Symmetric vs. Asymmetric Encryption

January 28th, 2016 | SpinDance | Development

Throughout history, people have been fascinated with encryption, whether out of necessity or entertainment. Militaries have been using encrypted communication for thousands of years. We even see encryption show up in the movie, “The Christmas Story,” when Ralphie needs to use a secret decoder ring to decrypt a message from the Little Orphan Annie radio show.

There are two main types of encryption: symmetric and asymmetric. Each type has its advantages and disadvantages. Please note that the following is only a primer; there are volumes and volumes of referenceable text for each type and their variants.

Symmetric Encryption (Shared Keys)

Symmetric encryption is when a key is shared between both components that are doing the encryption. The same key is used for both encryption and decryption processes. This is the type of encryption that people frequently think of when asked how to encrypt something.

The symmetric encryption process has been used frequently throughout history. If a military needed to send an encrypted message, they would create a cipher by exchanging letters and numbers for other letters and numbers (e.g., A becomes X, B becomes M, and so on). Once they had their cipher created, they could then encrypt a message and send it. Only individuals with the cipher could decrypt the message. This is a strength of symmetric encryption because individuals looking in from the outside do not know how the data is encrypted….

Read more

Creating and Verifying Certificate Chains

January 25th, 2016 | SpinDance | Development

Recently, I needed to create a SEC P-384 (secp384r1) certificate chain using SHA-384 signatures.

First, a little background: secp384r1 refers a specific set of elliptic curve parameters as defined in Standards for Efficient Cryptography – SEC2SHA-384 is a Secure Hash Algorithm developed by the NSA, defined in FIPS 180-4: Secure Hash Standard.

I used OpenSSL and Linux Mint 17.3. I would normally use OpenSSL on my Mac, but OpenSSL installed natively under OS X does not support SHA-384, so I switched to Linux.  To check if your version of OpenSSL supports SHA-384, run the command:

openssl list-message-digest-algorithms


My goal was to create a certificate chain with OpenSSL such that:
Root -> A -> B -> C.
After creating the chain, I also verified that it was valid.

Creating a Root Certificate

My first step was to create the root certificate.

  1. Create an EC Param file
    openssl ecparam -name secp384r1 -genkey -out ec_param_root.pem
  2. Create the certificate request and key
    openssl req -new -newkey ec:ec_param_root.pem -nodes -sha384 -out root.csr -keyout root.key
  3. Create the X.509 certificate
    openssl x509 -trustout -signkey root.key -days 365 -req -sha384 -in root.csr -out root.crt

Viewing a Certificate or Certificate Request

There are a couple ways to view the created certificate….

Read more

Bash Basics: Control Structures

January 18th, 2016 | Michael Mosher | Hosting

If it can be automated, it should be automated
‒SysAdmins everywhere

If you’re automating a simple, everyday task, Bash should be the de facto tool of choice. While not a full-fledged programming language, in many ways it has aspired to look the part, and it is more powerful than a lot of people seem to realize. To utilize this power, though, you need a solid understanding of Bash’s control structures.

This is a hurdle in itself, because many other online resources devoted to Bash’s control structures left me unsatisfied. Some authors divide the topics below into individual articles, ostensibly in order to provide more examples for each. Others, possibly believing some nuances are beyond the grasp of pure beginners, provide watered-down descriptions of pieces of the syntax. Some authors do both.

I believe, though, that imprecise definition of these structures does more harm than good, and I wanted a single concise resource to refer to.

If/Then Statements

The if/then structure is a staple of any script or program beyond very trivial complexity. Bash’s if/then syntax is commonly described like so:

‘Code block’ is executed if ‘condition’ is true. This description always frustrates me because it restricts the structure’s capability.

A better definition would be:

‘Command’ is executed, and ‘code block’…

Read more