| -----BEGIN PGP SIGNED MESSAGE----- | |
| Hash: SHA256 | |
| # Hardware-backed Personal Keys | |
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4Y/rpKbKEQcBm0dCCHt90s6G945AtEtgG++EQ6v1+fgoQJkVTI2ajg8WDeXVFKxtuOO9QbW0LBHKOX650+9kjgRshF1Z/ystO0h2FSP8ic4PaP79W14qrszIS102vP168IxSLBsTA/X5yivwuLGbxzMEWA4IrAm1s2GRE0ZGWUmIhp7wps9cOhbVsfGXIMLcHAU6mXutfsVtzOjC6tS8NpitcmaMBAsJ2Hy8cyVDApm5vuNLUsPXtTwVNfxRX3d/O0xJ4YRFngTGKVUKb1acX7t0PyXUH0EA/xKy5yfTUoDXvGttz9UTEXsy07qKpVwOT566iDxpl3ie4J+hUaCtB openpgp:3640FDF505046F79 | |
| # Hardware-backed Work Keys | |
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJemMyZM7uY7rkJ65xWOW+z7mgU5E5MAtz+4MppZf7folk1UqI0Koe9V3bY+GxBgMjg1K9IFVfQSuG3qyFahwJU= [email protected] | |
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL/SP/JuW8oZqNRvY1tQYYvDbGy35lJkLu+dt8sRx36zQ7yLZOFfVmh7qIQTxeF0oMZmYTCHtO2z58DmQ6CSWio= [email protected] |
| # Creates a degenerate PKCS#7 certificate only in ruby (SCEP application/x-x509-ca-ra-cert) | |
| # Inspiration: https://github.com/AppBlade/TestHub/blob/master/app/controllers/scep_controller.rb#L92-L112 | |
| # | |
| # Tested Ruby 2.2.0 OSX 10.10, OpenSSL 1.0.1l | |
| require 'openssl' | |
| cert = OpenSSL::X509::Certificate.new File.read('some_cert.crt') | |
| # Fails ruby 2.2, OpenSSL 1.0.1l!! | |
| p7certs = OpenSSL::PKCS7.new |
Author: Robert Quattlebaum [email protected]
Date: 2015-08-03
This document describes a mechanism for achieving a significant improvement in the efficiency of merle signatures, allowing public keys that are 5% smaller and signatures that are 37% smaller.
See the actual github project here: https://github.com/arngll
Latest specification text: https://github.com/arngll/arngll-spec/blob/main/n6drc-arngll.md
This tutorial will walk you through the steps needed to get root SSH
access on an Engenius EAP600 dual-band WiFi access point. SSH doesn't
come enabled out of the box on these things, so if you want to SSH into the
device (which is running an old version of OpenWRT), keep reading.
This is what we did to setup a few dashboards at Improbable
Chrome on kiosk mode: http://raspberrypi.stackexchange.com/questions/40631/setting-up-a-kiosk-with-chromium
The API used for DTLS is mostly the same as for TLS, because of the mapping of generic functions to protocol specifc ones. Some additional functions are still necessary, because of the new BIO objects and the timer handling for handshake messages. The generic concept of the API is described in the following sections. Examples of applications using DTLS are available at [9].
DTLS の API は TLS とほぼ同じ。 BIO オブジェクトの生成とタイマのために追加でいくつか必要。
| https://rfc3161.ai.moda | |
| https://rfc3161.ai.moda/adobe | |
| https://rfc3161.ai.moda/microsoft | |
| https://rfc3161.ai.moda/apple | |
| https://rfc3161.ai.moda/any | |
| http://rfc3161.ai.moda | |
| http://timestamp.digicert.com | |
| http://timestamp.globalsign.com/tsa/r6advanced1 | |
| http://rfc3161timestamp.globalsign.com/advanced | |
| http://timestamp.sectigo.com |
Overall goal is to remove the requirement that hosts keep track of a packet counter across resets. This is a common source of implementation difficulty. When not implemented correctly, it can severely compromise the security of the network.
In the symmetric version of this scheme, there is a single secret
