Quite funny that after a few months offline I find the fun in writing a small article about an investigation which is still about security. My task was to find how I could replicate the signature performed with an old applet and a proprietary library which used a hardware token in javascript using a new api provided by a different party. The old applet just signed a hash and I had to find the way to implement this with the new api....
If you are doing signature generation via a hardware token (for instance 3Skey) then, for large files it is impractical to send the file to the hardware token. Instead you send a hash (SHA256), get a detached PKCS#7 signature and you need to re-attach the payload in java code. For once this was easier to do with plain JCE code instead of my favorite BouncyCastle provider. However for really large files BC does provide the streaming mechanism required....
These last days I had to tinker with openssl a lot and this is a short memory reminder of the params. PKCS#7 manipulation Verify pkcs#7 signature #the -noverify means do not verify the certificate chain, this will only verify the signature not the originating certificate openssl smime -inform DER -verify -noverify -in signature.p7s Show the structure of the file (applies to all DER files) #for debuging openssl asn1parse -inform DER -i -in signature....
The goal is to create an encrypted device which gets automatically unlocked using an usb key. Updated on 20160521 for ubuntu 16.04 which creates a lot of problems. Create the key on the usb drive A good idea is to put the key on the usb drive in such a way it’s not obvious that is a key. Usually on the usb drive there is a 512 bytes MBR (1 sector) and then up to 32 other sectors until the first partition....
AES encrypt in java and decrypt in java, flex, python, C#. Encrypt: java <pre lang="java">public static void encrypt(InputStream is, OutputStream out, String secret) throws Exception { SecretKey secretKey = new SecretKeySpec(Hex.decodeHex(secret.toCharArray()), "AES"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, secretKey); out.write(cipher.getParameters().getParameterSpec(IvParameterSpec.class).getIV()); CipherOutputStream cipherOutputStream = new CipherOutputStream(out, cipher); int bufLength = KEY_LENGTH/8 * 100; byte buf[] = new byte[bufLength]; int bytesRead = 0; while((bytesRead = is.read(buf)) != -1 ) { cipherOutputStream.write(buf, 0, bytesRead); } cipherOutputStream....
When storing your backups on an external drive you occasionally take with you it is a very good idea to encrypt your backups. Here are some personal conclusions after trying 2 different solutions. eCryptFs Advantages (reasons to choose): stacked – can be used on top of another filesystem, even on top of NTFS allocated on the fly – no need to pre-allocate your space, it will be allocated on the fly....
The problem was to connect to a L2TP server from linux, no windows available. The required packages: <pre lang="bash">apt-get install l2tp-ipsec-vpn reboot Done the needed configuration but the connection was not established. The gui said error 500. The log said much but apparently not enough. Here is what could be considered as an error: Oct 3 18:55:36 purple xl2tpd[4162]: setsockopt recvref[30]: Protocol not available Oct 3 18:55:36 purple xl2tpd[4162]: This binary does not support kernel L2TP....
This is a complete example on how to use openssl to fetch a https page. The example is based on the several others I found on the web so my credit is minimal and only consist of modifying just a little the existing examples to compile and work with openssl-0.9.8e on Linux and Solaris. The example #include <openssl/ssl.h> #include <openssl/err.h> #include <openssl/bio.h> #include <iostream> #define MAX_PACKET_SIZE 10000 int main() { BIO * bio; SSL * ssl; SSL_CTX * ctx; /* Initializing OpenSSL */ SSL_load_error_strings(); ERR_load_BIO_strings(); OpenSSL_add_all_algorithms(); SSL_library_init(); //mandatory and missing from some examples ctx = SSL_CTX_new(SSLv23_client_method()); if (ctx == NULL) { std::cout << "Ctx is null" << std::endl; ERR_print_errors_fp(stderr); } //using a store from examples if(!...