$ wget https://github.com/FiloSottile/age/releases/download/v1.0.0-beta2/age-v1.0.0-beta2-linux-amd64.tar.gz
$ tar -xzvf age-v1.0.0-beta2-linux-amd64.tar.gz
$ sudo cp age/* /usr/local/bin/
$ age-keygen -o ~/.age/(date +%s)-(hostname).key
$(subst go.mozilla.org/autograph/signer/autograph, | |
go.mozilla.org/autograph, | |
$(subst go.mozilla.org/autograph/signer/monitor, | |
go.mozilla.org/autograph/tools/autograph-monitor, | |
$(subst go.mozilla.org/autograph/signer/signer, | |
go.mozilla.org/autograph/signer, | |
$(subst go.mozilla.org/autograph/signer/formats, | |
go.mozilla.org/autograph/formats, | |
$(subst go.mozilla.org/autograph/signer/database, | |
go.mozilla.org/autograph/database, |
vendor: | |
govend -u --prune | |
#go get -u github.com/golang/dep/... | |
#dep ensure -update | |
rm -rf vendor/go.mozilla.org/autograph/ # don't vendor ourselves | |
git add vendor/ |
// This code requires a configuration file to initialize the crypto11 | |
// library. Use the following config in a file named "crypto11.config" | |
// { | |
// "Path" : "/opt/cloudhsm/lib/libcloudhsm_pkcs11.so", | |
// "TokenLabel": "cavium", | |
// "Pin" : "$CRYPTO_USER:$PASSWORD" | |
// } | |
package main | |
import ( |
$ go run testdupkeys.go
2019/01/14 09:07:36 starting routine 2
2019/01/14 09:07:36 starting routine 0
2019/01/14 09:07:36 starting routine 1
2019/01/14 09:08:00 routine 0 made ECDSA Key named "testdup1547474856": &{PKCS11PrivateKey:{PKCS11Object:{Handle:8 Slot:1623786617} PubKey:0xc000106600}} &{P:+39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 N:+39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 B:+27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 Gx:+26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 Gy:+8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 BitSize:384 Name:P-384}
2019/01/14 09:08:00 routine 2 made ECDSA Key named "testdup1547474856": &{PKCS11PrivateK
2019/01/11 16:19:00 routine 2 make ECDSA Key named "testdup1547241500": &{PKCS11PrivateKey:{PKCS11Object:{Handle:8 Slot:1623786617} PubKey:0xc00011c600}} | |
&{P:+39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 | |
N:+39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 | |
B:+27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 | |
Gx:+26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 | |
Gy:+8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 | |
BitSize:384 Name:P-384} | |
2019/01/11 16:19:00 routine 0 make ECDSA Key named "testdup1547241500": &{PKCS11PrivateKey:{PKCS11Object:{Handle:9 Slot:1623786617} PubKey:0xc00011c7a0}} |
package main | |
import ( | |
"bytes" | |
"crypto/elliptic" | |
"crypto/rand" | |
"crypto/x509" | |
"crypto/x509/pkix" | |
"encoding/pem" | |
"fmt" |
observatory=> SELECT certificates.id, | |
observatory-> issuer->'o'->>0 AS Issuer, | |
observatory-> subject->>'cn' AS Subject, | |
observatory-> san AS SubjectAltName | |
observatory-> FROM certificates | |
observatory-> INNER JOIN trust ON (trust.cert_id=certificates.id), | |
observatory-> jsonb_array_elements_text(x509_subjectAltName) AS san | |
observatory-> WHERE jsonb_typeof(x509_subjectAltName) != 'null' | |
observatory-> AND ( subject#>>'{cn}' ~ '\.mozilla\.com' | |
observatory(> OR |
diff --git a/signer/apk/apk.go b/signer/apk/apk.go | |
index 390cec28..adf499e2 100644 | |
--- a/signer/apk/apk.go | |
+++ b/signer/apk/apk.go | |
@@ -176,7 +176,7 @@ func (s *APKSigner) signData(sigfile []byte, options interface{}) ([]byte, error | |
// broken on platforms with API Level < 19 | |
err = toBeSigned.SignWithoutAttr(s.signingCert, s.signingKey, pkcs7.SignerInfoConfig{}) | |
default: | |
- err = toBeSigned.AddSigner(s.signingCert, s.signingKey, pkcs7.SignerInfoConfig{}) | |
+ err = toBeSigned.SignWithoutAttr(s.signingCert, s.signingKey, pkcs7.SignerInfoConfig{}) |
default-src 'none'; img-src 'self' www.google-analytics.com; script-src 'self' www.google-analytics.com www.googletagmanager.com; style-src 'self' maxcdn.bootstrapcdn.com js.recurly.com; font-src fonts.googleapis.com fonts.gstatic.com; object-src 'none'; report-uri /__cspreport__; |