Skip to content

Instantly share code, notes, and snippets.

View maraino's full-sized avatar

Mariano Cano maraino

54 followers · 24 following
View GitHub Profile
@maraino
maraino / token.bash
Created January 13, 2023 20:41
JWT tokens with an HSM
#!/bin/bash
set -e
KMS="pkcs11:module-path=/usr/local/lib/softhsm/libsofthsm2.so;token=smallstep?pin-value=password"
KEY="pkcs11:id=2001"
ALG="ES256"
KID=$(step kms key --kms "${KMS}" "${KEY}" | step crypto key format --jwk | step crypto jwk thumbprint)
AUD="https://ca.smallstep.com:9000/1.0/sign"
@maraino
maraino / pipe.go
Created January 24, 2022 21:15
Pipe example in Go
package main
import (
"fmt"
"log"
"os"
"os/exec"
"os/signal"
"syscall"
"time"
@maraino
maraino / list.sh
Last active October 17, 2024 16:17
Create CRL index.txt
#!/bin/sh
set -e
# prepare copy directory
mkdir -p /crl/db/
# clean leftovers
rm -f /crl/db/*
# make a copy of badger db
@maraino
maraino / emojisum.go
Created November 5, 2021 00:16
Emojisum with cute emojis
package main
import (
"crypto/sha256"
"fmt"
"io"
"log"
"os"
)
@maraino
maraino / renew-after-expiry-v0.md
Last active August 11, 2021 21:04

Renew after expiry

This document describes the process to allow step-ca to renew a certificate after it has expired.

How renewals work

The classic way to renew a certificate on step-ca is to do an empty POST to the /renew endpoint using a valid client certificate. The request will go

@maraino
maraino / agent.go
Created November 4, 2020 01:42
package sshkms
import (
"bytes"
"context"
"crypto"
"io"
"net"
"os"
@maraino
maraino / ca-chain.txt
Last active November 2, 2020 22:35
$ step version
Smallstep CLI/0.15.3 (darwin/amd64)
Release Date: 2020-10-22 04:29 UTC
$ step certificate create 'My Root CA' root_ca.crt root_ca_key --profile root-ca
Please enter the password to encrypt the private key:
Your certificate has been saved in root_ca.crt.
Your private key has been saved in root_ca_key.
$ step certificate create 'My Intermediate CA' intermediate_ca.crt intermediate_ca_key --profile intermediate-ca --ca root_ca.crt --ca-key root_ca_key
@maraino
maraino / ssh.patch
Created February 4, 2020 04:47
SSH EC Keys Patch
commit fc346d83bb0cca8b617358b275cb678a41aaeb4f
Author: Mariano Cano <[email protected]>
Date: Mon Jan 20 17:33:23 2020
ssh: support for ecdsa keys using openssh format.
This adds support for parsing OpenSSH ECDSA private keys. It
implements parsing for P-256, P-384, and P-521 unencrypted keys.
Change-Id: I77c8e0a23ed6353f6667686cc79ec14661cb10db
@maraino
maraino / panicmiddlware.go
Last active January 30, 2020 19:46
Simple panic middleware
package main
import (
"log"
"net/http"
)
func panicMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
defer func() {
@maraino
maraino / keybase.md
Created March 6, 2014 23:03

Keybase proof

I hereby claim:

  • I am maraino on github.
  • I am mariano (https://keybase.io/mariano) on keybase.
  • I have a public key whose fingerprint is BD96 1B9F CB6C CE22 5ABE AD95 6813 0D20 3189 2F1A

To claim this, I am signing this object: