Skip to content

Instantly share code, notes, and snippets.

View jvehent's full-sized avatar

Julien Vehent jvehent

305 followers · 0 following
View GitHub Profile
@jvehent
jvehent / hat-example.yaml
Last active October 17, 2018 20:59
profiles:
#
# this section manages developer accounts
#
- alias: cloudservices-developer
people in: ((mozilla-ldap group cloudservices-developer) or (mozilla-ldap group svcops)) and (mozilla-slack channel engops)
manage into:
- environment: cloudservices-aws-dev
give them:
- account
@jvehent
jvehent / security checklist.md
Created October 11, 2018 18:27

Risk Management

  • The service must have performed a Rapid Risk Assessment and have a Risk Record bug
  • The service must be registered via a New Service issue

Infrastructure

  • Access and application logs must be archived for a minimum of 90 days
  • Use Modern or Intermediate TLS
@jvehent
jvehent / gist:5e3fbb6081143ab62a4459f7e2628f0b
Created September 17, 2018 17:56
-----BEGIN CERTIFICATE-----
MIIHXDCCBUSgAwIBAgITMwAAABJUrpYK5/U8CAAAAAAAEjANBgkqhkiG9w0BAQsF
ADB9MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH
UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMScwJQYDVQQD
Ex5NaWNyb3NvZnQgVExTIEVWIElzc3VpbmcgQ0EgMDEwHhcNMTgwNjI2MjE0NzI0
WhcNMTkwNjIxMjE0NzI0WjCB5TEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRp
b24xEzARBgsrBgEEAYI3PAIBAwwCVVMxGzAZBgsrBgEEAYI3PAIBAgwKV2FzaGlu
Z3RvbjESMBAGA1UEBRMJNjAwNDEzNDg1MRowGAYDVQQJDBFPbmUgTWljcm9zb2Z0
IFdheTEOMAwGA1UEEQwFOTgwNTIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNo
aW5ndG9uMRAwDgYDVQQHDAdSZWRtb25kMR4wHAYDVQQKDBVNaWNyb3NvZnQgQ29y
@jvehent
jvehent / gist:bfc3a3c06f6e117ebcda1b0e7b7b67f0
Created September 17, 2018 17:50
olololol=jolololololololol=jol=jololololol=jololol=jolol=jolololololololololololol=jololololol=jolololol=j=jyol=jolj=yol=joly=ololol=jololol=jj=yol=olol=j=jolj=yj=olol=jolol=jyolol=jyol=jyol=jyol=j=jyoljy=ol=jyj=yol=jol=jy=jyoljy=o
@jvehent
jvehent / recurly.js
Created September 13, 2018 19:01
/**
* @license
array-unique <https://github.com/jonschlinkert/array-unique>
Copyright (c) 2014-2015, Jon Schlinkert.
Licensed under the MIT License.
Bowser - a browser detector
https://github.com/ded/bowser
MIT License | (c) Dustin Diaz 2015
*/
@jvehent
jvehent / pgpsig.json
Created September 11, 2018 13:11
[
{
"ref": "1jzsalnz7cq2e3ijx308f66iyd",
"type": "pgp",
"mode": "",
"signer_id": "randompgp",
"public_key": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nxsBNBFuW9xABCACzCLYHwgGba7hi+lwhD/Hr5qqpg+UuN+88NclYgLWyl1nPpx2D\nJvH6p7ASj2P9BzEp0XatXLO4/uPQY2UX9UpWLT5wDGOdX4QCvZvFk4whcXHtcamr\nIQFTUjxRSIqvrq4t1h/4z635ztN0C6h5fWCxrCsoPJNQwEG/ZSDNXfwrJbsTIgus\nX037WXAzCYKzDZg9dGcUon4F2DHGGGqjOqLsyaGvOvOPddhorESuAJRe6Tl9ijzT\nNGc1uXIVEjEa5v9L4DJDqXYJqG35e0UuLkg0Wz4V9RVW/QP5DgnJAMQ8DUkXNHpa\neD1H9Zg/EBt3/85BGCR7u7J6MYvhuVnLIXQ1ABEBAAHNK01vemlsbGEgQXV0b2dy\nYXBoIERldiA8bm9yZXBseUBleGFtcGxlLm5ldD7CwJQEEwEIAD4WIQSikQ5PvqB2\nAJvN5TbdCl2ZqqsfGgUCW5b3EAIbAwUJA8JnAAULCQgHAwUVCgkICwUWAgMBAAIe\nAQIXgAAKCRDdCl2ZqqsfGqBWB/9oAUHcQjn+OMnaCQHgFFI14b7C3SbYMvKasB7S\n75oH077GPBUA7LtI9ghGN4O+nlGAu7KOLmZm5GRHZBLKcvYBUD0LdybGzSuEKGgz\nK3ufNeZ5uLZ4JxIw8LCns62mfffdCq7A+B4UBzI7Kk19VnqsrbRtiLKdHH+KSZ/k\n2/+Ji/25Phj+sjTi8v7eZkT/vaX7knb/PKYA96cVcsyL4qn+eBiQ4CRHVZ9PGxhX\nw0bxl9MZ0t90+ulYynktLics5O8SoxangWdkIdfdKWIldYNjClJkmCJM2NGqO
@jvehent
jvehent / gist:786b60a91cde71df1ea12ba65fe36760
Created September 11, 2018 12:45
$ go run client.go -k randompgp -d Y2FyaWJvdW1hdXJpY2UK -o /tmp/pgpsig.asc
2018/09/11 08:45:20 signing data "Y2FyaWJvdW1hdXJpY2UK"
2018/09/11 08:45:20 signature 0 from signer "randompgp" passes
2018/09/11 08:45:20 response written to /tmp/pgpsig.asc
ulfr@gator4[12:45UTC]:autograph-client[pgpX]$ cat /tmp/pgpsig.asc
-----BEGIN PGP SIGNATURE-----
wsBcBAABCAAQBQJbl7jgCRDdCl2ZqqsfGgAAJ9sIAGznXKeOCnxPZoTSveUXfDqu
bGSxe743dnON3bq9KLvNjX6th8s5Ub4fXkie8LgPy8MGPY7+PUW52Eo65O7+5iWn
@jvehent
jvehent / gist:af97f570939e41362bda05874a2716f0
Created September 10, 2018 17:52
$ LD_LIBRARY_PATH=lib/ ./signmar -T /tmp/partial1-signed.mar
Signature block found with 1 signature
1 additional block found:
- Product Information Block:
- MAR channel name: firefox-mozilla-central
- Product version: 58.0a1
SIZE MODE NAME
164 0644 application.ini.patch
960 0644 libnssdbm3.chk
@jvehent
jvehent / sigverify.md
Created August 30, 2018 18:55

export pubkey from certificate

openssl x509 -inform DER -in dep2.der -pubkey -noout > nss_pub.pem

sign with hsm

openssl dgst -engine cloudhsm -sha256 -sign dep2_private_hsm.pem -out test.sig test.plain

verify with public key without hsm

@jvehent
jvehent / gist:d15b008373bfce17b2ed7a07bf251158
Created August 30, 2018 18:30
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMLfI7WnpteoFyIz9YVg6LaRn72uDrdltp6WcSi7xfF/PzkAAiXMKgi7RN3ohOvNE0yaArfDMsEQ8qD1q6Wm2uIDFKwi4RIFVAKWablJReefSuZTZ6v70hq/AlDyAUK8anExEbPR0kr6UeZwLibMUYg/KgeWiNeNPhBCFhlbWG7ADRltta1h575XkirO5SlIHBqAfs3bX7XyGiKgf3O7PwuD0bboQq48QIySLT+3HIUPJiAqWBliROHUdCqWTpWzjhayQwisa6ScnoJ5X/VVMx4RRT78QhtohAsxQ4+sOgcxcMXHLqfJ5w7gXnF6fM617eNsdj/ypST21j2vO03rbiVG4rTuvcjArEKbqyp0xAme7i6gim+1S9COiCvl8b3zbG8YoOqpNJ5tFN718eszCUVJ7xA5k/vfQsJQftGqRmr6T1XfNZhyUXUhEBU38X7fUkFNAFaIDGTFlPuKCMVzCRWpw+0NAyeQ4LLehqmMsFnNXjDdUynKVydlI1GnjmpXEwA2rCvZXdie0P3hy3k+cVQlY2BLuVNFmc3IqxSc+zO0yUIL3kKR1DfmUGF4lgu/HsppnQFoXInr0YteuZMjdMmCRa3aF89/c4tfeP39YEoF5Z5Hjj/zaBC/oh9k9eQfNe//ZwPeMrTLIkHKxNuTwhFOIMWIg/GKcO2Pc1/XhEvw== ulfr@gator4