public-key interview questions
Top public-key frequently asked interview questions
For RSA, how do i calculate the secret exponent?
Given p and q the two primes, and phi=(p-1)(q-1), and the public exponent (0x10001), how do i get the secret exponent 'd' ?
I've read that i have to do: d = e-1 mod phi using modular inversion and the euclidean equation but i cannot understand how the above formula maps to either the a-1 ≡ x mod m formula on the modular inversion wiki page, or how it maps to the euclidean GCD equation.
Can someone help please, cheers
Source: (StackOverflow)
In order to send and receive encrypted messages from/to the iPhone I need to read a public key (server's public key) PEM file and create a SecKeyRef (later I could even store it on the keychain in order not to create it again).
This is my current workflow:
- On the server: Create a P12 file with the user's certificate and private key. Store the user's public key on the server's keychain.
- On the iPhone: Retrieve the P12 file from the server, use the password to open it and store the private key on the keychain.
- On the iPhone: Retrieve a PEM file with the server's public key from the server. Create a SecKeyRef and store it on the keychain
- On the iPhone: use both keys to send/receive encrypted messages to/from the server.
- Live happily ever after.
I'm having problems with 3, as I cannot create a SecKeyRef from the PEM file data. I cannot find any documentation on how to do it, Did anybody had the same problem? Any hints? As I cannot find any code examples or documentation on this it feels that I'm doing something wrong...
thanks!
Source: (StackOverflow)
I've researched a bit about how to achieve what I said in the question and found several APIs but most of them look very complicated and since I'm just a noobie in this area I just want a simple method like:
public String Encrypt(String message, PublicKey publicKey)
Don't know if this can be done? If not then please someone enlighten me another way to achieve this :)
Thank you.
UPDATE:
So far I have only seen that all of the library for OpenPGP encryption require both the public key and private key to do the encrypt while I only want to encrypt with the public key (because I don't have the private key to use it)!
Source: (StackOverflow)
The shareware registration system I'm currently developing embeds the public DSA key in the executable itself, and the private key resides on a server. (For the sake of discussion let's assume that the server is 100% secure, and there is no way for anybody to get their hands on the private key.)
Whenever the program is purchased, the server generates a license for the user by signing the user's name with the private key. That license is then emailed to the user. Once the user manually enters their name and license into the shareware application it is verified by the public key embedded in the application to be a valid or invalid license.
However, it would be fairly trivial for a determined person with the right "know-how" to disassemble the executable and retrieve the public key.
My question here is, what could they do with it? Is a public key, by itself, completely innocuous? Is the public key enough information to reverse engineer a key generator?
Curious minds want to know. Thanks in advance!
Source: (StackOverflow)
I got a problem with adding an ssh key to a Vagrant VM. Basically the setup that I have here works fine. The VMs are created, I can access them via vagrant ssh
, the user "vagrant" exists and there's an ssh key for this user in the authorized_keys
file.
What I'd like to do now is to be able to connect to those VMs via ssh
or use scp
. So I would only need to add my public key from id_rsa.pub
to the authorized_keys
- just like I'd do with ssh-copy-id
.
Is there a way to tell Vagrant during the setup that my public key should be included? If not (which is likely, according to my google results), is there a way to easily append my public key during the vagrant setup?
Thanks in advance and best regards,
tehk
Source: (StackOverflow)
I have a .cer certificate file, and need to extract the Public Key. I can only extract to PEM format. The "outform" parameter does nothing.
openssl x509 -inform PEM -in certificate.cer -outform DER -pubkey -noout > publickey.der
Is it possible to extract in DER format?
Source: (StackOverflow)
I've been able find information on symmetric encryption and hashing but I've been having quite a bit of trouble finding much information on any sort of public key encryption for java. What I'd like to do is make a very simple proof of concept program that takes a string ( or a file I suppose), encrypts it with a public key and then decrypts it with a private key.
Any tutorial links or examples would be appreciated. I just want to make something demonstrating how you can use public key encryption in Java.
Source: (StackOverflow)
By any chance, is there any place it's possible to host private ruby gems?
So I could allow it to be pulled only for specific places by using public key or something like that?
Thanks
Source: (StackOverflow)
Probably a simple question, but I am at a loss here...
In github one can add a deployment key for each repository which only gives access to that single repository.
But for one client I have two projects managed with git on the same server (project A and project B). If I use the public key for project A, github tells me I cant use it as a deployment key for project B and vice versa.
How can I create another public key and setup git to use one key for project A and the other one for project B?
Source: (StackOverflow)
I am having issues with committing changes to my gear. I have tried to run rhc setup, I also deleted my .ssh folder and executed rhc setup again but that also didnt work.
Not sure what changed but it worked couple of hours ago.
>git push -u <GEAR_NAME> master
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
>git remote add devstage3 -f ssh://<GEAR_ID>@<GEAR_NAME>-<GEAR-DOMAIN>.rhcloud.com/~/git/<GEAR_DOMAIN>.git/
Also I have tried to start a different gear and commit to it but I am getting the same error:
Updating <GEAR_NAME>
The authenticity of host '<GEAR_NAME>-<GEAR-DOMAIN>.rhcloud.com (<GEAR_IP>)' can't be established.
RSA key fingerprint is <KEY_FINGERPRINT>.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '<GEAR_NAME>-<GEAR-DOMAIN>.rhcloud.com,<GEAR_IP>' (RSA) to the list of known hosts.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
error: Could not fetch <GEAR_NAME>
Source: (StackOverflow)
Ok, I'm confused about something... I am able to commit to my github repository just fine, but when I try to do a cap deploy
from my local folder to my staging server I get Permission denied (publickey).
If I run ssh git@github.com
I actually get an error PTY allocation request failed on channel 0
So something here is wrong.
If I run ssh -vT git@github.com
I get:
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/myuser/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to github.com [207.97.227.239] port 22.
debug1: Connection established.
debug1: identity file /Users/myuser/.ssh/id_rsa type 1
debug1: identity file /Users/myuser/.ssh/id_rsa-cert type -1
debug1: identity file /Users/myuser/.ssh/id_dsa type -1
debug1: identity file /Users/myuser/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5github2
debug1: match: OpenSSH_5.1p1 Debian-5github2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /Users/myuser/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/myuser/.ssh/github_rsa
debug1: Remote: Forced command: gerve technomad
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Remote: Forced command: gerve technomad
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([207.97.227.239]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
Hi technomad! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2384, received 2888 bytes, in 0.1 seconds
Bytes per second: sent 42630.8, received 51643.3
debug1: Exit status 1
My keys are in the ~/.ssh folder, so whats the issue, and why am i able to commit to the repository if there is a key issue??
UPDATE:
I did notice something when I went into my .ssh folder. There is a new keypair that was created when I installed Github for Mac... why couldn't it just use my existing keypair i don't know.
Source: (StackOverflow)
i'm using Paramiko to connect through ssh to a server.
Basic authentication works well, but i can't understand how to connect with public key.
When i connect with putty, the server tell me this:
Using username "root".
Authenticating with public key "rsa-key@ddddd.com"
Passphrase for key "rsa-key@ddddd.com": [i've inserted the passphrase here]
Last login: Mon Dec 5 09:25:18 2011 from ...
I connect to it with this ppk file:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc
Comment: rsa-key@dddd.com
Public-Lines: 4
[4 lines key]
Private-Lines: 8
[8 lines key]
Private-MAC: [hash]
With basic auth the error i get (from the log) is:
DEB [20111205-09:48:44.328] thr=1 paramiko.transport: userauth is OK
DEB [20111205-09:48:44.927] thr=1 paramiko.transport: Authentication type (password) not permitted.
DEB [20111205-09:48:44.927] thr=1 paramiko.transport: Allowed methods: ['publickey', 'gssapi-with-mic']
I've tried to include that ppk file and set to auth_public_key, but didn't work.
Can you help me?
Source: (StackOverflow)
I need to encrypt some data using RSA in JavaScript. All of the libraries around ask for an exponent and a modulus, yet I get a single public.key
file from my opponent.
How do you retrieve the public exponent
and modulus
part from an RSA file?
Source: (StackOverflow)
I'd like to encrypt in JavaScript, decrypt in PHP, using public-key cryptography. I've been trying to find libraries that can accomplish this, but am having issues.
I am currently looking at openpgpjs, but I need support in all browsers, and even the test page has errrors on the only listed as supported browser (Google Chrome).
Notes about the final goal:
The TCP connection is already protected by SSL. The main purpose of this layer of protection is defending against intentional or unintentional webserver logging, crash dumps, etc.
On the PHP side, a temporary private key will be generated (it will expire after a short time). The caller (in Javascript) is responsible for asking for a new public key when it expires. The reason for private key expiration is to prevent logged encrypted data decryption, in case the server which stores the private key is later compromised.
Servers compromised scenario: someone gets his hands on backups for all machines except the database server (and cannot access the database due to firewalling, even if he finds out the user and password). Since the private key which encrypted the logged data no longer exists, there is nothing the attacker can do.
Source: (StackOverflow)
While I am trying heroku login
through cmd in my machine, it says
Could not find existing public key
Would you like to generate one? [YN]
After that when I press 'y' and enter it says
Generating new ssh public key
Could not generate key: "ssh-keygen" is not recognized as a internal or external command operable program or batch file
Please help me.
Source: (StackOverflow)