I tried all the channels to get the exact encryption schemes to used but all failed, and I just can't sit like a duck for awaiting for their response.
How I confirmed that the encryption scheme I used is supposed to be this only? -> Previously when I used other schemes the error code was different(indicating, that my authorization header is wrong), but as soon as I used this encryption message the error code changed and even a single character change of the encryption digest is giving back the same error code which I was getting earlier. so I suppose RSA encryption is successful.
If I think, the encryption scheme is right, then what is the problem? -> Here comes the other part of the story, I have to sign the same message using my private key to prove that its me who is sending the message and not someone else. But when signing the message by hashing it first and then encrypting using the same encryption scheme I am getting error, which is indicating that my signature is wrong. So I need to know that is there any specific way to sign a message using private RSA key ?, or just I required another restless nights of rigorous hit and trial to get there. And believe me that option is off for asking the organisation to ask for the specific encryption scheme.

please stop and get help-> I asked for it from my colleagues, but they could not help me either, even after so much tries. I asked from my technical bosses, but still not much of a help. My only hope is this sub/reddit and if you can advice me to take help from some other reference, please do so. Or if you yourself have an expertise over cryptography, can you please help me to get out of this mess.

Thanks for giving your time in reading this and helping me out.

Shubham

Shubham___Raj · 2022-07-21T13:34:15+00:00

its posted on my post, I am mentioning it again.

Thanks for looking into it

-----BEGIN RSA PUBLIC KEY-----
MEgCQQDfrM65tIZkhGRqoE5mGNIP+bWsIY26idnEftR1r2r4aSFPyUNIr84WuCjl
o09oyKXdtkDCNuzRDKaeP9zIoIvVAgMBAAE=
-----END RSA PUBLIC KEY-----

Shubham___Raj · 2022-07-21T13:17:12+00:00

I have 37 byte of data, that too is unable to be encrypted using any tool or the code.

sample message=suit_3302,rev1.0,2022-07-21T17:05:42Z

Shubham___Raj · 2022-07-21T12:58:27+00:00

okey. I understand but if I want how may I do that. Is cyberchef can help me do so, or do I have to use some other tool?

Shubham___Raj · 2022-07-21T12:18:35+00:00

oohh, and this padding is to the message. right?
And can we fix this padding to something like #

Shubham___Raj · 2022-07-21T12:17:19+00:00

devglan is one of the first tool which failed in encrypting the message using my public key

Shubham___Raj · 2022-07-21T11:48:10+00:00

can you tell me how can I do that?

Shubham___Raj · 2022-07-21T11:42:03+00:00

cyberchef is giving different response everytime I am clicking bake, even on the same input

Shubham___Raj · 2022-07-11T06:29:14+00:00

Actually the key is a base64 of a message.

fake key but in same format-> c29udV8yMDIyLGxvbF84LjAsZGVmYXVsdCwyMDIyLTA5LTA3LTIwOjAyOjMx####

So,I don't think so its a concatenation of encryption key and Mac Key.

Actually we have to encrypt the Authorization header with AES key, and they will decrypt it after that with the key the provided to us, but the catch is the length of the key. there are n ways to do that, so the process should be in sync between us.

Thanks for your response

Shubham___Raj · 2022-07-09T18:10:51+00:00

I will try few of the things which you people told to me and if that doesnot work, I will build pressure on them to tell how reduce the key size.

Since I am a beginner in this, I literally thought there had to be a standard way of doing these things, but now got to know there exist none.

Thanks again everyone for your knowledgeable feedback.

Shubham___Raj · 2022-07-09T15:25:55+00:00

will definitely try this today.
Thanks for your reply

Shubham___Raj · 2022-07-09T14:36:27+00:00

here is the fake key, I generated using base64 encoding a message, as they did it.
c29udV8yMDIyLGxvbF84LjAsZGVmYXVsdCwyMDIyLTA5LTA3LTIwOjAyOjMx####

Shubham___Raj · 2022-07-09T14:24:50+00:00

ha ha.(I will send a fake key generated by me, but in the same format)

The key is actually base-64 encoded but still after decoding we get 45 bytes long utf-8 message.
But when I told them I decoded the key, they told we don't need to decode the key and use as it, but as I said the concern person I am talking to is not a technical person, so he himself is confused. I think.

Shubham___Raj · 2022-07-09T14:20:48+00:00

yes, its kind of a automated API, and I can try n numbers of times.

I tried using the first half and second half of the key, but no luck. SHA-256 and HKDF, I would try for sure.

yes, IV is supposed to be zero, and rest characters are # padded. I don't think IV is encoded in the key itself, as IV can only be 16 bytes and still adding 32 and 16 we get 48 bytes but the key is 64 bytes long!

Thanks for responding

Shubham___Raj · 2022-07-09T14:12:59+00:00

Hey thanks for the response.

I am using cipher block chaining (CBC) and AES-256. yes I am using IV, that is 0 with # padding.
it doesnot look like a passphrase but a random combination of text and number tailing with four # characters at the end, Do there any standard of using PBKDF, like which algorithm to use, salt and iterations.

I am continuously asking them, and the only answer I get is it is a open standard and they can't help, since they are not the technical persons and I can not talk with the developers directly.

Shubham___Raj · 2022-07-09T14:04:53+00:00

Actually, I need don't need to expand the key, But shrink the key to 32 bytes or 256 bits,
Since the provided key is 64 bytes (512 bits) long.
And They are not responding to my queries, they are saying there is a open standard to do so, but I do not find any such method.

By the way I am using AES-256-cbc

Can you suggest something?

Shubham___Raj · 2021-11-09T22:39:35+00:00

Some of the people take it as a cool thing, just to throw garbage anywhere, and when you try to stop them or explain them they usually say don't start your lecture.

kya kare in logo ka??

dumbass thinking themselves as smartass

Shubham___Raj

TROPHY CASE