Skip to content

Instantly share code, notes, and snippets.

View lumjjb's full-sized avatar

Brandon Lum lumjjb

83 followers · 13 following
  • Google
  • NY
View GitHub Profile
@lumjjb
lumjjb / diff for policy registrations SPIRE API
Last active July 9, 2021 18:34
diff --git a/pkg/server/endpoints/config.go b/pkg/server/endpoints/config.go
index 1263d1c3..dfab306f 100644
--- a/pkg/server/endpoints/config.go
+++ b/pkg/server/endpoints/config.go
@@ -74,12 +74,11 @@ type Config struct {
func (c *Config) makeOldAPIServers() OldAPIServers {
registrationHandler := &registration.Handler{
- Log: c.Log.WithField(telemetry.SubsystemName, telemetry.RegistrationAPI),
- Metrics: c.Metrics,
@lumjjb
lumjjb / simple_crypt.go
Created December 11, 2020 00:19
package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"encoding/json"
"fmt"
"github.com/containers/ocicrypt/keywrap/keyprovider"
"io"
@lumjjb
lumjjb / sample-integration-demo
Last active February 18, 2020 20:45
Sample integration demo with skopeo with custom secl protocol
vagrant@ubuntu-bionic:~/go/src/github.com/containers/skopeo$ git status
On branch sample_integration
Your branch is up to date with 'lumjjb/sample_integration'.
nothing to commit, working tree clean
vagrant@ubuntu-bionic:~/go/src/github.com/containers/skopeo$ make binary-local
GO111MODULE=on go build -mod=vendor "-buildmode=pie" -ldflags "-X main.gitCommit=dd22ad346a34ad6fc8b0cb6a1a22d2e02a01d0a0" -gcflags "" -tags " " -o skopeo ./cmd/skopeo
@lumjjb
lumjjb / keywrapper_secl.go
Created February 7, 2020 19:46
package main
import (
"crypto/ecdsa"
"encoding/json"
"fmt"
"os"
"github.com/containers/ocicrypt/config"
"github.com/containers/ocicrypt/keywrap"
@lumjjb
lumjjb / Interfaces_example.go
Last active February 7, 2020 19:15
// GetPrivateKeyFromBroker will obtain the Wrapped(privatekey) at keyUrl via the
// workload service at wlsUrl, authenticated with wlsCertificate.
//
// It will then communicate with the local TPM to unwrap the private key.
func GetPrivateKeyFromBroker(wlsUrl string, wlsCertificate []byte, keyUrl string) (privateKey []byte, err error) {
privateKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAnYarY9vO4oiCgMqIWNStjUdg+1x0NKKxVBLXhkUsY6JiTSUl
j8I3NThHIpML2A9T0GNSCXFpWob3ORxd0LlPrqSNhXl0PrJlJoT4f1ExV44Rjzww
IeqvK3d/KktCQlSbvo4111I4TRHMG1ywtz38NxE2ID/yyoH5rlUZtKY4pOBV+ktP
1V3hCfwPJJAyf/xuGgzpijUCjJYVtmsmGshxbo3JwGKTAXHD7CmCRXv3eqjHVqPV
@lumjjb
lumjjb / Test-Key-Wrapper-ocicrypt
Created February 7, 2020 05:09
package main
import (
"fmt"
"github.com/containers/ocicrypt/config"
"github.com/containers/ocicrypt/keywrap"
"github.com/google/uuid"
"github.com/pkg/errors"
"io/ioutil"
"os"
@lumjjb
lumjjb / SkoepeoEncryption.md
Last active November 30, 2023 20:51
Skopeo example usage with encrypted image and functional exploration

Bunch of manual tests

Basic pull image and set up local registry

$ ./skopeo copy docker://docker.io/library/nginx:latest oci:nginx_local
Getting image source signatures
Copying blob 000eee12ec04 done
Copying blob eb22865337de done
Copying blob bee5d581ef8b done
Copying config 5eb6083c55 done
@lumjjb
lumjjb / containerd-enc-notes
Last active September 25, 2019 22:56
Run containerd with encryption support
# Preparing the build
1. Build the encryption `imgcrypt` decoder and `ctr` helpers. Because the current branch is designed for `containerd/imgcrypt`, but is a fork, it can be built by:
```
cd $GOPATH/containerd/
git clone git@github.com:stefanberger/imgcrypt.git
cd imgcrypt
make
```
@lumjjb
lumjjb / pound.py
Created April 17, 2016 21:27
import sys
import ctypes
from pwn import *
import struct
def u(s):
return struct.unpack("<i", s)[0]
r = remote('pound.pwning.xxx', 9765, ssl=False)