by R.I. Pienaar | Feb 13, 2006 | Code, Usefull Things
Sometimes I need to encrypt some stuff but do not want to install PGP or GPG. I typically use OpenSSL for this kind of thing and have written a simple frontend script to achieve strong password based encryption using OpenSSL. Sometimes you need public / private key encryption though, below will show you how to do it using just OpenSSL.
Public/Private key encryption is a method used usually when you want to receive or send data to thirdparties. The system requires everyone to have 2 keys one that they keep secure – the private key – and one that they give to everyone – the public key. Data encrypted using the public key can only ever be unencrypted using the private key. This method of encryption that uses 2 keys is called asymmetric encryption.
So by example if Person A want to send Person B data in a secure fashion she just have to encrypt it with Person B’s public key, only Person B can then open the file using her private key. There are other advantages to this kind of encryption. If I met you in person and gave you my public key, I can send you something electronically using my private key to encrypt it, if the public key you have can decrypt that data then you can trust that it was sent by me, it’s mathematical proof of identity. This is the basis for Digital Signatures.
Using OpenSSL on the command line you’d first need to generate a public and private key, you should password protect this file using the -passout argument, there are many different forms that this argument can take so consult the OpenSSL documentation about that.
$ openssl genrsa -out private.pem 1024 |
$ openssl genrsa -out private.pem 1024
This creates a key file called private.pem that uses 1024 bits. This file actually have both the private and public keys, so you should extract the public one from this file:
$ openssl rsa -in private.pem -out public.pem -outform PEM -pubout |
$ openssl rsa -in private.pem -out public.pem -outform PEM -pubout
You’ll now have public.pem containing just your public key, you can freely share this with 3rd parties.
You can test it all by just encrypting something yourself using your public key and then decrypting using your private key, first we need a bit of data to encrypt:
$ echo 'too many secrets' > file.txt |
$ echo 'too many secrets' > file.txt
You now have some data in file.txt, lets encrypt it using OpenSSL and the public key:
$ openssl rsautl -encrypt -inkey public.pem -pubin -in file.txt -out file.ssl |
$ openssl rsautl -encrypt -inkey public.pem -pubin -in file.txt -out file.ssl
This creates an encrypted version of file.txt calling it file.ssl, if you look at this file it’s just binary junk, nothing very useful to anyone. Now you can unencrypt it using the private key:
$ openssl rsautl -decrypt -inkey private.pem -in file.ssl -out decrypted.txt |
$ openssl rsautl -decrypt -inkey private.pem -in file.ssl -out decrypted.txt
You will now have an unencrypted file in decrypted.txt:
$ cat decrypted.txt<br>
too many secrets |
$ cat decrypted.txt<br>
too many secrets
All of these examples use the RSA encryption method, some hard core mathematical information about it here.
There are a fair few limitations to this approach – it will only encrypt data up to the key size for example. And you really should never encrypt english plain text using a method like this. You’d use this to safely encrypt a random generated password and then aes encrypt the actual text you care about. Look in the comments for examples of that.
by R.I. Pienaar | Feb 8, 2006 | Code
I am in the process of building a automated RedHat Linux installer which requires me to configure the following on a RedHat Enterprise Machine:
RedHat has stopped providing any kind of Java binaries with their base OS, you have to buy a copy of the RedHat Application Server for $999.
As is often the case in this kind of situation there are other options that does not cost money, the group over at JPackage.Org does a great job of packaging all things Java in generic RPMs that will work on most RPM based distributions.
There are limitations though, jpackage is not allowed to distribute binaries of the non-free code such as the Sun JVM itself but they do provide source RPMs that lets you build this on your own after downloading the source from the Sun website.
I have written up a Wiki entry that details from start to end the process in getting the above working on CentOS. CentOS is of course a binary distribution of RedHat Enterprise Linux, they take the opensource SRPMs as provided by RedHat and removes all RedHat branding from the OS giving you a functional equivalent to RedHat Enterprise without the price tag. I use it on my development systems and so for the moment this guide only applies directly to CentOS though the differences are small.
This may look daunting at first but it really is not, once you’ve built the binary RPMs of the non-free code it is a breeze to install many machines with these RPMs using only a few commands and 1 config file. So you’ll soon reap the benefits especially if you are tasked with configuring a cluster of webservers that should all be on the same patch levels.
You can find the full guide here: Tomcat 5 on RedHat Enterprise Linux using JPackage.org Packages.
by R.I. Pienaar | Jan 31, 2006 | Photography
Today I received a comment on my photoblog from photoblogdirectory.org.
Our robot found your rss-feed you are providing
on your photoblog website (http://photoblog.devco.net/) and added it to our listings.
Would be nice to see you claiming your blog @
http://www.photoblogdirectory.org/claim/xxxxx/
http://www.photoblogdirectory.org is dedicated to support the photobloggers community,
feature new/interesting photoblogs on the scene, rate the best
and send visitors to the photobloggers sites.
regards,
Gloria Jones
Webmistress @
http://www.photoblogdirectory.org
What can I say? This is just the worst kind of site promotion I’ve ever seen, they are really showing that they are just one step above common viagra spammers, online casino spammers and the like.
I’d urge any photographers who read this site to boycot photoblogdirectory.org.
by R.I. Pienaar | Jan 30, 2006 | Usefull Things
TaoSecurity pointed me to a new release of the (IN)SECURE Magazine, previously I was unaware of this magazine but having read the latest issue I can really recommend it to anyone interested in security.
The articles are well written and in depth, the magazine has some ads but they are well done and not intrusive at all. The article list for this issue number 5 are:
- Web application firewalls primer
- Review: Trustware BufferZone 1.6
- Threat analysis using log data
- Looking back at computer security in 2005
- Writing an enterprise handheld security policy
- Digital Rights Management
- Revenge of the Web mob
- Hardening Windows Server 2003 platforms made easy
- Filtering spam server-side
You can see it covers a wide range of topics, covers Windows, Linux and FreeBSD so there certainly is something for everyone in here. Check it out.
by R.I. Pienaar | Jan 29, 2006 | Uncategorized
Podcasting is all the rage these days and I can see why, there are some really good stuff out there, at the moment I really enjoy the Ricky Gervais podcast. Mostly its 3 guys talking absolute bollocks while being pretty funny about it, incredibly mindless fun.
On the video casting side there isn’t as much that I enjoy though I’ve only really checked into 4 or 5 shows. Now everyone seems to think that this is the future of entertainment, independent guys making tv shows or radio shows bypassing all the networks, syndicates and all that crap. I can see the value in that argument as well and for most of the videocasts this holds true, short, focussed niche type shows that you either enjoy or don’t and it’s very easy to just move on to the next thing.
One show though stands out to me in it’s incredible level of annoyance and outright insulting of its viewer base and that is the Photoshop TV show. Now this show has received a lot of raves in the past and this is the 2nd time I tried to watch it. The Photoshop related content is great, the tutorials are at many levels from beginner to advanced and the guys know their stuff, they’re a bit keyboard shortcut happy which makes it hard for people to know how what they are doing relates to the tons of Photoshop menus but that not the end of the world.
So what’s the problem? Like all of the podcast world they obviously have massive bandwidth bills to pay and they do this by promoting a number of sponsors, nothing wrong with that at all. The problem though is that the signal/noise ratio of the show is off the scales. As a little investigation I took their latest show and cut out all the advertising related content but leaving their inane chatter in. I was left with 2/3 of the 30 minute show. Cut out the chatter, startup jingle, ending jingle, competitions etc and you end up with less than 1/2 of the 30 minutes.
Apart from the signal/noise ratio they are obviously trying hard to look professional in the editing together of the show, things flow nicely into each other and so forth. Problem again is that the continuity of the thing is just crap. Person A hands Person B a PowerBook to do a Demo on, screen movie shows a XP box. Person B is done with the presentation and he is stood with a Windows Laptop in-front of him. Why? Why do they need to go and do silly things like that just put the box you’re going to use in-front of you and get it over with, don’t show of Apple kit cos it’s sexy or is this just another product placement deal?
Each week they give viewers some kind of homework assignment to review websites etc, well this week there were 3 websites – one from each presenter. The 2nd recommended website was from a training center where the person recommending it is teaching a class. The 3rd one was a recommendation of the website for one of their sponsors! Immediately followed by a ad for the particular sponsor as well. During the show the one guy was constantly pushing a book he wrote, giving copies away telling you to buy it, where to buy it etc. Shameless self promotion.
So I left a quick comment on their blog, something along the lines of:
The photoshop content of the show is great, pity its spoiled by the 1/3 advertising content, not even the worst of TV shows are that bad with advertising.
Naturally they didn’t approve my comment and it never showed up, nice one. I’d love to see how far television would get if for a hour show you end up with this level of absolute noise? The slashdot/digg crowd always go on a total freak out about the likes of Tivo moving towards not letting them skip over ads but then they stand for much worse from this grass roots tech that is supposed to save the video/audio entertainment world? I’m not sold.
