Tag Archives: crypto

Generating (Very) Large Primes

Posted by Paul Kehrer on March 7, 2009 0 comments

Have you ever wondered how big the “large primes” that RSA encryption is based on really are? What exactly does a “1024-bit” key mean anyway? And if the difficulty of RSA is partially based on factoring large numbers, how do we create these large primes without determining primality via factorization? The easiest way to demonstrate [...]

Re-Signing An Expired CA Certificate

Posted by Paul Kehrer on March 5, 2009 0 comments

On rare occasions you may find yourself with a self-signed internal CA that has expired while you are still using certificates issued from the CA. One potential solution to this problem is to self-sign a new cert with identical fields using the private key from the old certificate.1 You can fill in almost all the [...]

OpenSSL SAN/UCC Certificate Generation

Posted by Paul Kehrer on February 28, 2009 1 comment

Signing a CSR containing subjectAltName (SAN/UCC) extensions isn’t hard, but can be a daunting challenge for the OpenSSL neophyte. We’re going to use the OpenSSL Self-Signed CA to accomplish this task in two ways. Pre-Existing SAN CSR Either you already have a SAN CSR from another source or you generated one using the tutorial from [...]

Creating a SubjectAltName (SAN/UCC) CSR

Posted by Paul Kehrer on February 27, 2009 6 comments

SAN certificates (or as Microsoft and others have taken to calling them, Unified Communications Certificates) are rapidly becoming a popular option for securing multiple domains. In fact, Exchange 2007, OCS 2007, and several other products now require UCC to function. However, this certificate type can proffer some advantages beyond that of a wildcard certificate as [...]

Code Signing for Mac OS X and Windows

Posted by Paul Kehrer on February 22, 2009 2 comments

Code signing is rapidly becoming an important part of application deployment on many platforms. On OS X it suppresses the keychain warnings when you update your application and on Windows it can bypass numerous UAC notifications as well as the initial application launch dialog. This can (sometimes drastically) improve the customer experience and reduce friction [...]

AES Encryption Via OpenSSL

Posted by Paul Kehrer on January 31, 2009 1 comment

If you have ever wanted to encrypt a blob of data for transmission or archival, OpenSSL provides a simple way to accomplish this task without resorting to platform specific tools. To encrypt1: openssl enc -e -aes-256-cbc -in filename -out filename.enc To decrypt: openssl enc -d -aes-256-cbc -in filename.enc -out filename.dec The example above uses AES256 [...]

« Previous page | Next page »

langui.sh

Fun hacks, WP plugins, photography, and PKI junk. Languishing since 2008.