Help understanding CSR fields

I’ve made a CSR (Certificate Signing Request) in order to understand better how a PKI could be made and how it works. Using the following commands

openssl req -new -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key openssl req -text -noout -verify -in ca.csr 

I obtain the following output

Certificate Request:     Data:         Version: 1 (0x0)         Subject: C = ca, ST = Some-State, O = Internet Widgits Pty Ltd         Subject Public Key Info:             Public Key Algorithm: rsaEncryption                 RSA Public-Key: (1024 bit)                 Modulus:                     00:c2:ac:2f:7b:17:93:1c:39:07:aa:cf:8d:fd:b7:                     2e:f4:90:76:16:d8:cf:cb:1b:02:ec:56:3d:ff:5e:                     a2:fb:9e:8b:af:9b:3b:f8:27:4e:82:39:aa:6d:90:                     e6:52:71:16:0d:f4:e0:fe:eb:50:31:79:3d:09:8a:                     49:c0:b4:cb:1e:50:55:83:5f:81:58:46:03:1a:8a:                     cf:22:56:2c:5f:30:ce:1f:cd:39:19:b4:4c:d4:8b:                     c8:27:b2:34:62:31:e9:d2:b0:7c:f6:50:7a:12:f4:                     1a:20:53:53:fb:46:ba:0b:b5:16:aa:ed:2d:0f:79:                     eb:a2:7c:65:d1:3d:d1:74:87                 Exponent: 65537 (0x10001)         Attributes:             a0:00     Signature Algorithm: sha256WithRSAEncryption          4f:d7:d9:f5:fe:87:7c:fb:2d:e4:50:28:4d:b5:7a:5c:4f:87:          f6:7a:83:59:2a:76:33:12:61:bf:c5:0d:5f:c8:41:d5:ec:b1:          ed:01:21:98:b5:ab:3f:c0:12:78:aa:8e:c8:95:fd:e9:10:e7:          69:8c:c3:e5:56:3d:f2:c8:b2:bb:5d:88:3f:5e:f8:f0:6b:e9:          2c:ea:92:cb:90:60:3b:57:e7:09:6a:70:38:d1:43:0f:e6:72:          31:99:a6:03:c4:3e:21:41:61:61:07:57:72:2a:41:ed:85:3c:          d0:58:02:1c:81:ee:09:3c:39:02:21:fb:9b:25:4a:84:97:1b:          c2:b6 

What is not clear to me is the bytes after the "Signature Algorithm" field:

  1. How they are calculated?
  2. Which key is used?
  3. Which fields of ca.csr are signed?
  4. Is it possibile to extract the signature and decode it (e.g. using openSSL)?

After the csr creation I use the following commands to create an x509 self signed certificate

openssl x509 -trustout -signkey ca.key -req -in ca.csr -out ca.pem openssl x509 -text -noout  -in ca.pem 

Output below

Certificate:     Data:         Version: 1 (0x0)         Serial Number:             36:e9:c2:ae:ed:b2:a6:a2:00:7a:16:33:19:b8:57:a8:d8:c6:09:af         Signature Algorithm: sha256WithRSAEncryption         Issuer: C = ca, ST = Some-State, O = Internet Widgits Pty Ltd         Validity             Not Before: Jul  7 12:16:26 2020 GMT             Not After : Aug  6 12:16:26 2020 GMT         Subject: C = ca, ST = Some-State, O = Internet Widgits Pty Ltd         Subject Public Key Info:             Public Key Algorithm: rsaEncryption                 RSA Public-Key: (1024 bit)                 Modulus:                     00:c2:ac:2f:7b:17:93:1c:39:07:aa:cf:8d:fd:b7:                     2e:f4:90:76:16:d8:cf:cb:1b:02:ec:56:3d:ff:5e:                     a2:fb:9e:8b:af:9b:3b:f8:27:4e:82:39:aa:6d:90:                     e6:52:71:16:0d:f4:e0:fe:eb:50:31:79:3d:09:8a:                     49:c0:b4:cb:1e:50:55:83:5f:81:58:46:03:1a:8a:                     cf:22:56:2c:5f:30:ce:1f:cd:39:19:b4:4c:d4:8b:                     c8:27:b2:34:62:31:e9:d2:b0:7c:f6:50:7a:12:f4:                     1a:20:53:53:fb:46:ba:0b:b5:16:aa:ed:2d:0f:79:                     eb:a2:7c:65:d1:3d:d1:74:87                 Exponent: 65537 (0x10001)     Signature Algorithm: sha256WithRSAEncryption          a4:91:01:17:9a:da:fe:45:5e:8d:08:1d:12:1f:63:22:81:b0:          b5:cd:93:02:86:35:2e:e5:b4:17:6b:56:a2:f8:51:7b:98:8b:          7d:ea:e1:16:0f:97:0c:e4:de:8f:1d:b1:d1:5b:97:aa:7a:07:          58:db:cc:26:2f:21:f8:cc:f3:94:f9:9a:95:a3:ad:8e:53:a5:          25:62:49:47:bf:a4:40:10:59:dd:f3:96:02:1c:d3:a9:04:82:          ae:7d:c9:4a:27:7b:b3:41:7b:a0:35:54:79:48:dd:34:08:8a:          dc:5e:dd:31:2c:67:9b:fb:84:b7:8c:81:9e:16:bf:4f:ab:43:          e7:6f 

In this case I have the same questions as above: due to be a self-signed certificate, why the signature is changed respect to the csr file?

Help converting a CFG to an APD

So I have this contest free grammar, and I’m having trouble when checking that there are more a’s than c’s, because I would have to check that the string I am processing is consumed in its entirety, but with the stack not empty, and I have no idea how to do that. The way we studied this in my class, I have no way of knowing if a string has been consumed.

$ $ \begin{align}S&\to AB | aSc\ A&\to aA | a\ B&\to bB | b\ \end{align}$ $

Maybe it’s easier to read the definition of the language: $ $ L = \{x \in L(a^∗b^∗c^∗) : |x|_a > |x|_c; |x|_b > 0; |x|_c ≥ 0\}$ $

This are the transitions I have so far: $ $ \delta(q_0, a , Z_0) = (q_0, A/Z_0)\ \delta(q_0, a, A) = (q_0, A/A)\ \delta(q_0, b, A) = (q_0, A)\ \delta(q_0, b, A) = (q_1, A)\ \delta(q_1, c, A) = (q_2, \epsilon)$ $ What I have up until here is, I read the a’s and push them on the stack, then when i read the first b I go to another state (because I have to make sure there is at least one a, otherwise I could do it in the same state) and keep the stack the same. When I read the first c I go to yet another state and start reading the c’s and popping the a’s in the stack. What I should do now is verify that the string has been consumed, while the stack still has a’s, but I can’t think of a way to do that because I have no way of knowing if the string I am processing has been consumed or not.

Help with context free grammar excercise

So, I have an exercise in which I have to write a context free grammar for this language:

$ $ L = \{x \in L(a^∗b^∗c^∗) : |x|_a > |x|_c; |x|_b > 0; |x|_c ≥ 0\}$ $

meaning every string with any number of $ a$ ‘s, $ b$ ‘s and $ c$ ‘s in that order, with the amount of $ a$ ‘s greater than the amount of $ c$ ‘s and the amount of $ b$ ‘s greater than zero.

I am having trouble figuring out the rule that makes sure there are more $ a$ s than $ c$ s.

I have: $ $ \begin{align}S&\to aABC | ab\ A&\to aA | a\ B&\to bB | b\ C&\to cC | c\ \end{align}$ $ I know this is wrong because I should be adding an $ a$ every time I add a $ c$ , but I don’t know how to write that.

Help with reviewing locking logic for sync system

I’m implementing a sync algorithm where multiple apps sync files with a data source. Syncing is already working and has been for several years so there’s no issue with this.

Now I want to implement a way to lock the data source, to tell clients that they shouldn’t write to it anymore. This will be used to upgrade the data source – i.e. upgrade its structure, move folders around, etc. which needs to be done when nothing else is syncing.

So I came up with the following algorithm, inspired by [SQLite 3 locking mechanism][1], but changed to take into account that it’s network based.

There are three types of locks, and a client request a lock by POSTing a file to the data source. The locks are:

  • SYNCING: The client is syncing – any other client can still read or write to the data source. There can be multiple SYNCING locks.
  • PENDING: The client wants to acquire an exclusive lock on the data source – any other clients can still read or write to the data source, but no new SYNCING lock can be posted. There can be multiple PENDING locks.
  • EXCLUSIVE: The client has locked the data source – no other client can read or write to it. There can be only one EXCLUSIVE lock.

And it would work like so:

  • When a client starts syncing with the data source, they acquire a SYNCING lock. When a client finishes syncing, they release the SYNCING lock they’ve created
  • When a client needs to lock the data source, it first posts a PENDING lock. When a PENDING lock is present, no new SYNCING or PENDING locks can be posted. Clients that are syncing however can complete the process. The client who has acquired a PENDING lock will poll the data source and wait for all SYNCING lock to be released. When they are all gone, the client checks for all the PENDING locks – if there are others, the client checks the timestamps of these other locks and if his lock is not the oldest one, it deletes it and exit. Locking failed, and it will need to try again later.
  • If the PENDING lock is the oldest, then the client posts an EXCLUSIVE lock. At this point, no other client can post any other lock.

I’m wondering if I overlook something with this system, like I’m wondering if there could be some race conditions in some cases?

For now, I’m not dealing with clients that post a lock then crash, there will be some logic to clean up. At this point, I just want to make sure that this system will only allow one client to acquire an EXCLUSIVE lock. Any ideas?

Could this magic item help Ezmerelda in Curse of Strahd?

In the Curse of Strand adventure, the following information is provided about the NPC Ezmerelda in Appendix D (p. 231):

There’s also this magic item that can be found in the village of Krezk (p. 148):

The sunray lasts for 1 minute. If the characters smash the gravestone without placing Tasha Petrovna’s holy symbol in it first, they find nothing within its remains. The ring is a ring of regeneration.

The description of this magic item in the DMG says (p. 191):

So the question is: