For excessively paranoid client authentication.
Updated Apr 5 2019:
because this is a gist from 2011 that people stumble into and maybe you should AES instead of 3DES in the year of our lord 2019.
some other notes:
#!/bin/bash | |
# needs openssl 1.1+ | |
# needs `basez` https://manpages.debian.org/testing/basez/base32hex.1.en.html | |
# (but something else that decodes the base64 and re-encodes the raw key bytes | |
# to base32 is probably fine too) | |
##### generate a key | |
openssl genpkey -algorithm x25519 -out /tmp/k1.prv.pem |
Copyright 2011 Mike Tigas. All rights reserved. | |
Redistribution and use in source and binary forms, with or without modification, are | |
permitted provided that the following conditions are met: | |
1. Redistributions of source code must retain the above copyright notice, this list of | |
conditions and the following disclaimer. | |
2. Redistributions in binary form must reproduce the above copyright notice, this list | |
of conditions and the following disclaimer in the documentation and/or other materials |
export DATE=`date +"%Y%m"`
export SITENAME="mike_tig_as"
export KEYNAME="$DATE-$SITENAME"
# Generate private key, make it have no password.
# change to 2048 if you want compatibility with CDNs / aws cloudfront / load balancers, etc
openssl genrsa -aes256 -passout pass:xxxx -out "${KEYNAME}.pass.key" 4096
openssl rsa -passin pass:xxxx -in ${KEYNAME}.pass.key -out ${KEYNAME}.key
# This configuration file is provided on an "as is" basis, | |
# with no warranties or representations, and any use of it | |
# is at the user's own risk. | |
# | |
# You will need to edit domain name information, IP addresses for | |
# redirection (at the bottom), SSL certificate and key paths, and | |
# the "Public-Key-Pins" header. Search for any instance of "TODO". | |
user www-data; | |
worker_processes 4; |
#!/bin/bash | |
# | |
# sniff.sh | |
# A simple script that allows your Mac to perform packet sniffing on | |
# unencrypted WiFi networks. | |
# ---------- | |
# Usage: | |
# ./sniff.sh (keyword) | |
# | |
# `keyword` is optional and is simply appended to the resulting |
This gist contains the nginx and tor configurations for the [mike.tig.as][mta] servers, mainly to show:
chris-lea/nginx-devel
PPA to allow use of SPDY.ssl_ciphers
selection to mitigate BEAST attack, enable
[perfect forward secrecy][pfs] if possible and select the strongest
possible ciphers within those bounds. (Exception is made for several
ciphers at the end of list, for compatibility reasons.)#!/usr/bin/env bash | |
set -e | |
set -x | |
brew install signal-cli || brew upgrade signal-cli | |
SIGNAL_LIBEXEC_LIBDIR="`brew --prefix signal-cli`/libexec/lib" | |
# zkgroup-java*.jar --- remove the linux x86_64 bundled lib |