article in Tech
programming
Encryption and privacy.
Keybase - a public directory of publicly auditable public keys. All paired, for convenience, with unique usernames.
Tails - Privacy for anyone anywhere
Crypto Museum
TrueCrypt - Free Open-Source On-The-Fly Disk Encryption Software for Windows Vista/XP/2000 and Linux
TrueCrypt - Beginner's Tutorial
Quickpost: Disassociating the Key From a TrueCrypt System Disk « Didier Stevens
TrueCrypt - Free Open-Source Disk Encryption - Documentation - Rescue Disk - remember to make a rescue disk, cause if the MBR goes, so does your data.
TrueCrypt doesn't currently support MacOSX. This is a real issue for me. I did see that there is a project to fund the development of a MacOSX port!
Fundraising â?? Fundable â?? MacOs X Truecrypt Implementation
If this works, the code should be available from source forge. I wonder why a fork of the code was created...instead of merging these changes to the trunk of true crypt? The project looks like it is started but no release yet. :(
OSXCrypt.org
Creating Public and Private Certificates/Keys - using keytool-Key and Certificate Management Tool
How to Generate / Extract a Public Key from a Private Key - LINUXMOZ
treyka/credmgr - Securely manage privileged account credentials via Shamir secret sharing.
end-to-end - End-To-End - Google Project Hosting - End-To-End is a Chrome extension that helps you encrypt, decrypt, digital sign, and verify signed messages within the browser using OpenPGP.
GnuPG
gpgdir - Recursive direction encryption - gpgdir is a perl script that uses the CPAN GnuPG::Interface module to encrypt and decrypt directories using a gpg key specified in ~/.gpgdirrc.
PortaPutty Auto-Reconnecting SSH Tunnels on an Encrypted TrueCrypt Portable USB Key w GPG
Testing GPG Key Passphrases | Jason Antman's Blog
Gpg4win - Secure email and file encryption with GnuPG for Windows
NaCl: Networking and Cryptography library Introduction - public domain
Introducing Sodium, a new Cryptographic Library
jedisct1/libsodium - P(ortable|ackageable) NaCl-based crypto library
PGP Keysigning Policies
Aaron Toponce : PGP Keysigning Policy
Folkert van Heusden's PGP-key signing policy
Moserware: A Stick Figure Guide to the Advanced Encryption Standard (AES)
encfs
encfs port - windows port of FUSE based encfs - EncFS Encrypted Filesystem
Gnome Encfs Manager
Entropy
Entropy is a measure of unpredictability or information content.
Entropy (information theory) - Wikipedia, the free encyclopedia entropy is a measure of the uncertainty in a random variable.
lsauer/entropy · GitHub - ENT - view string metrics and entropy of arbitrary files
Maximum Entropy Modeling
Entropy and Random Number Generators @ Calomel.org
SSL certificates, free SSL certificates - given valid contact information
my usual process is using self signed keys. I documented that on my Apache and LAMP Notes - Dave Horner's Website page, but here the incantation is repeated.(valid for 10 years).
openssl req -new -x509 -sha1 -days 3560 -nodes -out server.crt -keyout server.key
openssl req -nodes -newkey rsa:2048 -days 3650 -sha256 -keyout `hostname`.key -out `hostname`.csr -reqexts SAN -extensions SAN -subj '/C=US/ST=IN/L=Fort Wayne/O=YourOrg/OU=YourOrg/CN=`hostname`' -config <(cat /etc/pki/tls/openssl.cnf; printf "[SAN]\nsubjectAltName=DNS:`hostname`,DNS:`hostname`")
echo csr with CN=`hostname`| mailx -s "`hostname` csr" -a `hostname`.csr "your@email.com"
* subdomains requiring a level 2 *, *1yr expiration - no 10 yr expiration here. *, but it does give you a trusted green fuzzy. a warning is usual with the self signed certs, and browsers for some reason don't make it easy to trust a self signed cert...
StartSSL™ Certificates & Public Key Infrastructure - StartSSL™ Free - they also provide you an automatic https://name.startssl.com OpenID based digital identity on sign up.
StartSSL-Stamping Authority - RFC 3161 compliant server, please use the /tr switch with signtool.exe, for example: signtool.exe sign /v /d /f /p /tr "http://www.startssl.com/timestamp"
A free SSL certificate for your web server – Jason Codes - free certificates are also chained which means configuration can be a little tricky as there are a few traps you can fall into. If you don't setup the chain correctly on your server you can run into compatibility issues with clients that may not be immediately obvious.
SSL Checker - SSL Certificate Verify
StartSSL™ Certificates & Public Key Infrastructure - Apache Server - installation for apache.
Jiansen Lu's Computing Blog: Renew SSL certificate from StartSSL - (4 click Retrieve Certificate in Toolbox to get ssl.crt_=)
Let's Encrypt - TLS-protected communication from a free certificate authority.
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
service apache2 stop
./letsencrypt-auto certonly --standalone --email email-at-example.com -d example.com
service apache2 start
Update your conf to include:
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem
I had trouble installing certbot so I had to use: https://certbot.eff.org/#ubuntuother-other
Which then for some reason added an extra Listen 443 in my /etc/apache2/ports.conf which gave me an error that looked like "Address already in use: make_sock: could not bind to address 0.0.0.0:443".
Then you need to setup auto renew since the certs expire in about 90 days.
something like "/pathto/certbot-auto renew --post-hook 'service apache2 restart'" or "/pathto/certbot-auto renew && service apache2 restart" would suffice.
It may also be as simple as using "/root/certbot-auto renew --no-self-upgrade" which stops the certbot from upgrading itself when run and renew may do the restart without the post-hook.
certbot blindly adds port 443 to apache conf · Issue #5517 · certbot/certbot · GitHub [OPEN]
certbot blindly adds port 443 to apache conf
Created: 2007-11-28 19:41:41
Modified: 2018-10-20 10:18:38