openssl x509 -inform DER -in dep2.der -pubkey -noout > nss_pub.pem
openssl dgst -engine cloudhsm -sha256 -sign dep2_private_hsm.pem -out test.sig test.plain
Julien Vehent jvehent
jvehent
/ sigverify.md
Created
August 30, 2018 18:55
jvehent
/ gist:d15b008373bfce17b2ed7a07bf251158
Created
August 30, 2018 18:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMLfI7WnpteoFyIz9YVg6LaRn72uDrdltp6WcSi7xfF/PzkAAiXMKgi7RN3ohOvNE0yaArfDMsEQ8qD1q6Wm2uIDFKwi4RIFVAKWablJReefSuZTZ6v70hq/AlDyAUK8anExEbPR0kr6UeZwLibMUYg/KgeWiNeNPhBCFhlbWG7ADRltta1h575XkirO5SlIHBqAfs3bX7XyGiKgf3O7PwuD0bboQq48QIySLT+3HIUPJiAqWBliROHUdCqWTpWzjhayQwisa6ScnoJ5X/VVMx4RRT78QhtohAsxQ4+sOgcxcMXHLqfJ5w7gXnF6fM617eNsdj/ypST21j2vO03rbiVG4rTuvcjArEKbqyp0xAme7i6gim+1S9COiCvl8b3zbG8YoOqpNJ5tFN718eszCUVJ7xA5k/vfQsJQftGqRmr6T1XfNZhyUXUhEBU38X7fUkFNAFaIDGTFlPuKCMVzCRWpw+0NAyeQ4LLehqmMsFnNXjDdUynKVydlI1GnjmpXEwA2rCvZXdie0P3hy3k+cVQlY2BLuVNFmc3IqxSc+zO0yUIL3kKR1DfmUGF4lgu/HsppnQFoXInr0YteuZMjdMmCRa3aF89/c4tfeP39YEoF5Z5Hjj/zaBC/oh9k9eQfNe//ZwPeMrTLIkHKxNuTwhFOIMWIg/GKcO2Pc1/XhEvw== ulfr@gator4 |
jvehent
/ SigningMARHashes.md
Last active
August 29, 2018 12:26
autograph-mar.yaml
server:
listen: "0.0.0.0:8000"
noncecachesize: 524288
signers:
- id: testmar
type: mar
privatekey: |
jvehent
/ gist:e77724620031bd0a233f24f8b45b1c7b
Created
August 28, 2018 17:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| firefox-10.0esr-10.0.1esr.partial.mar | |
| null | |
| firefox-1.5rc2-1.5.partial.mar | |
| null | |
| firefox-2.0.0.1.complete.mar | |
| null | |
| firefox-2.0-2.0.0.1.partial.mar |
jvehent
/ gist:4c193bc53a7fd9de35065ca503dd74f0
Created
July 6, 2018 21:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ curl -s http://localhost:8080/__heartbeat__|jq | |
| { | |
| "status": false, | |
| "checks": { | |
| "check_autograph_heartbeat": false | |
| }, | |
| "details": "failed to request autograph heartbeat from http://localhost:8000/__heartbeat__: Get http://localhost:8000/__heartbeat__: dial tcp [::1]:8000: connect: connection refused" | |
| } |
jvehent
/ extract_apk_cert_sha256.sh
Last active
June 27, 2018 19:36
Extract the SHA256 fingerprint of an APK signing cert. Run with $ ./extract_apk_cert_sha256.sh <something.apk>
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -e | |
| [ ! -r "$1" ] && echo "usage: $0 <apk>" && exit 1 | |
| tmpdir="$(mktemp -d)" | |
| tmpcrt="$(mktemp)" | |
| # unzip the apk into a temporary directory | |
| unzip -qq "$1" -d "$tmpdir" | |
| # extract the public cert from the pkcs7 detached signature |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bytes" | |
| "encoding/json" | |
| "fmt" | |
| "io/ioutil" | |
| "log" | |
| "net/http" | |
| "strings" |
jvehent
/ gist:e6e6ddd986a77239cd31233e1d2d274a
Created
June 22, 2018 20:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| go.mozilla.org/autograph | |
| ├ context | |
| ├ crypto/rand | |
| ├ crypto/sha256 | |
| ├ encoding/base64 | |
| ├ encoding/json | |
| ├ flag | |
| ├ fmt | |
| ├ io/ioutil | |
| ├ math/big |
jvehent
/ signmar strace
Last active
June 19, 2018 12:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ LD_LIBRARY_PATH=tools/signmar-sha384/lib/ strace tools/signmar-sha384/bin/signmar \ | |
| -d . \ | |
| -n testmar \ | |
| -v /tmp/resigned.mar | |
| execve("tools/signmar-sha384/bin/signmar", ["tools/signmar-sha384/bin/signmar", "-d", ".", "-n", "testmar", "-v", "/tmp/resigned.mar"], 0x7fff51914f90 /* 62 vars */) = 0 | |
| brk(NULL) = 0xc64000 | |
| access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) | |
| openat(AT_FDCWD, "tools/signmar-sha384/lib/tls/haswell/x86_64/libpthread.so.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) |
jvehent
/ autograph.testmar.yaml
Created
June 14, 2018 16:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server: | |
| listen: "0.0.0.0:8000" | |
| # cache 500k nonces to protect from authorization replay attacks | |
| noncecachesize: 524288 | |
| # The keys below are testing keys that do not grant any power | |
| signers: | |
| - id: testmar | |
| type: mar | |
| privatekey: | |