using:
golang custom credential provider which allows for arbitrary aws source credential usage (eg AWS_WEB_IDENTITY_TOKEN_FILE)
AwsSecurityCredentialsSupplier
salrashid123
salrashid123
/ awsgolang.md
Last active
June 24, 2024 15:52
[golang] using AWS_WEB_IDENTITY_TOKEN_FILE with google workload identity federation
salrashid123
/ workload_identity_aws.md
Last active
June 24, 2024 15:35
[python] using AWS_WEB_IDENTITY_TOKEN_FILE with google workload identity federation
using:
python custom credential provider which allows for arbitrary aws source credential usage (eg AWS_WEB_IDENTITY_TOKEN_FILE)
also see in golang here
salrashid123
/ keyfile.md
Last active
June 11, 2024 13:40
go-tpm-files save/load from persistent handle
-
crate prmiary
-
create key
-
evict primary to persistent handle
0x81000000 -
save key with go-tpm-keyfiles
-
load key using go-tpm-keyfile
module main
salrashid123
/ tpm2_createprimary_h2.md
Created
May 31, 2024 22:16
tpm2 primarykey for (eg TCG EK Credential Profile H-2 profile
Generate a primary using the specified format described in ASN.1 Specification for TPM 2.0 Key Files where the template h-2 is described in pg 43 TCG EK Credential Profile
the priamry is formatted for use with openssl
## create the primary
seal an external hmac key to a tpm with a PCR policy
export secret="change this password to a secret"
export plain="foo"
echo -n $secret > hmac.key
hexkey=$(xxd -p -c 256 < hmac.key)
echo $hexkey
echo -n $plain > data.in
openssl dgst -sha256 -mac hmac -macopt hexkey:$hexkey data.in
salrashid123
/ go-tpm-gokeyfile.md
Created
May 30, 2024 16:49
go-tpm-tools compatibility with go-tpm-keyfile and go-tpm
sample demonstrating cross-usage/compatiblity between
go-tpm go-tpm-keyfile go-tpm-tools
package main
EC permanent handle as parent:
https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html#section-3.1.8
// pg26: 7.5.1: https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf
// pg 43: B.4.5 Template H-2: ECC NIST P256 (Storage) https://trustedcomputinggroup.org/wp-content/uploads/TCG-EK-Credential-Profile-V-2.5-R2_published.pdf
salrashid123
/ iap_jwtaccesstoken.go
Last active
May 21, 2024 17:57
self-signed jwt access to google cloud iap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| self-signed jwt access to google cloud iap | |
| https://cloud.google.com/iap/docs/authentication-howto#authenticating_with_a_self-signed_jwt | |
| using google auth library | |
| and service account bound inside Trusted Platform Module | |
| */ | |
| package main |
salrashid123
/ duplicate_policyduplicationselect.md
Created
May 9, 2024 14:56
Prevent Chained duplication from TPM-A -> TPM-B -> TPM-C using tpm2_policyduplicationselect
This procedure will transfer an HMAC key created inside TPM-A to TPM-B but prevent TPM-B to transfer it to TPM-C.
Basically, and extension of As an end-to-end example, the following will transfer an RSA key generated on TPM-A to TPM-B but
using tpm2_policyduplicationselect tp prevent further duplication
Step 1 below will transfer a key from A->B, step 2 attempts B->C but is prevented duplication on B by policy
salrashid123
/ duplicate_policycommandcode.md
Created
May 9, 2024 14:40
Duplicate and Transfer an encoded key from TPM-A -> TPM-B -> TPM-C using tpm2_policycommandcode
This procedure will transfer an HMAC key created inside TPM-A to TPM-B and then to TPM-C using tpm2_policycommandcode
Basically, and extension of As an end-to-end example, the following will transfer an RSA key generated on TPM-A to TPM-B
To use this, you'll need three VMs.
NewerOlder