Skip to content

Instantly share code, notes, and snippets.

View jvehent's full-sized avatar

Julien Vehent jvehent

View GitHub Profile
$(subst go.mozilla.org/autograph/signer/autograph,
go.mozilla.org/autograph,
$(subst go.mozilla.org/autograph/signer/monitor,
go.mozilla.org/autograph/tools/autograph-monitor,
$(subst go.mozilla.org/autograph/signer/signer,
go.mozilla.org/autograph/signer,
$(subst go.mozilla.org/autograph/signer/formats,
go.mozilla.org/autograph/formats,
$(subst go.mozilla.org/autograph/signer/database,
go.mozilla.org/autograph/database,
@jvehent
jvehent / age demo.md
Created January 6, 2020 15:53
age-encryption.org demo

Download & install

$ wget https://github.com/FiloSottile/age/releases/download/v1.0.0-beta2/age-v1.0.0-beta2-linux-amd64.tar.gz
$ tar -xzvf age-v1.0.0-beta2-linux-amd64.tar.gz
$ sudo cp age/* /usr/local/bin/

Generate a keypair

$ age-keygen -o ~/.age/(date +%s)-(hostname).key
vendor:
govend -u --prune
#go get -u github.com/golang/dep/...
#dep ensure -update
rm -rf vendor/go.mozilla.org/autograph/ # don't vendor ourselves
git add vendor/
@jvehent
jvehent / makecsr.go
Created February 1, 2019 16:29
Small Go program that makes a CSR using a private key in cloudhsm
// This code requires a configuration file to initialize the crypto11
// library. Use the following config in a file named "crypto11.config"
// {
// "Path" : "/opt/cloudhsm/lib/libcloudhsm_pkcs11.so",
// "TokenLabel": "cavium",
// "Pin" : "$CRYPTO_USER:$PASSWORD"
// }
package main
import (

SoftHSM

$ go run testdupkeys.go
2019/01/14 09:07:36 starting routine 2
2019/01/14 09:07:36 starting routine 0
2019/01/14 09:07:36 starting routine 1
2019/01/14 09:08:00 routine 0 made ECDSA Key named "testdup1547474856": &{PKCS11PrivateKey:{PKCS11Object:{Handle:8 Slot:1623786617} PubKey:0xc000106600}} &{P:+39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319 N:+39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643 B:+27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575 Gx:+26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087 Gy:+8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871 BitSize:384 Name:P-384}
2019/01/14 09:08:00 routine 2 made ECDSA Key named "testdup1547474856": &{PKCS11PrivateK
2019/01/11 16:19:00 routine 2 make ECDSA Key named "testdup1547241500": &{PKCS11PrivateKey:{PKCS11Object:{Handle:8 Slot:1623786617} PubKey:0xc00011c600}}
&{P:+39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319
N:+39402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643
B:+27580193559959705877849011840389048093056905856361568521428707301988689241309860865136260764883745107765439761230575
Gx:+26247035095799689268623156744566981891852923491109213387815615900925518854738050089022388053975719786650872476732087
Gy:+8325710961489029985546751289520108179287853048861315594709205902480503199884419224438643760392947333078086511627871
BitSize:384 Name:P-384}
2019/01/11 16:19:00 routine 0 make ECDSA Key named "testdup1547241500": &{PKCS11PrivateKey:{PKCS11Object:{Handle:9 Slot:1623786617} PubKey:0xc00011c7a0}}
package main
import (
"bytes"
"crypto/elliptic"
"crypto/rand"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
observatory=> SELECT certificates.id,
observatory-> issuer->'o'->>0 AS Issuer,
observatory-> subject->>'cn' AS Subject,
observatory-> san AS SubjectAltName
observatory-> FROM certificates
observatory-> INNER JOIN trust ON (trust.cert_id=certificates.id),
observatory-> jsonb_array_elements_text(x509_subjectAltName) AS san
observatory-> WHERE jsonb_typeof(x509_subjectAltName) != 'null'
observatory-> AND ( subject#>>'{cn}' ~ '\.mozilla\.com'
observatory(> OR
diff --git a/signer/apk/apk.go b/signer/apk/apk.go
index 390cec28..adf499e2 100644
--- a/signer/apk/apk.go
+++ b/signer/apk/apk.go
@@ -176,7 +176,7 @@ func (s *APKSigner) signData(sigfile []byte, options interface{}) ([]byte, error
// broken on platforms with API Level < 19
err = toBeSigned.SignWithoutAttr(s.signingCert, s.signingKey, pkcs7.SignerInfoConfig{})
default:
- err = toBeSigned.AddSigner(s.signingCert, s.signingKey, pkcs7.SignerInfoConfig{})
+ err = toBeSigned.SignWithoutAttr(s.signingCert, s.signingKey, pkcs7.SignerInfoConfig{})
default-src 'none'; img-src 'self' www.google-analytics.com; script-src 'self' www.google-analytics.com www.googletagmanager.com; style-src 'self' maxcdn.bootstrapcdn.com js.recurly.com; font-src fonts.googleapis.com fonts.gstatic.com; object-src 'none'; report-uri /__cspreport__;