All posts for the month February, 2020

key formats


Keys have many formats when it comes to public/private keys, encryption and signing.
Extension .pem, Privacy-Enhanced Mail, means base64 encoding plus a header BEGIN to tell PKCS type.
for ssh.exe:
private key: .pem, BEGIN RSA PRIVATE KEY
public key: .pub file, SSH, marked with ssh-rsa, OpenSSH format
generation: both by ssh-keygen.exe, or openssl genrsa
for https:
private key:
PKCS#1 marked with BEGIN RSA PRIVATE KEY, or PKCS#8 BEGIN PRIVATE KEY
public key used in signing request: SSH, marked with ssh-rsa
certificate: .pem market with BEGIN CERTIFICATE
generation: openssl req -x509 -newkey, or openssl genrsa, or ssh-keygen.exe
for signing pdf file:
private key: .pfx binary file PKCS 12
generation: by Adobe Acrobat
for SASL Simple Authentication Security Layer, used by e.g Postfix
private key: .pem marked with BEGIN RSA PRIVATE KEY
generation: openssl.exe genrsa
for gpg:
private key: .pem BEGIN PGP PRIVATE KEY BLOCK
public key: .pem BEGIN PGP PUBLIC KEY BLOCK
generation: gpg –gen-key

by Rio Wing on February 23, 2020  •  Permalink
Posted in DevOps
Tagged , , , ,

Posted by Rio Wing on February 23, 2020

https://riowingwp.wordpress.com/2020/02/23/key-formats/

gpg


gpg.exe is to encrypt and sign message, not compatible with ssh.exe and openssl.exe
gpg-agent is the server.

key generation:
$ gpg –gen-key this create both private and public key
output: userID:”Rio Wing <RioCnC@gmail.com> KeyID: key 7A4BC790635E0469
view keys:
$ gpg –list-keys –keyid-format LONG
output public keys, like rsa3072/7A4BC790635E0469 is keyID, /home/rio/.gnupg/pubring.kbx
$ gpg –list-secret-keys
output private key, secring.gpg holds private keys
export keys
$ gpg –export -a “Rio Wing” > RioWingGpg.pub
PEM encoded like: BEGIN PGP PUBLIC KEY BLOCK
$ gpg –export-secret-keys -a “Rio Wing” > RioWingGpg.priv
PEM encoded like: BEGIN PGP PRIVATE KEY BLOCK
upload public key
$ gpg –keyserver hkps://pgp.mit.edu –send-keys 7A4BC790635E0469
verify the key is there by going to https://pgp.mit.edu
Search riocncn and web returns: 3072R/635E0469 2020-02-14 Rio Wing
use the keys
encrypt message:
$ echo riowingwxc |gpg –armor –encrypt –recipient RioCnC@gmail.com
copy output to MsgEnc.txt, which is PEM encoded like: BEGIN PGP MESSAGE
decrypt:
$ gpg –output MsgDec.txt –no-tty MsgEnc.txt
sign:
$ gpg –clearsign MsgDec.txt
output MsgDec.txt.asc PEM encoded like BEGIN PGP SIGNED MESSAGE
verify signature:
$ gpg –verify MsgDec.txt.asc
output: Good signature from Rio Wing

by Rio Wing on February 15, 2020  •  Permalink
Posted in linux
Tagged

Posted by Rio Wing on February 15, 2020

https://riowingwp.wordpress.com/2020/02/15/gpg/

sed trick


This is about how to remove all blank lines after numbers, but not lines after letters
The challenge is that sed usually process line by line, and it does not correlate lines.
Therefore we have to put all lines into one pattern space.
$ sed -E ‘:a;N;$!ba;s/([[:digit:]])\n/\1/2g’ rmBlankLine.txt

Explanation:
-E: use regular expression
all commands in single quotation mark, and each command ends with ;
:a is label.
N means to append next line with newline
ba means go to label a
! means not to process last line
basically after “:a;N;$!ba;”, the whole file is in one pattern space.
([[:digit:]]) is the first capture group, and we output as is as seen at \1
and we dropped the \n after the first capture group
2g means to release after Line2 to end of file, therefore the newline after 2 is not removed

sed

by Rio Wing on February 9, 2020  •  Permalink
Posted in linux
Tagged

Posted by Rio Wing on February 9, 2020

https://riowingwp.wordpress.com/2020/02/09/sed-trick/

WSL FileSystem


WSL has three file system types: drvfs lxfs wslfs.
On my windows 10 laptop, I type: $df -Th among the output are these two directories:
1. / is lxfs, which is C drive, and mapped to
C:\Users\rio\AppData\Local\Packages\CanonicalGroupLimited.UbuntuonWindows_79rhkp1fndgsc\LocalState\rootfs
files created by WSL have Inodes supported through NTFS Extended Attributes.
2. /mnt/s is drvfs, which is S: drive.
by detault, $ls -l shows 777 permission, but it has metadata to support chmod permissions.
sudo mount -t drvfs s: /mnt/s -o metadata,uid=1000,gid=1000,umask=0,fmask=111
which means taking away all x permission for files, so that ls -l shows -rw-r–r–
after this custom mount, all files, old or new, support chmod.

More notes:
WslFs is drvfs with metadata always on, and it’s the replacement of lxfs
These filefs is not parallel to ext4, instead it’s like lxfs/ext4 wslfs/ext4

by Rio Wing on February 1, 2020  •  Permalink
Posted in linux
Tagged ,

Posted by Rio Wing on February 1, 2020

https://riowingwp.wordpress.com/2020/02/01/wsl-filesystem/