Category: Security
-
How to Make Verified GitHub Commits
Created by M. Massenzio, 2021-12-24 GitHub has a set of detailed instructions, however, if you know your way around a Linux shell and basic understanding of how keys work, this is a condensed TL;DR version. Also, with minimal effort it could be automated in a shell script (even uploading the key to GitHub via API).…
-
Integrating Open Policy Agent with Spring Security Reactive and JSON Web Tokens
We present a Java library that simplifies adopting the Open Policy Agent server to manage user authorization for a Spring Boot microservice, while also managing API Token (JWT) authentication. Motivation Spring Security assumes a fairly simplistic Role-Based access control (RBAC) where the service authenticates the user (via some credentials, typically username/password) and returns a UserDetails…
-
File Encryption Utility now offers file sharing
With the 0.5.0 version just released, crytto now allows file sharing (e.g., via email) by sharing public keys: encrypt_send -o /tmp/my-secret.enc \ -p /home/marco/.ssh/my-key.pub \ ./my-secret.doc This generates an encrypted file (in the location specified with the -o option) and an equally encrypted “passphrase” which can then be sent (ideally via a separate sharing mechanism; although, as…
-
File Encryption (and Decryption) Made Easy
A new release of the Crytto library (0.4.0) has just been published, which greatly simplifies encrypting (and decrypting) files The new release adds the decrypt script which, when combined with the existing automatic retrieval of the encryption key from the keystore, makes it a breeze to decrypt files. For example, if you had encrypted your…
-
What does the Notification “badge” on MacOS System Preferences icon really mean?
If you have recently upgraded your MacOS laptop/desktop to 10.12.14, you will have noticed that now the System Preferences icon in the doc shows a mysterious “notification badge”: Just opening System Preferences shows absolutely no clue as to where the notification is coming from, nor what to do about it. It turns out that Apple…
-
filecrypt – OpenSSL file encryption
overview Uses OpenSSL library to encrypt a file using a private/public key pair and a one-time secret. A full description of the process can be found here. configuration This uses a YAML file to describe the configuration; by default it assumes it is in /etc/filecrypt/conf.yml but its location can be specified using the -f flag.…
-
HOW-TO Encrypt an archive file
Private/Public keypair Create the private key (one-off): openssl genrsa -out ~/.ssh/key.pem 2048 chmod 400 ~/.ssh/key.pem then extract the public key from it: openssl rsa -in ~/.ssh/key.pem -out ~/.ssh/key.pub -outform PEM -pubout NOTE The whole mechanism revolves around keeping the secret key key.pem, well, secret. This is the only critical part of the scheme. Everything else,…
Code Trips & Tips 