Skip to content

Instantly share code, notes, and snippets.

View emboss's full-sized avatar

Martin Bosslet emboss

160 followers · 18 following
  • Germany
View GitHub Profile
@emboss
emboss / gist:506f0976c7a46068b35a
Created January 29, 2015 09:56
Kill thread that spawned a process
t = Thread.new do
pid = Process.fork do
loop do
puts "Hi"
sleep 0.5
end
end
puts "Use 'kill -9 #{pid}' to kill me!"
Process.wait pid
end
@emboss
emboss / ruby-1.9-openssl-1.0-build-instructions.txt
Last active August 29, 2015 14:14
==> openssl-build.bash <==
#!/bin/bash
set -e -x
export CFLAG="-g"
export CFLAGS="-g"
# Debugging Target
# debug-linux-elf-noefence
@emboss
emboss / analysis.rb
Last active August 29, 2015 14:00
castealer.rb analysis
# Original castealer.rb with analysis
#####################################################################################
require 'rubygems' #redundant
require 'openssl'
require 'digest/md5' #redundant
key = OpenSSL::PKey::RSA.new(2048)
cipher = OpenSSL::Cipher::AES.new(256, :CBC) #redundant
ctx = OpenSSL::SSL::SSLContext.new #redundant
@emboss
emboss / JS crypto libraries
Created November 4, 2013 00:52
JavaScript crypto libraries
sjcl (http://crypto.stanford.edu/sjcl/)
crypto-js (https://code.google.com/p/crypto-js/)
jsCrypto (https://code.google.com/p/jscryptolib/)
triplesec (https://github.com/keybase/triplesec)
polycrypt (https://github.com/polycrypt)
@emboss
emboss / gist:6694336
Created September 25, 2013 02:13
The new Krypt::Asn1 implementation written purely in Ruby: Parsing performance compared to OpenSSL::ASN1.
The new Krypt::Asn1 implementation, written entirely in Ruby
vs.
OpenSSL::ASN1/OpenSSL::X509, both written in native C/Java code.
$ ruby --version
ruby 2.1.0dev (2013-09-25 trunk 43039) [x86_64-linux]
$ ruby -Ilib tmp/bm_asn1_parse.rb
@emboss
emboss / TestPolicyFiles.java
Last active December 10, 2015 17:58
Test program to detect the need for "Unlimited Strength Policy Files"
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
public class TestPolicyFiles {
public static void main(String[] args) {
try {
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(256);
@emboss
emboss / secureinstall.md
Created September 4, 2012 18:46
Secure Installation or the notion of a "Trusted Path"

Secure installation of OpenSSL FIPS module.

While looking into the "FIPS mode" of OpenSSL recently, I found this. What puzzled me was the footnote about "secure installation", and the details from section 6.6 of the OpenSSL FIPS User Guide. To count as a valid installation that fulfills all of the requirements, users are required to verify the integrity of the OpenSSL FIPS sources with an independently acquired FIPS 140-2-validated cryptographic module. The programmer in us immediately shouts "Infinite recursion!" and what seems like an overly academical troll on behalf of the CMVP at first turns out to be a delicate issue, while not novel at all, but with far-reaching consequences for the status of any "validated" piece of software in general, or as the OpenSSL FIPS User Guide puts it:

>Note this last point is downright mind-boggling: it amounts to an assertion that essentially all installations of v

@emboss
emboss / gist:3253173
Created August 4, 2012 00:58
Compute EC public key from private key and generator
require 'openssl'
group = OpenSSL::PKey::EC::Group.new('prime256v1')
generator = group.generator #the generator point
ec = OpenSSL::PKey::EC.new
ec.group = group
ec.generate_key #generate a key pair
priv = ec.private_key #this is a random number, a OpenSSL::BN
@emboss
emboss / gist:2902696
Created June 9, 2012 21:44
Save RSA public keys in the pre-1.9.3 PKCS#1 format
require 'openssl'
require 'base64'
rsa = OpenSSL::PKey::RSA.new(2048)
modulus = rsa.n
exponent = rsa.e
ary = [OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)]
pub_key = OpenSSL::ASN1::Sequence.new(ary)
base64 = Base64.encode64(pub_key.to_der)
@emboss
emboss / gist:2791400
Created May 26, 2012 00:25
Simple TLS server with client renegotiation disabled
require 'openssl'
require 'socket'
KEY = OpenSSL::PKey::RSA.new <<-_end_of_pem_
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDLwsSw1ECnPtT+PkOgHhcGA71nwC2/nL85VBGnRqDxOqjVh7Cx
aKPERYHsk4BPCkE3brtThPWc9kjHEQQ7uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/
Q3geLv8ZD9pihowKJDyMDiN6ArYUmZczvW4976MU3+l54E6lF/JfFEU5hwIDAQAB
AoGBAKSl/MQarye1yOysqX6P8fDFQt68VvtXkNmlSiKOGuzyho0M+UVSFcs6k1L0
maDE25AMZUiGzuWHyaU55d7RXDgeskDMakD1v6ZejYtxJkSXbETOTLDwUWTn618T