Security – Maurice’s Blog

October 5, 2017

Browsers failing with inline JavaScript Issues

10:19 AM] Rohith Poreddy: These are the changes I made to apache config

# X-FRAME Options
Header set X-Frame-Options SAMEORIGIN

# X-XSS-Protection:
Header always set X-XSS-Protection "1; mode=block"

# X-Content-Type-Options:
Header always set X-Content-Type-Options: nosniff

# Content-Security-Policy
Header set Content-Security-Policy "script-src 'self'; object-src 'self'"

[10:20 AM] Rohith Poreddy: In /etc/httpd/conf/httpd.conf

May 14, 2012

Safenet Code Sample

The following code stub can be used to encrypt/decrypt with the Safenet appliance. Refer: CryptoTool.java

private static String doEncrypt( final String plainText ) throws Exception
{
NAESession naesession = NAESession.getSession( "mlrtest", "asdf1234" );
SecretKey secretkey = NAEKey.getSecretKey( "test128", naesession );

Cipher cipher =
Cipher.getInstance( "AES/CBC/PKCS5Padding", "IngrianProvider" );
byte [] iv = new byte [16];
String ivString = "1234567890123456";
iv = ivString.getBytes();
cipher.init( Cipher.ENCRYPT_MODE, secretkey, new IvParameterSpec( iv ) );

byte [] outputByteArray = cipher.doFinal( plainText.getBytes() );

return IngrianProvider.byteArray2Hex( outputByteArray );
}

private static String doDecrypt( final String encryptedText )
throws Exception
{
NAESession naesession = NAESession.getSession( "mlrtest", "asdf1234" );
SecretKey secretkey = NAEKey.getSecretKey( "test128", naesession );

Cipher cipher =
Cipher.getInstance( "AES/CBC/PKCS5Padding", "IngrianProvider" );
byte [] iv = new byte [16];
String ivString = "1234567890123456";
iv = ivString.getBytes();
cipher.init( Cipher.DECRYPT_MODE, secretkey, new IvParameterSpec( iv ) );

byte [] decryptedByte =
cipher.doFinal( IngrianProvider.hex2ByteArray( encryptedText ) );
String decrypted = new String( decryptedByte );

return decrypted;
}

May 4, 2012

How to extract private key RSA code

/hal-parent/hal-ejb/src/main/java/com/hollandamerica/common/encryption/WebKeyFactory.java

Refer: http://stackoverflow.com/questions/150167/how-do-i-list-export-private-keys-from-a-keystore

import org.apache.axis.encoding.Base64;

//NOTE: DO NOT MIGRATE THIS CODE!!!
System.out.println("ifw.getPassword()"+ifw.getPassword().toString());

decryptionKey = (RSAPrivateKey)newKeyStore.getKey(
Keystore.END_ENTITY_ALIAS,ifw.getPassword());
System.out.println("maurice:decryptionKey"+decryptionKey.toString());
//String b64 = new BASE64Encoder().encode(key.getEncoded());
String b64 = new String(Base64.encode(decryptionKey.getEncoded()));
System.out.println("-----BEGIN PRIVATE KEY-----");
System.out.println(b64);
System.out.println("-----END PRIVATE KEY-----");

December 14, 2011

Accuvant Holland America Evaluation Agmt 12 6 2011

From: Ruckman, Maurice (HAL)
Sent: Wednesday, December 14, 2011 10:24 AM
To: Mounagurusamy, Jayakumar (HAL)
Cc: Augustine, Anila (HAL)
Subject: RE: Accuvant Holland America Evaluation Agmt 12 6 2011
Importance: High

Encryption Algorithm used is DESede:

Triple DES Encryption (also known as DES-EDE, 3DES, or Triple-DES). Data is encrypted using the DES algorithm three separate times. It is first encrypted using the first subkey, then decrypted with the second subkey, and encrypted with the third subkey.

Technical Notes for Reference:

C:changeMancomhalwsecurityDESedeEncrypter.java
public static String ENCRYPTION_ALGORITHM = "DESede";
Cipher cipher = Cipher.getInstance( ENCRYPTION_ALGORITHM );

Refer: Accuvant Holland America Evaluation Agmt 12 6 2011 [pdf]