| For symmetic encryption, you can use the following: | |
| To encrypt: | |
| openssl aes-256-cbc -salt -a -e -in plaintext.txt -out encrypted.txt | |
| To decrypt: | |
| openssl aes-256-cbc -salt -a -d -in encrypted.txt -out plaintext.txt | |
| For Asymmetric encryption you must first generate your private key and extract the public key. |
大家都知道,互联网上充斥着大量的明文传输方式,可以说绝对是不安全地带。那么,我们如何保证在不安全的互联网中更可靠的传输重要数据呢?个人认为最好的方式之一就是使用 GPG 工具进行加密。此文只是简单介绍了 GPG 的常规用法,重在推广和普及 GPG 加密工具,详细的使用请参见 GPG 手册。
RSA / DSA / ElGamal : 是指加密算法
GPG :(全称 GnuPG ) 是一款非对称加密(PGP)的免费软件,非对称加密方式简单讲就是指用公钥加密文件,用私钥解密文件。如果你想给谁发送加密信息,首先你要得到他的公钥,然后通过该公钥加密后传给他,对方利用自已的私钥就可解密并读取文件了。
| lan_net = "192.168.0.0/24" | |
| int_if = "dc0" | |
| ext_if1 = "fxp0" | |
| ext_if2 = "fxp1" | |
| ext_gw1 = "68.146.224.1" | |
| ext_gw2 = "142.59.76.1" | |
| # nat outgoing connections on each internet interface | |
| match out on $ext_if1 from $lan_net nat-to ($ext_if1) | |
| match out on $ext_if2 from $lan_net nat-to ($ext_if2) |
You should never let passwords or private data be transmitted over an untrusted network (your neighbor’s, the one at Starbucks or the company) anyway, but on a hacker congress like the #30C3, this rule is almost vital.
Hackers get bored easily, and when they’re bored, they’re starting to look for things to play with. And a network with several thousand connected users is certainly an interesting thing to play with. Some of them might start intercepting the data on the network or do other nasty things with the packets that they can get.
If these packets are encrypted, messing with them is much harder (but not impossible! – see the end of this article). So you want your packets to be always encrypted. And the best way to do that is by using a VPN.
| sysctl kern.maxfiles | |
| #kern.maxfiles: 12288 | |
| sysctl kern.maxfilesperproc | |
| #kern.maxfilesperproc: 10240 | |
| sudo sysctl -w kern.maxfiles=1048600 | |
| #kern.maxfiles: 12288 -> 1048600 | |
| sudo sysctl -w kern.maxfilesperproc=1048576 | |
| #kern.maxfilesperproc: 10240 -> 1048576 | |
| sudo sysctl -w net.inet.tcp.rfc1323=1 |
| # Extending network buffers for UltraGrid on OSX | |
| # Edit: /etc/sysctl.conf | |
| # Extended network buffers for UltraGrid | |
| kern.ipc.maxsockbuf=33554432 | |
| net.inet.udp.recvspace=5944320 | |
| sudo nvram boot-args="ncl=131072" # for OS X 10.6 |
| vim: ft= hls et ai sr sts=4 sw=4 fdm=marker nowrap | |
| 0-1 [Installation] Create USB Installer {{{ | |
| Download Mavericks 10.9.1 from App Store, you'll get "/Applications/Install OS X Mavericks.app/" | |
| The file size of the tarball "Install OS X Mavericks.app.tar" is 5,312,274,432 bytes | |
| Create USB Installer METHOD #1 | |
| $ cd /Applications/Install\ OS\ X\ Mavericks.app/ | |
| $ sudo ./Contents/Resources/createinstallmedia \ |
| table <exclude_subnets> {200.152.40.0/24,127.0.0.0/8,10.0.0.0/8} | |
| table <allowed_subnets> {!200.152.40.0/24,!127.0.0.0/8,!10.0.0.0/8} | |
| table <include_subnets> { 0.0.0.0/0} | |
| rdr pass on lo0 proto tcp to <include_subnets> -> 127.0.0.1 port 12300 | |
| pass out route-to lo0 inet proto tcp to <include_subnets> keep state | |
| pass out route-to lo0 inet proto tcp to <exclude_subnets> keep state |
| #!/bin/bash | |
| # Bash script for setting or clearing touch requirements for | |
| # cryptographic operations the OpenPGP application on a YubiKey 4. | |
| # | |
| # Author: Alessio Di Mauro <[email protected]> | |
| GCA=$(which gpg-connect-agent) | |
| DO=0 | |
| UIF=0 |
