Skip to content

Instantly share code, notes, and snippets.

View salrashid123's full-sized avatar

salrashid123

244 followers · 1 following
View GitHub Profile
@salrashid123
salrashid123 / pgcrypto.md
Last active November 16, 2022 12:18
Using postgres pgcrypto to join tables

Joining encrypted columsn using postgres pgcrypto

The following sample will create two tables which includes two sets of usernames and the AES encrypted form of their their fave animal.

Each table will use a different encryption key:

  • table1: collaborator1 will use encryption key of 1234
  • table2: collaborator2 will use encryption key of 6789
@salrashid123
salrashid123 / bq_aead.md
Last active December 13, 2022 14:05
Bigquery ML over AEAD encrypted data

Sample that generates a BQ ML model where the data is AEAD encrypted

A variaton of Create machine learning models in BigQuery ML

in which two different parties have encrypted a part of the source training dataset with their own keys.

The aead keys maybe released to an secure workstation where neither party has access to but trusts the code its running.

Te secure workstation that has both collaborator's keys and the encrypted dataset will construct a BQ ML model, evaluate it and use it to make a prediction

@salrashid123
salrashid123 / main.go
Last active November 7, 2022 14:06
AEAD encrypted data join (https://blog.salrashid.dev/articles/2022/bq_client_side_aead/#untrusted-multiparty-compute)
package main
/*
see
https://blog.salrashid.dev/articles/2022/bq_client_side_aead/#untrusted-multiparty-compute
two tables in two different datasets encrypted with their own keys
@salrashid123
salrashid123 / dns.md
Created October 25, 2022 12:09
Google Traffic Director DNS verbose logs https://github.com/salrashid123/grpc_xds_traffic_director.git 
$ go run client/grpc_client.go --host dns:///grpc-ig-3kb7:50051

2022/10/25 02:42:52 INFO: [core] [Channel #1] Channel created
2022/10/25 02:42:52 INFO: [core] [Channel #1] original dial target is: "dns:///grpc-ig-3kb7:50051"
2022/10/25 02:42:52 INFO: [core] [Channel #1] parsed dial target is: {Scheme:dns Authority: Endpoint:grpc-ig-3kb7:50051 URL:{Scheme:dns Opaque: User: Host: Path:/grpc-ig-3kb7:50051 RawPath: OmitHost:false ForceQuery:false RawQuery: Fragment: RawFragment:}}
2022/10/25 02:42:52 INFO: [core] [Channel #1] Channel authority set to "grpc.domain.com"
2022/10/25 02:42:52 INFO: [core] [Channel #1] Resolver state updated: {
  "Addresses": [
    {
@salrashid123
salrashid123 / td_grpc_xds.md
Last active October 25, 2022 12:07
Google Traffic Director XDS verbos logs https://github.com/salrashid123/grpc_xds_traffic_director.git 
root@xds-client:~/td_grpc# export GRPC_XDS_BOOTSTRAP=`pwd`/xds_bootstrap.json
root@xds-client:~/td_grpc# go run client/grpc_client.go --host xds:///grpc.domain.com:50051

2022/10/25 02:45:51 INFO: [core] [Channel #1] Channel created
2022/10/25 02:45:51 INFO: [core] [Channel #1] original dial target is: "xds:///grpc.domain.com:50051"
2022/10/25 02:45:51 INFO: [core] [Channel #1] parsed dial target is: {Scheme:xds Authority: Endpoint:grpc.domain.com:50051 URL:{Scheme:xds Opaque: User: Host: Path:/grpc.domain.com:50051 RawPath: OmitHost:false ForceQuery:false RawQuery: Fragment: RawFragment:}}
2022/10/25 02:45:51 INFO: [core] [Channel #1] Channel authority set to "grpc.domain.com"
2022/10/25 02:45:51 INFO: [xds] [xds-resolver 0xc00036e7e0] Creating resolver for target: {Scheme:xds Authority: Endpoint:grpc.domain.com:50051 URL:{Scheme:xds Opaque: User: Host: Path:/grpc.domain.com:50051 RawPath: OmitHost:false ForceQuery:false RawQuery: Fragment: RawFragment:}}
2022/10/25 02:45:51 INFO: [xds] [xds-bootstrap
@salrashid123
salrashid123 / envoy.yaml
Last active October 20, 2022 17:21
envoy dynamic_forward proxy with SNI (https://github.com/salrashid123/envoy_dynamic_forward_proxy_with_sni)
node:
cluster: service_greeter
id: test-id
admin:
access_log_path: /dev/null
address:
socket_address:
address: 0.0.0.0
port_value: 9000
@salrashid123
salrashid123 / main.go
Created September 21, 2022 12:44
Create JWTs in go using any crypto.Singer (https://blog.salrashid.dev/articles/2022/golang-jwt-signer/)
package main
import (
"context"
"crypto/x509"
"encoding/pem"
"fmt"
"io/ioutil"
"log"
"os"
@salrashid123
salrashid123 / asymkek.sh
Created September 15, 2022 16:43
GCS client-side Stream encryption https://blog.salrashid.dev/articles/2022/gcs_stream_encryption/
export PROJECT_ID=`gcloud config get-value core/project`
export BUCKET_NAME=$PROJECT_ID-enctest
gsutil mb gs://$BUCKET_NAME
# create a sample file
openssl rand --base64 1000000 > secrets.txt
sha256sum secrets.txt
# generate kek and dek
openssl genrsa -out kek.key 2048
@salrashid123
salrashid123 / symkek.sh
Created September 15, 2022 16:42
GCS client-side Stream encryption https://blog.salrashid.dev/articles/2022/gcs_stream_encryption/
export PROJECT_ID=`gcloud config get-value core/project`
export BUCKET_NAME=$PROJECT_ID-enctest
gsutil mb gs://$BUCKET_NAME
# create a sample file
openssl rand --base64 1000000 > secrets.txt
sha256sum secrets.txt
# generate kek and dek
openssl rand 32 > kek.key
@salrashid123
salrashid123 / getidtoken.sh
Created September 12, 2022 13:07
GCP Service Account ID TOKEN with bash curl openssl jq
#!/usr/bin/bash
# get gcp service account OIDC token using curl, openssl, jq
# GCP Service Account authentication with bash curl openssl jq
# https://developers.google.com/identity/protocols/oauth2/service-account#authorizingrequests
# code below credited to
# https://gist.github.com/LindaLawton/cff75182aac5fa42930a09f58b63a309?permalink_comment_id=4232119#gistcomment-4232119
# usage: