This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# recover RSA private key file using public key (n,e) and private exponent d | |
# python recover.py | openssl asn1parse -genconf - -out key.der | |
from math import gcd | |
# example Private-Key (512 bit, 2 primes) | |
modulus=0x00bacb716af4a701ea525c1fc45c7798598a966432a44a347d53054c691bd5a7c60fe717b5f55de46ea8afd1525a4b08b098b7eb0f51d58daf690ae85fcb9254b9 | |
publicExponent=0x10001 | |
privateExponent=0x217051f9679a8e09387d2d62a57af356f42c3ffba0d577d80788a74919a681c5f02b3e8422e79737fd9aff15046a91509788023aad60c39492ceddb301f0bcd1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# DEMO for hmac-secret - generate a static secret based on a FIDO credential and a salt | |
# Uses libfido2 tools: https://github.com/Yubico/libfido2 | |
HID="$(shell fido2-token -L | head -1 | cut -d: -f1-2)" | |
all: secret | |
cred.in: | |
# challenge: | |
cat /dev/urandom | head -c32 | base64 > cred.in |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# See https://gist.github.com/thelastlin/c45b96cf460919e39ab5807b6d20ac2a | |
set -e | |
# get source | |
if [[ ! -d openssh-portable ]] ; then | |
git clone https://github.com/openssh/openssh-portable.git | |
fi | |
cd openssh-portable |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# verify attestation information to cryptographically prove that a given key is hardware-backed. | |
# For instance: | |
# | |
# ./ssh-sk-attest.py --key id.pub --attestation attestation.bin --challenge challenge.bin --mds mds.jwt | |
# To generate an SSH pubkey, a challenge, and an attestation: | |
# openssl rand 128 > challenge.bin | |
# ssh-keygen -t ${KEYTYPE} -f ./id -N "" -O challenge=challenge.bin -O write-attestation=attestation.bin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# validate Yubico OTP | |
# To get your API key: | |
# https://upgrade.yubico.com/getapikey/ | |
from sys import exit, stderr | |
from argparse import ArgumentParser | |
from requests import get |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AAAAEXNzaC1zay1hdHRlc3QtdjAxAAAC3TCCAtkwggHBoAMCAQICCQDI54lFd4md | |
/DANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0Eg | |
U2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAw | |
MFowbzELMAkGA1UEBhMCU0UxEjAQBgNVBAoMCVl1YmljbyBBQjEiMCAGA1UECwwZ | |
QXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEoMCYGA1UEAwwfWXViaWNvIFUyRiBF | |
RSBTZXJpYWwgMTE2NjY2NTY3MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHKW | |
vRw3kwE/lp8mrPEzDdQvsLMcyuerIQl/Y7nSqNQMsKT5A1ITgvQ/r2l86jaYQVOe | |
CBwvwKQNyD9n+vjtrt2jgYEwfzATBgorBgEEAYLECg0BBAUEAwUEAzAiBgkrBgEE | |
AYLECgIEFTEuMy42LjEuNC4xLjQxNDgyLjEuNzATBgsrBgEEAYLlHAIBAQQEAwIF | |
IDAhBgsrBgEEAYLlHAEBBAQSBBDuiCh5chxJE5d1PfzOlwcqMAwGA1UdEwEB/wQC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# step 1 - generate a new key pair on a YubiKey | |
yubico-piv-tool -a generate -s 9c -A ECCP256 -o pub.pem | |
# step 2 - generate data to be signed | |
jo iss=issuer aud=audience > payload.json | |
jo alg=ES256 typ=JWT > header.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Run with a single argument: a /dev/hidrawX path. | |
# If you don't have udev setup to allow access to U2F tokens, you may need to | |
# chown the device to your user before running this script. | |
# If you don't know which hidraw to use, try removing and reinserting your | |
# token. Then the device with the most recent ctime is the one you want. | |
# | |
# Once running, press the token's button twice. The first press will trigger a | |
# registration, the second an authentication. | |
# | |
# Python3 version of https://www.imperialviolet.org/binary/ctap1.py |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# Show attributes for a YubiKey PIV attestation certificate | |
# | |
# Use ykman to generate a PIV attestation certificate for a slot (for instance 9a): | |
# ykman piv keys attest 9a attestation.pem | |
# | |
# To show the attributes in the generated attestation certificate: | |
# ykman script ./check_yubikey_attestation.py attestation.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# NOTE: | |
# requires cryptography (pip install cryptography) | |
from cryptography import x509 | |
from cryptography.hazmat.backends import default_backend | |
import sys | |
# NOTE: uses PEP 634: Structural Pattern Matching |
NewerOlder