Skip to content

Instantly share code, notes, and snippets.

View emboss's full-sized avatar

Martin Bosslet emboss

160 followers · 18 following
  • Germany
View GitHub Profile
@emboss
emboss / gist:2069143
Created March 18, 2012 05:26
OpenSSL::X509::Certificate vs. Krypt::X509::Certificate
ruby 2.0.0dev (2012-02-11 trunk 34554) [x86_64-linux]
user system total real
OpenSSL::X509::Certificate parse(n=100000) 4.070000 0.160000 4.230000 ( 4.306612)
Krypt::X509::Certificate parse(n=100000) 0.320000 0.010000 0.330000 ( 0.325850)
rubinius 2.0.0dev (1.9.3 3e55abc8 yyyy-mm-dd JI) [x86_64-unknown-linux-gnu]
user system total real
OpenSSL::X509::Certificate parse(n=100000) 4.673289 0.062990 4.736279 ( 4.808672)
Krypt::X509::Certificate parse(n=100000) 0.502923 0.001000 0.503923 ( 0.509898)
@emboss
emboss / gist:2625014
Created May 6, 2012 23:39
TLS 1.1 & 1.2 test
OpenSSL:
./openssl s_client -connect google.com:443 -CAfile /etc/ssl/certs/ca-bundle.crt -tls1_2
CONNECTED(00000003)
139935467882144:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:
Ruby:
require 'socket'
require 'openssl'
@emboss
emboss / gist:2662872
Created May 11, 2012 22:38
Compute integer cubic root via Newton-Raphson
class Integer
#Newton-Raphson: cubic root of n is equivalent to finding x in x**3 - n = 0
#=> x_(k+1) = x_k - f(x_k) / f'(x_k)
#=> x_(k+1) = x_k - (x_k**3 - n) / (3 * x_k**2)
#=> x_(k+1) = (2*x_k**3 + n) / (3*x_k**2)
#=> x_(k+1) = 2*x_k/3 + n/(3*x_k**2)
#returns an integer cubic root and a boolean indicating whether the root is exact
def icbrt
iter = lambda { |x, n| 2 * x / 3 + n / (3 * x * x) }
x = self
@emboss
emboss / gist:2791400
Created May 26, 2012 00:25
Simple TLS server with client renegotiation disabled
require 'openssl'
require 'socket'
KEY = OpenSSL::PKey::RSA.new <<-_end_of_pem_
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDLwsSw1ECnPtT+PkOgHhcGA71nwC2/nL85VBGnRqDxOqjVh7Cx
aKPERYHsk4BPCkE3brtThPWc9kjHEQQ7uf9Y1rbCz0layNqHyywQEVLFmp1cpIt/
Q3geLv8ZD9pihowKJDyMDiN6ArYUmZczvW4976MU3+l54E6lF/JfFEU5hwIDAQAB
AoGBAKSl/MQarye1yOysqX6P8fDFQt68VvtXkNmlSiKOGuzyho0M+UVSFcs6k1L0
maDE25AMZUiGzuWHyaU55d7RXDgeskDMakD1v6ZejYtxJkSXbETOTLDwUWTn618T
@emboss
emboss / gist:2902696
Created June 9, 2012 21:44
Save RSA public keys in the pre-1.9.3 PKCS#1 format
require 'openssl'
require 'base64'
rsa = OpenSSL::PKey::RSA.new(2048)
modulus = rsa.n
exponent = rsa.e
ary = [OpenSSL::ASN1::Integer.new(modulus), OpenSSL::ASN1::Integer.new(exponent)]
pub_key = OpenSSL::ASN1::Sequence.new(ary)
base64 = Base64.encode64(pub_key.to_der)
@emboss
emboss / gist:3253173
Created August 4, 2012 00:58
Compute EC public key from private key and generator
require 'openssl'
group = OpenSSL::PKey::EC::Group.new('prime256v1')
generator = group.generator #the generator point
ec = OpenSSL::PKey::EC.new
ec.group = group
ec.generate_key #generate a key pair
priv = ec.private_key #this is a random number, a OpenSSL::BN
@emboss
emboss / secureinstall.md
Created September 4, 2012 18:46
Secure Installation or the notion of a "Trusted Path"

Secure installation of OpenSSL FIPS module.

While looking into the "FIPS mode" of OpenSSL recently, I found this. What puzzled me was the footnote about "secure installation", and the details from section 6.6 of the OpenSSL FIPS User Guide. To count as a valid installation that fulfills all of the requirements, users are required to verify the integrity of the OpenSSL FIPS sources with an independently acquired FIPS 140-2-validated cryptographic module. The programmer in us immediately shouts "Infinite recursion!" and what seems like an overly academical troll on behalf of the CMVP at first turns out to be a delicate issue, while not novel at all, but with far-reaching consequences for the status of any "validated" piece of software in general, or as the OpenSSL FIPS User Guide puts it:

>Note this last point is downright mind-boggling: it amounts to an assertion that essentially all installations of v

@emboss
emboss / TestPolicyFiles.java
Last active December 10, 2015 17:58
Test program to detect the need for "Unlimited Strength Policy Files"
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
public class TestPolicyFiles {
public static void main(String[] args) {
try {
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(256);
@emboss
emboss / gist:6694336
Created September 25, 2013 02:13
The new Krypt::Asn1 implementation written purely in Ruby: Parsing performance compared to OpenSSL::ASN1.
The new Krypt::Asn1 implementation, written entirely in Ruby
vs.
OpenSSL::ASN1/OpenSSL::X509, both written in native C/Java code.
$ ruby --version
ruby 2.1.0dev (2013-09-25 trunk 43039) [x86_64-linux]
$ ruby -Ilib tmp/bm_asn1_parse.rb
@emboss
emboss / JS crypto libraries
Created November 4, 2013 00:52
JavaScript crypto libraries
sjcl (http://crypto.stanford.edu/sjcl/)
crypto-js (https://code.google.com/p/crypto-js/)
jsCrypto (https://code.google.com/p/jscryptolib/)
triplesec (https://github.com/keybase/triplesec)
polycrypt (https://github.com/polycrypt)