Lance R. Vick lrvick

## openpgp.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                lrvick
                / openpgp.md
            
            
              Created
              March 24, 2023 01:12
            
          
    openpgp4fpr:6B61ECD76088748C70590D55E90A401336C8AAA9

  
## secrets.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              1 star
            
          
                lrvick
                / secrets.md
            
            
              Created
              August 18, 2022 21:22
            
              
                Secret Management
              
          
Hardware decryption with user interaction


Tools:

Password Store
https://www.passwordstore.org/
Shared git repo
Yubikey with PGP keychain for each engineer


Defense:

Prevent theft of secrets not currently being used


Usage:
Encrypt secrets to Yubikey PGP keys of all holders as individual files


## secure_crypto_asset_custody.md

      
              1 file
            
          
              3 forks
            
          
              4 comments
            
          
              6 stars
            
          
                lrvick
                / secure_crypto_asset_custody.md
            
            
              Last active
              January 27, 2023 04:23
            
              
                Secure Crypto Asset Custody Requirements
              
          
    Secure Crypto-Asset Custody

Summary

This document seeks to outline a broad set of requirements for crypto-asset
custodians based on lessons learned from historical failures to understand and
remove attack surface.
It will also assume that not everyone has equal resources or equal risk and
as such four incrementally harder security levels to that effect, depending on

  
## pig.js
var assert = require("assert")

var pigLatinTrans = function(text){
    var pigText = text.replace(/[A-Za-z]+/gi,function(word){
        var letters = word.split('')
        var firstLetter = letters.shift()
        if (firstLetter.toUpperCase() == firstLetter){
            letters.push(firstLetter.toLowerCase())
            letters[0] = letters[0].toUpperCase()
            letters.push(firstLetter)

## signed-git-workflows.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                lrvick
                / signed-git-workflows.md
            
            
              Last active
              January 9, 2023 23:33
            
              
                Multi-party signed git workflows
              
          
    Multi-party Signed Git workflows

Path 1

This path allows most devs to use the tools they are used to, but requires a second security-only review later

Author submits changes for review
Reviewer and author iterate on changes for style, quality, and functionality using any collaboration tool they wish
Reviewer merges changes with signed merge commit
Several cycles of steps 1-3 complete until it is time for a release


## test-postgrest.sh
#!/bin/bash

base64_url_encode(){
	data=${1?}
	echo -n "${data}" \
	| openssl base64 -e -A \
	| sed 's/\+/-/g' \
	| sed 's/\//_/g' \
	| sed -E 's/=+$//'
}

## get_results.py
from celery.result import AsyncResult
from celery.execute import send_task

def get_results(queries):
    result = send_task('task1',queries)
    results = result.get()
    #this does not return ids until _after_ all the tasks are complete, for some reason.
    while results:
        #pop first off queue, this will shorten the list and eventually break out of while
        first_id = results.pop(0)

## rand.rs
use libc::{
    c_int,
};
use std::{
    mem::{size_of, align_of},
    fs::{read_to_string},
    fmt,
    io::Read,
    fs::File,
};

## Cargo.toml
[package]
name = "ecdh_p256"
version = "1.0.0"

[dependencies]
p256={version = "0.11.1", features = ["ecdh"]}
hex="0.4.3"
aes-gcm="0.10.1"
rand_chacha="0.3.1"
rand="0.8.5"

## init.c
#define _GNU_SOURCE
#include <fcntl.h>
#include <getopt.h>
#include <signal.h>
#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mount.h>
#include <sys/reboot.h>
	var assert = require("assert")

	var pigLatinTrans = function(text){
	var pigText = text.replace(/[A-Za-z]+/gi,function(word){
	var letters = word.split('')
	var firstLetter = letters.shift()
	if (firstLetter.toUpperCase() == firstLetter){
	letters.push(firstLetter.toLowerCase())
	letters[0] = letters[0].toUpperCase()
	letters.push(firstLetter)
	#!/bin/bash

	base64_url_encode(){
	data=${1?}
	echo -n "${data}" \
	\| openssl base64 -e -A \
	\| sed 's/\+/-/g' \
	\| sed 's/\//_/g' \
	\| sed -E 's/=+$//'
	}
	from celery.result import AsyncResult
	from celery.execute import send_task

	def get_results(queries):
	result = send_task('task1',queries)
	results = result.get()
	#this does not return ids until _after_ all the tasks are complete, for some reason.
	while results:
	#pop first off queue, this will shorten the list and eventually break out of while
	first_id = results.pop(0)
	use libc::{
	c_int,
	};
	use std::{
	mem::{size_of, align_of},
	fs::{read_to_string},
	fmt,
	io::Read,
	fs::File,
	};
	[package]
	name = "ecdh_p256"
	version = "1.0.0"

	[dependencies]
	p256={version = "0.11.1", features = ["ecdh"]}
	hex="0.4.3"
	aes-gcm="0.10.1"
	rand_chacha="0.3.1"
	rand="0.8.5"
	#define _GNU_SOURCE
	#include <fcntl.h>
	#include <getopt.h>
	#include <signal.h>
	#include <stdio.h>
	#include <stdint.h>
	#include <stdlib.h>
	#include <string.h>
	#include <sys/mount.h>
	#include <sys/reboot.h>