Server Bug Fix: What are the padding procedures in Tomcat AES_128 and AES_256 ciphers?

Original Source Link

We are trying to verify that our Tomcat 8.5 servers use strong enough encryption. We used ssllabs.com to get the list of enabled ciphers. We have to be sure that all of the enabled CBC ciphers use padding algorithms that conform to ISO/IEC 7816-4, RFC 5652, RFC 4303 or use ciphertext stealing. The cipher TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is just an example to be checked. Is the information about the padding algorithms of the ciphers available somewhere?

Tagged : / / / /

Ubuntu HowTo: How do I digitally sign PDFs in 2019?

Original Source Link

This older post is either pointing to mostly dead software or the answers are not fully applicable.

I want to take a PDF document, stick in an image of my signature and have this be digitally signed using a certificate so that the document is secured and any changes will be picked up.

I’d like to open a document, navigate to the relevant signature page, click on the line or draw a box, enter a password and my signature should be drawn and certificate used to digitally sign the doc.

I’ve tried the following options and here are the problems:

  • Libre Office: Difficult to sign existing PDF’s, better to create pdf’s with. Have to add signature image separately.

  • PortableSigner: Hard to position signature but does the job

  • Master PDF Editor: Works well but takes 70 dollars to prevent ugly watermark being added to PDF’s

  • Foxit Reader: Only adds image without any certificate signing.

Any ideas?

I recommend you go through the list of OpenSC based applications. OpenSC is the base library of most applications using smartcard and USB key hardware certificates.

At first glance, the following seem interesting for your use case (though I haven’t tried them myself yet):

I use DocuSign, which is free web app (for single signatures). It also serves as a (hopefully) trusted third party.

From DocuSign – Wikipedia:

DocuSign, Inc. is an American company headquartered in San Francisco, California that allows organizations to manage electronic agreements. As part of the DocuSign Agreement Cloud, DocuSign offers eSignature, a way to sign electronically on different devices. DocuSign claims it has over 475,000 customers and hundreds of millions of users in more than 180 countries. Signatures processed by DocuSign are compliant with the US ESIGN Act. and the European Union’s eIDAS regulation, including EU Advanced and EU Qualified Signatures.

You create in LibreOffice your usual document as new document (*.doc or *.odt) – when document is created finish, then add watermark like it is described here :

https://libreofficehelp.com/how-to-add-watermark-in-libreoffice-writer/

When watermark is set finish, you then can export this document to format PDF.

Tagged : / / /

Making Game: CoreStore Encryption Error on Mac Lion

Original Source Link

I am trying to encrypt an external drive using diskutil CoreStorage on Mac Lion 10.7.4. I thought the only requirements were that the drive have GUID partition scheme and Journaled HFS+ file system. I think my drive is configured accordingly but when I type the following command I get an error message back:

Michaels-MacBook-Pro:~ Michael$ diskutil cs convert disk2 -passphrase TestPassword

Error converting disk to CoreStorage: The given file system is not
supported on Core Storage (-69756)

Here are the details reported for the drive in question:

Michaels-MacBook-Pro:~ Michael$ diskutil list disk2
/dev/disk2
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *500.1 GB   disk2
   1:                        EFI                         209.7 MB   disk2s1
   2:                  Apple_HFS Test1                   499.8 GB   disk2s2

Michaels-MacBook-Pro:~ Michael$ diskutil list disk2
/dev/disk2
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *500.1 GB   disk2
   1:                        EFI                         209.7 MB   disk2s1
   2:                  Apple_HFS Test1                   499.8 GB   disk2s2

Michaels-MacBook-Pro:~ Michael$ diskutil info disk2s2
   Device Identifier:        disk2s2
   Device Node:              /dev/disk2s2
   Part of Whole:            disk2
   Device / Media Name:      Test1

   Volume Name:              Test1
   Escaped with Unicode:     Test1

   Mounted:                  Yes
   Mount Point:              /Volumes/Test1
   Escaped with Unicode:     /Volumes/Test1

   File System Personality:  Journaled HFS+
   Type (Bundle):            hfs
   Name (User Visible):      Mac OS Extended (Journaled)
   Journal:                  Journal size 40960 KB at offset 0xe8e000
   Owners:                   Disabled

   Partition Type:           Apple_HFS
   OS Can Be Installed:      Yes
   Media Type:               Generic
   Protocol:                 FireWire
   SMART Status:             Not Supported
   Volume UUID:              1024D0B8-1C45-3057-B040-AE5C3841DABF

   Total Size:               499.8 GB (499763888128 Bytes) (exactly 976101344 512-Byte-Blocks)
   Volume Free Space:        499.3 GB (499315826688 Bytes) (exactly 975226224 512-Byte-Blocks)
   Device Block Size:        512 Bytes

   Read-Only Media:          No
   Read-Only Volume:         No
   Ejectable:                Yes

   Whole:                    No
   Internal:                 No

I’m a little concerned that the “Partition Type: Apple_HFS” entry is causing the problem, but I don’t know how to change that. I only seem to be able to control the “File System Personality: Journaled HFS+” in Disk Utility.

Can anyone shed some light on this for me?

You need to give it your JHFS+ partition (disk2s2), not the whole disk (disk2).

The man page for diskutil, when covering the coreStorage convert (cs convert) verb, specifically says this:

Convert a regular Journaled HFS+ or Case-sensitive Journaled HFS+ volume (must be on a partition and within a GPT partitioning scheme) into a CoreStorage logical volume.

Tagged : /

Linux HowTo: CoreStore Encryption Error on Mac Lion

Original Source Link

I am trying to encrypt an external drive using diskutil CoreStorage on Mac Lion 10.7.4. I thought the only requirements were that the drive have GUID partition scheme and Journaled HFS+ file system. I think my drive is configured accordingly but when I type the following command I get an error message back:

Michaels-MacBook-Pro:~ Michael$ diskutil cs convert disk2 -passphrase TestPassword

Error converting disk to CoreStorage: The given file system is not
supported on Core Storage (-69756)

Here are the details reported for the drive in question:

Michaels-MacBook-Pro:~ Michael$ diskutil list disk2
/dev/disk2
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *500.1 GB   disk2
   1:                        EFI                         209.7 MB   disk2s1
   2:                  Apple_HFS Test1                   499.8 GB   disk2s2

Michaels-MacBook-Pro:~ Michael$ diskutil list disk2
/dev/disk2
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *500.1 GB   disk2
   1:                        EFI                         209.7 MB   disk2s1
   2:                  Apple_HFS Test1                   499.8 GB   disk2s2

Michaels-MacBook-Pro:~ Michael$ diskutil info disk2s2
   Device Identifier:        disk2s2
   Device Node:              /dev/disk2s2
   Part of Whole:            disk2
   Device / Media Name:      Test1

   Volume Name:              Test1
   Escaped with Unicode:     Test1

   Mounted:                  Yes
   Mount Point:              /Volumes/Test1
   Escaped with Unicode:     /Volumes/Test1

   File System Personality:  Journaled HFS+
   Type (Bundle):            hfs
   Name (User Visible):      Mac OS Extended (Journaled)
   Journal:                  Journal size 40960 KB at offset 0xe8e000
   Owners:                   Disabled

   Partition Type:           Apple_HFS
   OS Can Be Installed:      Yes
   Media Type:               Generic
   Protocol:                 FireWire
   SMART Status:             Not Supported
   Volume UUID:              1024D0B8-1C45-3057-B040-AE5C3841DABF

   Total Size:               499.8 GB (499763888128 Bytes) (exactly 976101344 512-Byte-Blocks)
   Volume Free Space:        499.3 GB (499315826688 Bytes) (exactly 975226224 512-Byte-Blocks)
   Device Block Size:        512 Bytes

   Read-Only Media:          No
   Read-Only Volume:         No
   Ejectable:                Yes

   Whole:                    No
   Internal:                 No

I’m a little concerned that the “Partition Type: Apple_HFS” entry is causing the problem, but I don’t know how to change that. I only seem to be able to control the “File System Personality: Journaled HFS+” in Disk Utility.

Can anyone shed some light on this for me?

You need to give it your JHFS+ partition (disk2s2), not the whole disk (disk2).

The man page for diskutil, when covering the coreStorage convert (cs convert) verb, specifically says this:

Convert a regular Journaled HFS+ or Case-sensitive Journaled HFS+ volume (must be on a partition and within a GPT partitioning scheme) into a CoreStorage logical volume.

Tagged : /

Making Game: How do I fix access denied to encypted files after disabling ESF in the midst of decrypt

Original Source Link

This is on windows 7 Lenovo W530. My whole drive is encrypted and been that way for a while.
So I disabled ESF while decryption was running, then halted decryption and rebooted. Now, most of my docs say access denied. I had all the good stuff backed up, but even so. I can delete these files, but I can’t open them.

  1. cipher /d /s:C: *
  2. fsutil behavior set disableencryption 1
  3. interupt cipher
  4. reboot

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

I tried reenabling ESF, but it didn’t help
These threads is where I got my commands.
https://thegeekpage.com/enable-disable-windows-encrypting-file-system-efs-feature/
How to disable Encrypting File System

Tagged : /

Making Game: How to disable Encrypting File System

Original Source Link

I accidentally (believe it or not) enabled Encrypting File System on Windows 7 that uses my personal certificate. I don’t need the encryption, and I don’t want to be stuck with inaccessible files in the future.

After the process was done, there was no “Cancel” button. I found that the Startup type should be disabled for EFS in services.msc.

Is this the correct solution? I’m asking to be 100% sure before I end up losing my data after rebooting my PC or deleting the certificate.

I wouldn’t say it’s correct.

EFS isn’t really something you need to enable or disable globally – it’s the individual files that can be marked as “encrypted” or not. Newly created files are encrypted only if their parent folder is has encryption enabled.

But if you disable the EFS service, your files won’t magically decrypt themselves – they’ll remain encrypted, and more importantly inaccessible because you just disabled the software that could decrypt them.

So instead just disable the “Encrypted” option for your folders and files, and keep the service as is. (You can use cipher /d /s:C: * to mass-decrypt everything in C:.)

Tagged : / /

Linux HowTo: How do I fix access denied to encypted files after disabling ESF in the midst of decrypt

Original Source Link

This is on windows 7 Lenovo W530. My whole drive is encrypted and been that way for a while.
So I disabled ESF while decryption was running, then halted decryption and rebooted. Now, most of my docs say access denied. I had all the good stuff backed up, but even so. I can delete these files, but I can’t open them.

  1. cipher /d /s:C: *
  2. fsutil behavior set disableencryption 1
  3. interupt cipher
  4. reboot

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

I tried reenabling ESF, but it didn’t help
These threads is where I got my commands.
https://thegeekpage.com/enable-disable-windows-encrypting-file-system-efs-feature/
How to disable Encrypting File System

Tagged : /

Linux HowTo: How to disable Encrypting File System

Original Source Link

I accidentally (believe it or not) enabled Encrypting File System on Windows 7 that uses my personal certificate. I don’t need the encryption, and I don’t want to be stuck with inaccessible files in the future.

After the process was done, there was no “Cancel” button. I found that the Startup type should be disabled for EFS in services.msc.

Is this the correct solution? I’m asking to be 100% sure before I end up losing my data after rebooting my PC or deleting the certificate.

I wouldn’t say it’s correct.

EFS isn’t really something you need to enable or disable globally – it’s the individual files that can be marked as “encrypted” or not. Newly created files are encrypted only if their parent folder is has encryption enabled.

But if you disable the EFS service, your files won’t magically decrypt themselves – they’ll remain encrypted, and more importantly inaccessible because you just disabled the software that could decrypt them.

So instead just disable the “Encrypted” option for your folders and files, and keep the service as is. (You can use cipher /d /s:C: * to mass-decrypt everything in C:.)

Tagged : / /

Ubuntu HowTo: Mounting LUKS encryred drive

Original Source Link

ubuntu 18.04

I have a vps which i wanted to be encrypted, so i partitioned the drive and encrypted the new partition. Then i transferred all the system files from the old partition to the new encrypted one.

this is how it looks:

/dev/sda1 /boot unencrypted UUID="69821431-24b6-4589-9fd9-0a50c34561c2"

/dev/sda2 / unencrypted UUID="1b4f25ef-2a83-49df-a9c2-ef6abc3f2925"

/dev/sda3 /test encrypted UUID="34c2f446-f32b-4bc1-90f5-27d5050a703f"

so what i want to achieve is on reboot it loads /dev/sda3 at / then i can format the old partition /dev/sda2

Been reading multiple tutorials saying to edit /etc/fstab /etc/crypttab without any joy. They all seem to mount at something other than / which i have been successful doing.

What ive tried:

mkfs.ext4 /dev/mapper/luks-34c2f446-f32b-4bc1-90f5-27d5050a70

nano /etc/fstab /dev/mapper/luks-34c2f446-f32b-4bc1-90f5-27d5050a70 /test ext4 defaults 0 0

nano /etc/crypttab luks-34c2f446-f32b-4bc1-90f5-27d5050a70 UUID=34c2f446-f32b-4bc1-90f5-27d5050a703f -

Upon reboot it works fine, but i want it to mount at / not /test. If i change fstab to mount at / then i have 2 drives mounted at /

I think the issue is grub.cfg. Tried update-grub but it doesn’t look correct, i cant see UUID of /dev/sda1 /boot in the .cfg

Tagged : / / /

Ubuntu HowTo: Problem with triple boot system

Original Source Link

Got a new laptop with one NVMe drive and one SSD drive and wanted to do the following:

Have one encrypted Ubuntu partition and one encrypted (with Bitlocker) windows-partition, both on the NVMe drive.
Have one encrypted Kali Linux partition on the SSD.

I setup the Ubuntu partition and the Windows partition without problems and everything worked just fine. The only caveat is that on the few occasions that I have to boot into Windows I have to do so by changing boot order in the BIOS (because of the Bitlocker encryption I guess).

I used the computer like this for a couple of days and then I went ahead and installed Kali Linux on the separate SSD as one encrypted partition on the whole drive.

Everything worked fine, but I had to change boot order in the BIOS to boot into Kali as well (probably due to misconfiguration?), but as I had to do the same for windows (not due to misconfiguration?) I didn’t see it as a problem.

Then all of a sudden I couldn’t access BIOS anymore! It’s an Acer laptop and I thought it had something to do with BIOS itself. If I just started the system it launched grub and I could boot into Ubuntu normally and all, but whenever I tried to enter BIOS on launch the computer froze on the Acer splash screen and nothing happened. I couldn’t get it to work but then all of a sudden BIOS launched normally but the Kali partition was gone from the boot order menu.

I’m thinking “Well I’ll just reinstall it and see” but when I try to boot into the other partitions they have stopped working as well. The Windows partition won’t boot at all, and when I try to boot into Ubuntu it says something like “cryptsetup waiting on encrypted device” and stays there.

What am I doing wrong? I’m almost certain that I have to do a complete reinstall of all partitions, but I don’t want this to happen again! What crucial part of this setup am I missing?

I’ve tried to find answers to this problem on the web of course, but I can’t (I think at least) find something with this setup and these kinds of problems. I don’t know whether it’s a case of some misconfiguration in BIOS or with the encryption (entries in crypttab) or maybe with one of the drives.

It turns out that BIOS had somehow reverted to a state in which RST had been enabled instead of AHCI, which caused these problems to occur. I just enabled AHCI again and now everything works to some degree. What I mean by that is that Kali can no longer boot without secure boot being disabled. So the question is whether this was the cause initially or if I just have to keep Secure Boot disabled.

Tagged : / / / /