Extremely Serious

Category: Security (Page 3 of 4)

Using Detach ASCII Signature to Verify a File

Import Keys from Keyserver

Run the following command:

gpg --receive-keys <KEY_ID>

Showing the Fingerprints

Run the following command:

gpg --fingerprint <KEY_ID>

Verifying a File with ASCII Key

  1. Download the detach asc <ASC_FILE> file associated to the file.
  2. Download the signed file <SIGNED_FILE> file.
  3. Use the following command for verification:
    gpg --verify <ASC_FILE> <SIGNED_FILE>

Generating PGP Keys with Gpg4win

Pre-requisite

Generating Keys

    1. Run the following command:
      gpg --full-gen-key
    2. Type 1 and press enter for the following question:
      Please select what kind of key you want:
         (1) RSA and RSA (default)
         (2) DSA and Elgamal
         (3) DSA (sign only)
         (4) RSA (sign only)
      Your selection?
    3. Press enter for the following question:
      RSA keys may be between 1024 and 4096 bits long.
      What keysize do you want? (2048)
    4. Press enter for the following question:
      Please specify how long the key should be valid.
               0 = key does not expire
            <n>  = key expires in n days
            <n>w = key expires in n weeks
            <n>m = key expires in n months
            <n>y = key expires in n years
      Key is valid for? (0)
    5. Type y and press enter for the following question:
      Key does not expire at all
      Is this correct? (y/N)
    6. Fill in the Real name appropriately and press enter.
    7. Fill in the Email address appropriately and press enter.
    8. The Comment is optional but don't forget to press enter.
    9. Type o and press enter for the following question:
      Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
    10. Fill-in the passphrase appropriately.

The output will be ending with something like the following:

pub   rsa2048 2019-11-27 [SC]
      8C99E30527B112D1CB6D646FE86A4FE7189AADC9
uid                      Real Name <real_email@email.com>
sub   rsa2048 2019-11-27 [E]

The second line is the PGP key ID. Thus from the output above. The key id is:

8C99E30527B112D1CB6D646FE86A4FE7189AADC9

Exporting Your Private Key

The my-secret-key.pgp file generated by this command can be use for signing your binaries.

Run the following command:

gpg --export-secret-keys <KEY_ID> > my-secret-key.pgp

DO NOT SHARE THIS FILE OR COMMIT TO YOUR REPOSITORY.

Publishing Your Public Key

Run the following command:

gpg --send-key <EMAIL_ADDRESS>

Use the email address you've used from generating the key.

Alternative way of Publishing your Public Key

  1. Generate an ASCII-armored PGP key using the following command:
    gpg --armor --export <EMAIL_ADDRESS>

    Use the email address you've used from generating the key.

    The preceding command is exporting your public key in ascii format.

  2. Copy and paste the generated public ID to the following address: http://hkps.pool.sks-keyservers.net/#submit
  3. Click the Submit this key to the keyserver! button.

Validating your Published Public Key

  1. You can validate the upload public key by placing your <EMAIL_ADDRESS> as a Search String from the following address: http://hkps.pool.sks-keyservers.net/#extract.

    This will only work if you submit your keys using the preceding section.

  2. Click the Do the search! button.

Listing the Entries of a Java Keystore

Use the following command to list the entries of a Java keystore:

The keytool is normally found in $JAVA_HOME/jre/bin (i.e. the $JAVA_HOME variable is where you’ve installed JDK).

keytool -list -v -keystore <KEYSTORE_FILE> -storepass <KEYSTORE_PASSWORD>

Include the -a <ALIAS> parameter to just display a single certificate.

Token Description
KEYSTORE_FILE The target key store file (e.g. cacerts found in $JAVA_HOME/jre/lib/security)
KEYSTORE_PASSWORD The password for accessing the keystore (i.e. the default is changeit)

Importing a Certificate to Java Keystore

Use the following command in importing a certificate to Java keystore:

The keytool is normally found in $JAVA_HOME/jre/bin (i.e. the $JAVA_HOME variable is where you've installed JDK).

keytool -importcert -alias <ALIAS> -v -keystore <KEYSTORE_FILE> -file <INPUT_FILE> -storepass <KEYSTORE_PASSWORD>
Token Description
ALIAS Alias name of the entry to process
KEYSTORE_FILE The target key store file (e.g. cacerts found in $JAVA_HOME/jre/lib/security)
INPUT_FILE Input file name (i.e. certificate file like cer, crt or pem)
KEYSTORE_PASSWORD The password for accessing the keystore (i.e. the default is changeit)

 

Schedule Certbot-Auto to Auto Renew Weekly with NGINX

  1. Create the file in /etc/cron.weekly/certbot-renewal using the following command
    sudo vi /etc/cron.weekly/certbot-renewal
  2. Place in the following in the file and save it:
    #!/bin/sh
    
    /usr/sbin/certbot-auto renew --no-bootstrap --no-self-upgrade --post-hook "service nginx restart"
  3. Change the mode of file to 755 using the following command:
    sudo chmod 755 /etc/cron.weekly/certbot-renewal
« Older posts Newer posts »