Fedora, device encryption using dm-crypt/LUKS

According to the fedora documentation:

«Block device encryption encrypts/decrypts the data transparently as it is written/read from block devices, the underlying block device sees only encrypted data.

To mount encrypted block devices the sysadmin (or user, depending on context) must provide a passphrase to activate the decryption key.

Encryption provides additional security beyond existing OS security mechanisms in that it protects the device’s contents even if it has been physically removed from the system. Some systems require the encryption key to be the same as for decryption, and other systems require a specific key for encryption and specific second key for enabling decryption.«

What LUKS means?

LUKS (Linux Unified Key Setup) is a specification for block device encryption. It establishes an on-disk format for the data, as well as a passphrase/key management policy.

So, In this entry I’m going to show how I enabled for one partition my disk.

Seguir leyendo →

OpenSSL, create a certificate signing request and sign by a custom Certified Authority

In this entry I’m going to show how to create a certificate signing request (CSR) to be signed by my own Certificate Authority (CA) using OpenSSL, please, note this is different than a self-signed certificate. Use this procedure when you have to get a certificate verified by a CA (custom or online).

1. Create the CA private and public key, complete the required data:

$ openssl genrsa -out rootCA.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
...................+++++
................+++++
e is 65537 (0x010001)
client2.crt: OK

$ openssl req -new -x509 -days 9999 -key rootCA.key -out rootCA.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:MX
State or Province Name (full name) [Some-State]:Mexico
Locality Name (eg, city) []:CDMX
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Orbital Zero
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:orbitalzero.com
Email Address []:jaehoo@gmail.com

Seguir leyendo →

Alternatives to KeyPass

How do you save your sensitive data? like a users, passwords, website links and other sensitive information (no docs), I used to store my credentials in a excel file but I changed it after my identity was stolen.

I’ve never think that gonna happen to me but and I’m still trying to resolve some legal problems after that incident.

Now I’m using software to keep my info «safe» (note the quotes), because the people like me, that works on IT,  we know there are a lot of nasty tricks to exploit vulnerabilities to get sensitive information, and ever exists a way to do this.

Then keeping in mind this risks, I was testing security tools like OnePass, LastPass and DashLane, but some of them are limited in features in their free versions, like the number of credentials that you can store or sync service in cloud, etc. And I can’t pay that service.

My option was the open source alternatives like KeyPass, but I have to use windows, macOS and Linux systems, and I want to recommend this tools with compatibility: Seguir leyendo →

SAP PI AES encryption in Message Mapping

I developed a simple UDF (User Defined Function) in Java to crypt  and decrypt some text data in my message mapping, first into section ‘Attributes and Methods‘ I setted static constants for AES and I used a method to «normalize» the string text for crypt and decrypt with the method fixedLengthString.

I don’t know why but if I didn’t this the decryption does not work, the method only get the first 16 characters and apply a String format.

This is the code: Seguir leyendo →