Generating a CSR for 32 bit private rsa key

I used an OpenSSL 1.0.1k 8 Jan 2015 version to generate a 32-bit RSA key, and I tried to generate a CSR for the key

$   openssl req -new -key privatekey.pem -out csr.pem   139645847348928:error:04075070:rsa routines:RSA_sign:digest too big for rsa key:rsa_sign.c:127: 139645847348928:error:0D0DC006:asn1 encoding routines:ASN1_item_sign_ctx:EVP lib:a_sign.c:314: 

openssl only allows me to generate no smaller than 384-bit. Is there another way for me to generate a CSR for my private key?

How to only show page if private secure key in body of request?

I have one paid content download page in my WordPress website.

I want to make it secure by sending a pre-decided private secret key in body of request. If that key exists in incoming request, then only show page, otherwise give 404 error or redirect to some other page.

I am very new in WordPress. Can anyone please help me how can I do it?

Private Home Tutor In Bangalore

Looking for an experienced home tutor in Bangalore? Genext can help you in finding the best home tutor according to your needs. We recruit the best teachers in the market. The teachers hired are recruited on by holding several interviews and a thorough background check for individual teachers is done to make sure that he or she does not hold any kind of bad reports. 

Where does packer store the private key?

From ubuntu shell I ran below command, to talk to AWS platform:

$   packer build -debug template.packer  Debug mode enabled. Builds will not be parallelized. amazon-ebs output will be in this color.  ==> amazon-ebs: Prevalidating AMI Name... ==> amazon-ebs: Pausing after run of step 'StepPreValidate'. Press enter to continue.  ==> amazon-ebs: Inspecting the source AMI... ==> amazon-ebs: Pausing after run of step 'StepSourceAMIInfo'. Press enter to continue.  ==> amazon-ebs: Creating temporary keypair: packer 5dfe9f3b-9cc2-cbfa-7349-5c8ef50c64d5     amazon-ebs: Saving key for debug purposes: ec2_amazon-ebs.pem ==> amazon-ebs: Pausing after run of step 'StepKeyPair'. Press enter to continue.  

where template.packer is:

{     "builders": [         {             "type": "amazon-ebs",             "region": "us-west-2",             "source_ami": "ami-9abea4fb",             "instance_type": "t2.micro",             "ssh_username": "ubuntu",             "ami_name": "MiddleTier-{{isotime | clean_ami_name}}",             "ami_description": "Amazon AMI customised",             "tags": {                 "role": "MiddleTier"             },             "run_tags":{                 "role": "buildSystem"             }         }     ],     "provisioners": [      ],     "post-processors":[      ] } 

and my understanding is, AWS has created a private key(ec2_amazon-ebs.pem) for packer to talk to EC2 instance in passwordless way, as mentioned in above steps.

But I do not see packer copying the private key(ec2_amazon-ebs.pem) in my laptop(as ~/.ssh/ec2_amazon-ebs.pem)

How does packer talk to EC2? without copying as ~/.ssh/ec2_amazon-ebs.pem in my laptop

RSA insensitive and extractable private key export from SoftHSM 2

I’ve created an RSA private key in SoftHSM 2 via EJBCA with the following config:

 attributes(*, CKO_PUBLIC_KEY, *) = {   CKA_TOKEN = false   CKA_ENCRYPT = true   CKA_VERIFY = true   CKA_WRAP = false }  attributes(*, CKO_PRIVATE_KEY, *) = {   CKA_TOKEN = true   CKA_PRIVATE = true   CKA_SENSITIVE = false   CKA_EXTRACTABLE = true   CKA_DECRYPT = false   CKA_SIGN = true   CKA_UNWRAP = true   CKA_DERIVE = false } 

In PKCS#11 spec v2.20:

If the CKA_SENSITIVE attribute is CK_TRUE, or if the CKA_EXTRACTABLE attribute is CK_FALSE, then certain attributesof the secret key cannot be revealed in plaintext outside the token. Which attributes these are is specified for each type of secret key in the attribute table in the section describing that type of key

So I thought that if I set CKA_SENSITIVE to False and CKA_EXTRACTABLE to true I’ll be able to extract the key.

I’ve tried to export the key using pkcs11-tool, but it did not work for me:

 $   pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so -r -y privkey -d OBJECT_ID --pin PIN Using slot 0 with a present token (0x2ed1a744) sorry, reading private keys not (yet) supported 

I’ve also tried to use this tool, but it did not work neither (CKR_MECHANISM_INVALID):

 # ./pkcs-11-key-extractor-1.0/bin/pkcs-11-key-extractor -l /usr/lib/softhsm/libsofthsm2.so -s 785491780 -p 1234 [*] PKCS#11 Key Extractor - Release 1.0 [*] Registering PKCS#11 Module '/usr/lib/softhsm/libsofthsm2.so' [*] Opening session on slot '785491780' [*] Found 1 RSA private key(s) with CKA_EXTRACTABLE set to TRUE [*] Generating an in memory (CKA_TOKEN: FALSE) 256 bits AES key [*] Extracting RSA Private Key (CKA_EXTRACTABLE: true) with modulus 'E9:F3:44:CE:9B:90:32:83:69:7E:80:5E:48:A0:9E:00:7A:71:AD:84:6B:CD:DE:AE:10:16:AA:91:61:66:B4:57:EB:9B:9E:A0:51:D4:C6:2C:33:59:A8:7B:F4:44:4A:9B:39:28:44:69:08:58:38:DF:7C:D2:25:2F:29:9C:BD:C7:EE:60:00:DE:77:72:70:CA:7C:A2:38:D1:4C:49:CF:99:1D:7D:2E:DC:62:C1:27:5E:2C:3F:AD:25:D7:36:35:08:77:DE:56:58:8F:E1:AF:D3:C2:8E:B7:7E:D3:E9:80:77:B1:91:77:BE:D1:54:0C:E8:19:97:AD:39:48:4F:51:00:F1:43:8D:41:97:E3:F6:B8:79:18:82:A7:60:C7:6E:AF:D3:27:B5:00:19:CD:0D:40:14:11:47:38:2D:FE:DD:14:2F:B9:1A:3B:2C:FE:B0:52:FC:7E:30:13:1E:6F:41:30:B6:1A:F5:B2:17:62:19:EE:90:B1:8A:79:DA:70:E7:A5:7A:E1:54:86:86:69:A3:A1:8E:AD:12:0F:D0:28:16:0A:43:75:3B:69:46:10:DE:13:D3:F0:6C:57:F6:91:A4:72:14:04:9B:BD:72:82:B7:33:C3:57:55:18:F3:8F:54:3F:A7:80:9D:3E:67:EB:46:94:FD:F4:9F:AA:C7:D7:41:29:AC:0F:C8:2E:DF:C5:8D:D9:A2:77:13:BD:90:5D:D4:CD:05:7E:DA:85:58:F6:4B:62:E6:3E:0C:6C:E6:5F:5F:1D:C0:0C:FA:2C:CB:F4:FD:E7:08:32:DA:9D:EC:BB:1B:C9:56:45:91:C1:41:64:47:02:9F:AE:1F:B8:B1:84:DA:5F:F3:86:6E:6A:F1:06:84:CA:98:1D:F0:B0:F3:73:67:37:36:1D:C8:0E:26:DF:67:5D:DA:70:62:23:AD:22:6B:47:6B:33:BC:D8:41:7E:EA:28:09:EF:8D:12:D3:26:2D:DF:2F:03:75:1B:CE:DF:D4:95:62:DB:39:0A:72:46:4A:79:98:86:0E:E6:82:95:60:4D:FD:0F:16:4A:F8:D1:71:5B:39:5A:A4:D1:1A:52:06:89:C0:B8:6E:1B:B7:D3:27:5D:5D:AF:2E:94:82:D5:F5:12:32:AB:5F:70:20:29:65:56:73:04:EA:2E:F8:73:DF:BF:EC:CC:3C:22:8E:CA:42:90:E1:C5:08:9A:15:AA:45:2D:61:6E:A5:05:7E:9D:4C:C1:5D:73:79:2F:43:71:AA:E2:25:AB:D5:9E:D6:9B:19:D0:D6:80:B0:CF:F3:DE:08:12:53:72:46:CE:F4:40:65:F2:D4:3D:7E:33:A6:30:B7:3F:5B:34:C9:0F:20:6B:DD:9B' [!] Error extracting private key: 'CKR_MECHANISM_INVALID' [*] Closing session on slot '785491780' [*] Unregistering PKCS#11 Module '/usr/lib/softhsm/libsofthsm2.so' 

I know it’s against the point of having an HSM, but I want to investigate it nevertheless.

Does anyone have an Idea/resources on how to do it ?

If it not possible, I read that a secure alternative would be wrapping the key with a secret key that stays inside the HSM, can someone share any resources on how to do it ? is it possible to do it with openssl and pkcs11-tool ?

Is it possible to decrypt a PGP encrypted file without private key?

I had been using my own PGP key (RSA/1024) for more than 15 years. That key is my identify on the Internet for a long time, and also be used for encrypting a huge data.

Recently, my colleagues told me: “You should create a 2048-bit to getting better encryption, or 4096-bit to getting the best”. I found no document that points the 4096-bit is better than 1024-bit, for a private PGP key. Am I wrong?

My private has no expiration time, and I don’t want to switch the a new one if there is no security problem with the old. On the other hand, I always keep my private key in a safe place with a safe password. Is is possible to decrypt my data without my private key?

private key of SSL certificate

To create a certificate, first we need to fill a CSR and in CSR we have to place our public key and that key pair can be generated by different ways in different devices. To do ssh, we run command (crypto key generate RSA modules 1024) and generate the key pair.

Now with the help of this command we are generating public and private key for SSH which will help in encryption but the same key can be placed in CSR and from that CSR we can generate a certificate. Is it correct?

Where is the private key stored? I know the private key is very sensitive data but still if I am a server admin of a server or a firewall and want to see the private key then how can we check that? is there is a command for that?