I am looking for an offline way to view the full fingerprint of the people who signed a public-key.
me#my-PC:~$ gpg --list-sig bilbo#shire.org
pub 4096R/19ED3242 2015-08-06 [expires: 2016-08-05]
uid Bilbo Baggins <bilbo#shire.org>
sig 3 19ED3242 2015-08-06 Bilbo Baggins <bilbo#shire.org>
sig L 97F6C54A 2015-08-07 Frodo Baggins <frodo#shire.org>
uid [jpeg image of size 13199]
sig 3 19ED3242 2015-08-06 Bilbo Baggins <bilbo#shire.org>
sub 4096R/A182F292 2015-08-06 [expires: 2016-08-05]
sig 19ED3242 2015-08-06 Bilbo Baggins <bilbo#shire.org>
I only see the 8-byte fingerprint of Frodo "97F6C54A" but how do I view the full fingerprint?
Run gpg --fingerprint [key-id] to resolve a key ID (or also user ID) to a key from your local keyring.
Related
i have one object in redis database that key is hello
there is one object in hello key for example:
{
a: 'foo',
b: 'bar',
c: 0
}
I want to increment c in hello key of redis.
read this link Redis - String Incr Command, but this tutorial tells us how to increase the value of a radius key, not the value of a key in the object.
You should use hincrby see: https://redis.io/commands/hincrby/
This command will let you update a hash field by key.
I think of creating a blockchain course registration plattform for a "fitness center". I used Hyperledger Composer to go trough the examples, but found no similar example for my purpose:
Every fitness-center member should be able to
- register for a course.
- take part in several courses (1:n relation).
- delete his attendance
- or transfer his registration of a course to another member of the fitness center
My Question: How would you build a smart design model in Hyperledger Composer with Fabric for my use-case? I made a try here:
My main problem:
Is the design of the 1:n and n:n relations (to fullfil the business network components: Asset/Participants/transactions and Events), that one member has multiple courses and one course could have multiple groups.
As "Assets in Fabric/Composer model" I suggest to be Course and Group (?), but what is about the MatchingCourseToGroup relation and ParticipantsInGroup relation? Where should I place this? Will this be part of the "Business-Logic", written in functions?
As "Participants in Fabric/Composer model" I would place the attendees.
To make clear what I wanna do:
In SQL I would create this tables to build up the relations (Simplified for illustration, *=PrimaryKey):
(tbl: Course)
----------------------------------
CourseID* / Name
----------------------------------
001 ; Swim
002 ; Basic Training
003 ; Personal Training Class
(tbl: PersonalData)
----------------------------------
UserID* / Name
----------------------------------
1 ; Marc Miller
2 ; Tom Wood
3 ; Mike Sun
(tbl: MatchingCourseToGroup)
----------------------------------
GroupID*/ CourseID
----------------------------------
A ; 001 (Group A belongs to the Swim Class)
B ; 001 (Group B also belongs to the Swim Class)
C ; 002 (Group C belongs to Basic Training)
D ; 003 (and so on...)
E ; 003
F ; 003
(tbl: ParticipantsInGroup)
----------------------------------
TicketID*/ UserID / CourseID
----------------------------------
01 ; 1 ; A
02 ; 1 ; B
03 ; 1 ; C
04 ; 2 ; A
05 ; 3 ; B
06 ; 3 ; C
Note:
Marc: takes part in 2 swim classes (Course with ID 001, received with primary key A) and (Course with ID 001, received with primary key B).
Other members can also take part in his Course.
To come to an end: I'm not really sure if this design as I did it, will be working in the composer, maybe you got some good suggestions for a better design or a similar example.
Cause my next problem will be to make a good privacy implementation and therefore as I understood it, I have to make channels to encapsulate members with read access, change possibilities or to move a member of one group to another one and to reach admin rights.
(Idea is that users can self register them via an tablet at the entrance).
Thank you for your support!
If I understand correctly what you need to do, you can try to model your .cto file as follow:
namespace org.test
participant Customer identified by customerId {
o String customerId
o String firstname
o String lastname
--> Course[] enrolledCourses
}
asset Course identified by courseId {
o String courseId
o String courseName
o Integer participants
o Integer maxParticipants default = 10
o String status default = "OPEN"
--> Customer[] participants
}
transaction courseEnroll {
--> Customer customer
--> Course course
}
And in your logic js file you can implement the courseEnroll transaction by first checking if the course status is still "OPEN". Add the customer to the participants array in the Course asset, update the participants number and check if the maxParticipants number is reached. In this case you can change the status to "Close".
Regarding the access permissions you need to define some rules in a permissions.acl file. You can start for example with this two rules:
rule CustomerEnroll {
description: "Customers can enroll for a course only with their account"
participant(t): "org.test.Customer"
operation: ALL
resource(v): "org.test.courseEnroll"
condition: (t.getIdentifier() == v.customer.getIdentifier())
action: ALLOW
}
rule CustomerSeeUpdateThemselvesOnly {
description: "Customers can see and update their own record only"
participant(t): "org.test.Customer"
operation: READ, UPDATE
resource(v): "org.test.Customer"
condition: (t.getIdentifier() == v.getIdentifier())
action: ALLOW
}
The following model is for persons and their fathers. The "fact" says that no person can be his own father, nor can a person be the father of his father, the father of his father's father, and so forth. The "assert" says that every person has a father. The "check" command invites the Alloy Analyzer to find a counterexample. Note that no bound is specified on the "check" command; therefore the Analyzer defaults to 3 persons in the Person set.
When I run the "check" command the Analyzer says "No counterexample found." But I can provide a counterexample: Let the set of Person be {(Tom), (John), (Ken)}. The father of Tom is Ken. The father of John is Ken. But Ken's father is not in the Person set (Ken's father cannot be Tom or John per the "fact" statement, and there are no other persons per the default bound of 3). So isn't this a counterexample?
sig Person {father: Person}
fact {
no p: Person | p in p.^father
}
assert Every_Person_Has_A_Father {
all p: Person | some p.father
}
check Every_Person_Has_A_Father
Your proposed counter-example is not allowed by the model: sig Person forces everyone to have a father (father : Person); so your assertion is true.
Try sig Person{father : lone Person} instead.
My problem looks like this. I have generated keys on the card and the terminal sides. I have on the terminal side the card public and private keys and the terminals public and private keys, and the same on the card side (i'm doing tests so thats why i have all of them on the terminal and on the card). When i generate KeyAgreement (terminal side) for the card as private and for the terminal as private the secters are the same, so the generation is OK and i get a 24 bytes (192 bit) secret. When i generate the the secrets on the card (2 cases like on the terminal) the secrets are also the same, but they ale shorter - 20 bytes (160 bit). Here are the generation codes. the terminal:
ECPublicKey publicKey;
ECPrivateKey privateKey;
...
KeyAgreement aKeyAgree = KeyAgreement.getInstance("ECDH", "BC");
aKeyAgree.init(privateKey);
aKeyAgree.doPhase(publicKey, true);
byte[] aSecret = aKeyAgree.generateSecret();
and the card side:
eyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH, false);
short length = terminalEcPublicKey.getW(array, (short) 0);
keyAgreement.init(cardEcPrivateKey);
short secretlength = keyAgreement.generateSecret(array, (short)0, length, buffer, (short)0);
There is a problem in your implementation of KeyAgreement.ALG_EC_SVDP_DH in the terminal side. The correct length of output of the this method of key agreement should always be 20 bytes since SHA-1 is being performed on the derived output.
So in your terminal side, you should perform SHA-1 after generating the secret data.
I play with digital signatures using node.js. For test purpose, I created a digital signature of some XML data, first using only SHA256, then using RSA-SHA256.
The thing that puzzles me is that both methods of signing create exactly the same signature. Both signatures are identical. If they're identical, then why two different methods (SHA256 vs. RSA-SHA256)?
I include code below:
var crypto = require('crypto'),
path = require('path'),
fs = require('fs'),
pkey_path = path.normalize('private_key.pem'),
pkey = '';
function testSignature(pkey) {
var sign1 = crypto.createSign('RSA-SHA256'),
sign2 = crypto.createSign('SHA256');
fs.ReadStream('some_document.xml')
.on('data', function (d) {
sign1.update(d);
sign2.update(d);
})
.on('end', function () {
var s1 = sign1.sign(pkey, "base64"),
s2 = sign2.sign(pkey, "base64");
console.log(s1);
console.log(s2);
});
}
// You need to read private key into a string and pass it to crypto module.
// If the key is password protected, program execution will stop and
// a prompt will appear in console, awaiting input of password.
testSignature(fs.readFileSync(pkey_path));
The code above outputs some string, which is the signature, and then again exactly the same string, which is also a signature of the same data, but created with - supposedly - different algorithm, yet it's identical with previous one...
A signature cannot be created by SHA256 alone.
SHA256 is a hashing algorithm; i.e. an algorithm creating a short fingerprint number representing an arbitrary large amount of data. To produce a signature, this fingerprint still has to be treated somehow to allow identification of the holder of some private signature key. One such treatment is to encrypt the fingerprint using the private key of a rsa key pair allowing others to decrypt the result using the associated public key and so verify that the keeper of the private key indeed must have been the signer.
In the context of your crypto API that RSA encryption scheme either is the default treatment when the treatment is not explicitly named, or the kind of treatment is deduced from the private key you use as parameter in the sign call --- if it is a RSA private key, it uses RSA; if it is a DSA key, it uses DSA; ...
What you are looking at is two times a PKCS#1 v1.5 signature. This is a deterministic scheme for signatures, so it always returns the same result (compare this to the PSS scheme, which is randomized, providing better security properties). RSA PKCS#1 v1.5 signature generation and PSS signature generation is defined within RFC 3447 (also known as the RSA v2.1 specifications).
If you use your code with RSA 512 bits (testing purposes only, use a key of 2048 bits or over) then you will get the following result:
Private key:
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBALLA/Zk6+4JFJ+XdU6wmUkuEhGa8hLZ+m6J3puZbc9E+DSt7pW09
yMYwHF5MMICxE86cA6BrLjQLUUwvquNSK0ECAwEAAQJAcI/w4e3vdRABWNFvoCcd
iWpwSZWK6LR/YuZ/1e1e2DJw+NXyPXbilSrLvAdxnjlWTsTxUiEy1jFh36pSuvMk
AQIhAO4WtgysOoWkyvIOLIQwD0thWfdHxTpxqfd6flrBJ91hAiEAwDOQqHhnSeET
+N/hwUJQtCkHBJqvMF/kAi4Ry5G+OeECIEg1Exlc0pLdm781lUKx4LGX4NUiKyrC
di3cNJ4JnrGBAiEAi2gbYYbLbDO8F8TTayidfr9PXtCPhyfWKpqdv6i7cCECIH7A
6bh0tDCl6dOXQwbhgqF4hXiMsqe6DaHqIw8+XLnG
-----END RSA PRIVATE KEY-----
signature as base 64 (using your code):
YY6sur9gkHXH23cUbDMYjCJYqDdBK8GKp4XyRNl8H09cW8H/gKQI9Z6dkLMhNh7oPq1yABCRfTP8yRtfLVj7FA==
and in hexadecimals
618eacbabf609075c7db77146c33188c2258a837412bc18aa785f244d97c1f4f5c5bc1ff80a408f59e9d90b321361ee83ead720010917d33fcc91b5f2d58fb14
decrypted using RAW RSA (i.e. just modular exponentiation with the public exponent):
0001ffffffffffffffffffff003031300d0609608648016503040201050004202af565b95e5f4479492c520c430f07ae05d2bcff8923322e6f2ef6404d72ac64
This is a very clear example of a PKCS#1 signature, easily recognized by the FF padding, followed by the ASN.1 structure (starting with 30, SEQUENCE):
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) hashAlgs(2) sha256(1)}
NULL
OCTET STRING(32 byte) 2AF565B95E5F4479492C520C430F07AE05D2BCFF8923322E6F2EF6404D72AC64
So that thing in the end is the hash, in this case over just Test 123\n as I didn't want to type out any XML today.
$ sha256sum some_document.xml
2af565b95e5f4479492c520c430f07ae05d2bcff8923322e6f2ef6404d72ac64 some_document.xml
$ sha256sum some_document.xml
2af565b95e5f4479492c520c430f07ae05d2bcff8923322e6f2ef6404d72ac64 some_document.xml