An OTP application
##Install
1. Check folder couchdb
and mysql
for docker preparation.
2. Create Folder sandbox in your home folder
3. Run clean_compile_run.sh
on unix, or clean_compile_run.cmd
on windows, or build own docker container, see below.
TODO: GUI with wxErlang
##Docker
1. Build container
docker build --build-arg password=pass --no-cache=true -t debian:erlang1 .
2. Create network
docker network create testnetwork
3. Run container
docker run -ti -p 5555:5555 --name bc --net testnetwork debian:erlang1
1. Generate keys
{PublicKey, PrivKeyOut} = crypto:generate_key(ecdh, crypto:ec_curve(secp521r1)).
Size
bit_size(PublicKey).
give as result 1064
bit_size(PrivKeyOut).
give as result 528
2. Sign message
Signature = crypto:sign(ecdsa, sha512, <<"test">>, [PrivKeyOut, crypto:ec_curve(secp521r1)]).
3. Verify signature
crypto:verify(ecdsa, sha512, <<"test">>, Signature, [PublicKey, crypto:ec_curve(secp521r1)]).
4. Base64
bit_size(base64:encode(PublicKey)).
result 1440
bit_size(base64:encode(PrivKeyOut)).
result 704
5. RIPEMD160
crypto:hash(ripemd160, PubKey).
result in 160 bits
crypto:hash(ripemd160, PrivKey).
result in 160 bits
TODO: Hex representation in erlang
HEX in Erlang
1. Generate keys for Bob, Alice and Eve
{PublicKeyBOB, PrivKeyOutBOB} = crypto:generate_key(ecdh, crypto:ec_curve(secp521r1)).
{PublicKeyALICE, PrivKeyOutALICE} = crypto:generate_key(ecdh, crypto:ec_curve(secp521r1)).
{PublicKeyEVE, PrivKeyOutEVE} = crypto:generate_key(ecdh, crypto:ec_curve(secp521r1)).
{PublicKeyDAVE, PrivKeyOutDAVE} = crypto:generate_key(ecdh, crypto:ec_curve(secp521r1)).
2. Bob create message, which described transaction
BOBSignature = crypto:sign(ecdsa, sha512, <<"send 10 coins to ALICE(public key from Alice here)">>, [PrivKeyOutBOB, crypto:ec_curve(secp521r1)]).
Message and Signature are sent in network. All users check following:
crypto:verify(ecdsa, sha512, <<"send 10 coins to ALICE(public key from Alice here)">>, BOBSignature, [PublicKeyBOB, crypto:ec_curve(secp521r1)]).
If result is true
than send message on next neighbour, if false
discard message.
3. Alice payout (Alice must know the message and signature which created Bob, is important for KYC)
Alice create new message with signature from Bob's, and sent in network.
ALICESignature = crypto:sign(ecdsa, sha512, BOBSignature, [PrivKeyOutALICE, crypto:ec_curve(secp521r1)]).
All users in network check following:
crypto:verify(ecdsa, sha512, BOBSignature, ALICESignature, [PublicKeyALICE, crypto:ec_curve(secp521r1)]).
if result is true
than send message to next node, if false
discard message. Checking balances happened also here.
Manipulation
If Eve try to manipulate message, than on following way:
a. Manipulate message, and uses Bob's signature
crypto:verify(ecdsa, sha512, <<"send 10 coins to EVE(public key from Eve here)">>, BOBSignature, [PublicKeyBOB, crypto:ec_curve(secp521r1)]).
result false
.
b. Create wrong message and signature with help of third account from Dave
DAVESignature = crypto:sign(ecdsa, sha512, <<"send 10 coins to EVE(public key from Eve here)">>, [PrivKeyOutDAVE, crypto:ec_curve(secp521r1)]).
EVESignature = crypto:sign(ecdsa, sha512, DAVESignature, [PrivKeyOutEVE, crypto:ec_curve(secp521r1)]).
in this case other users muss check:
crypto:verify(ecdsa, sha512, <<"send 10 coins to EVE(public key from Eve here)">>, DAVESignature, [PublicKeyDAVE, crypto:ec_curve(secp521r1)]).
but prior muss be known, that on wallet from Dave exists 10 coins, from other transactions or from mining, this work made minders
Derivated from stackoverflow
AES work with 128 bit blocks, key length is also 128 bit
Blowfish work with 64 bit length for key and 128 bit for data
DES(Data encryption standard) work with key length 56 bits, and block size 64 bit
1. Define your key
AES
AESKey = <<1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1>>.
on bit_size(AESKey).
expected 128.
Blowfish
BFKey = <<1,1,1,1,1,1,1,1>>.
on bit_size(BFKey).
expected 64.
DES
DESKey = <<1,1,1,1,1,1,1,1>>.
on bit_size(DESKey).
expected 56. In Erlang key must be least 64 bit.
2. Define your data
AES and Blowfish
AESBFData = <<2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2>>.
on bit_size(AESBFData).
expected 128.
DES
DESData = <<2,2,2,2,2,2,2,2>>.
on bit_size(DESData).
expected 64.
3. En- and Decrypt data
AES
AESCrypt = crypto:block_encrypt(aes_ecb, AESKey, AESBFData).
AESDecrypt = crypto:block_decrypt(aes_ecb, AESKey, AESCrypt).
io:format("AESDecrypt is ~s~n", [AESDecrypt]).
Blowfish
BFCrypt = crypto:block_encrypt(blowfish_ecb, BFKey, AESBFData).
BFDecrypt = crypto:block_decrypt(blowfish_ecb, BFKey, BFCrypt).
io:format("BFDecrypt is ~s~n", [BFDecrypt]).
DES
DESCrypt = crypto:block_encrypt(des_ecb, DESKey, DESData).
DESDecrypt = crypto:block_decrypt(des_ecb, DESKey, DESCrypt).
io:format("DESDecrypt is ~s~n", [DESDecrypt]).
TODO: Import for key-files created with openssl.
1. Generate private key
Option -noout
say that the arguments which are used for key generation, not in file written.
openssl ecparam -genkey -name secp521r1 -noout -out private_key.pem
openssl ec -in private_key.pem -text -noout
print key in hex-format(only for private key files).
Use -passout pass:foobar
for password not with ec.
2. Generate public key
openssl ec -in private_key.pem -pubout -out public_key.pem
3. Sign message
openssl dgst -sha512 -sign private_key.pem message.txt > signature.der
With hexdump signature.txt
you see signature file in hex-format.
Or for readable for humans file use:
openssl dgst -sha512 -hex -sign private_key.pem message.txt > signature2.der
4. Verify signature, message and public key
openssl dgst -sha512 -verify public_key.pem -signature signature.der message.txt
echo -n "foobar" | openssl dgst -sha256
possible hash functions show
openssl list-message-digest-commands
Encode base64
echo NDYuODEuMTIwLjE1MAo= | openssl enc -base64
Decode base64
echo NDYuODEuMTIwLjE1MAo= | openssl enc -base64 -d
Option -base64
is used as standard.
Option -k <password>
or -pass pass:<secret>
use this password.
Option -P
show salt, key and iv.
1. Encode File base64 encoding is used as default
openssl aes-256-cbc -a -salt -in secrets.txt -out secrets.txt.enc
without file
echo "secret" | openssl aes-256-cbc -base64 -e -a
2. Decode File
openssl aes-256-cbc -d -a -in secrets.txt.enc -out secrets.txt.new
without file
echo "U2FsdGVkX18gmZMWMGJncmUi+jXPNR3FwYumYvrd5pQ=" | openssl aes-256-cbc -d -a
TODO
First steps...
openssl req -newkey rsa:2048 -out request.pem -keyout pub-sec-key.pem
##For analysis
- (Шифрование по ГОСТу, Магма)[https://xakep.ru/2018/05/10/working-with-magma/]
- (Кузнечик ГОСТ 34.12)[https://xakep.ru/2017/02/02/working-with-grasshopper/]
- (Хаш по ГОСТ 34.11)[https://xakep.ru/2016/07/20/hash-gost-34-11-2012/]
#Why Erlang?
Why Erlang?
WebPages with Chicago Boss
#Current problems
Work on merkle tree implementation
For List iteration lists:foreach(fun (List_to_itteration) -> <<WWW:512/big-unsigned-integer>> = crypto:hash(sha512, [List_to_itteration]), Output = integer_to_list(WWW, 16), io:fwrite(Output), io:fwrite("\n") end, List).
But no idea for creating new list on the fly, an add new hashes.
1. rebar3 integration in windows
Github Issue new
Github Issue old
Github Issue Docker
Yet no solution available!!
3. Websockets connection
4. Logger problem
Github Issue
#For me
Erlang Book Author Blog
Cryptographic Key Length Recommendation
What is SOLID?
NASA Real Time System Failures
##Byte and Bit Calculation
%% bits
8 = bit_size(<<12>>).
16 = bit_size(<<0, 12>>).
...
%% bytes
3 = byte_size(<<0, 123, 2342323423423>>).
##Block calculation
%bitsize for sha512 in base64 public key
%bitsize for sha512 in base64 signature
%bitsize for sha512 in base64 public key