openpgp4fpr:6B61ECD76088748C70590D55E90A401336C8AAA9
- Hardware decryption with user interaction
- Tools:
- Password Store
- https://www.passwordstore.org/
- Shared git repo
- Yubikey with PGP keychain for each engineer
- Defense:
- Prevent theft of secrets not currently being used
- Usage:
- Encrypt secrets to Yubikey PGP keys of all holders as individual files
This document seeks to outline a broad set of requirements for crypto-asset custodians based on lessons learned from historical failures to understand and remove attack surface.
It will also assume that not everyone has equal resources or equal risk and as such four incrementally harder security levels to that effect, depending on
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var assert = require("assert") | |
var pigLatinTrans = function(text){ | |
var pigText = text.replace(/[A-Za-z]+/gi,function(word){ | |
var letters = word.split('') | |
var firstLetter = letters.shift() | |
if (firstLetter.toUpperCase() == firstLetter){ | |
letters.push(firstLetter.toLowerCase()) | |
letters[0] = letters[0].toUpperCase() | |
letters.push(firstLetter) |
This path allows most devs to use the tools they are used to, but requires a second security-only review later
- Author submits changes for review
- Reviewer and author iterate on changes for style, quality, and functionality using any collaboration tool they wish
- Reviewer merges changes with signed merge commit
- Several cycles of steps 1-3 complete until it is time for a release
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
base64_url_encode(){ | |
data=${1?} | |
echo -n "${data}" \ | |
| openssl base64 -e -A \ | |
| sed 's/\+/-/g' \ | |
| sed 's/\//_/g' \ | |
| sed -E 's/=+$//' | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from celery.result import AsyncResult | |
from celery.execute import send_task | |
def get_results(queries): | |
result = send_task('task1',queries) | |
results = result.get() | |
#this does not return ids until _after_ all the tasks are complete, for some reason. | |
while results: | |
#pop first off queue, this will shorten the list and eventually break out of while | |
first_id = results.pop(0) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
use libc::{ | |
c_int, | |
}; | |
use std::{ | |
mem::{size_of, align_of}, | |
fs::{read_to_string}, | |
fmt, | |
io::Read, | |
fs::File, | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[package] | |
name = "ecdh_p256" | |
version = "1.0.0" | |
[dependencies] | |
p256={version = "0.11.1", features = ["ecdh"]} | |
hex="0.4.3" | |
aes-gcm="0.10.1" | |
rand_chacha="0.3.1" | |
rand="0.8.5" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define _GNU_SOURCE | |
#include <fcntl.h> | |
#include <getopt.h> | |
#include <signal.h> | |
#include <stdio.h> | |
#include <stdint.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include <sys/mount.h> | |
#include <sys/reboot.h> |