How to protect an encryption key in a usb key?

Similar Messages

• Mac in the shop -- how to access encrypted FS image on USB key?

  My Mac is in the repair shop (it's a G4 PowerBook, circa Titanium). In the meantime, I've got a USB key with a UFS file system created by 10.3.9, on which resides an AES-128-encrypted disk image (.dmg file).
  I can mount the USB key's UFS file system from Linux, using 'mount -t ufs -o ro,ufstype=openstep /dev/sdb3 /mnt/<whatever>', so I can see the encrypted disk image (as well as my non-encrypted files). I believe I know the password for the encrypted disk image. But what file system type is it? Is it also ufs/openstep?
  The basic question is, when creating an AES-128 encrypted disk image using Disk Utility, what is the file system type underneath the encryption?
  Thanks!

  Hm. Well, when I use Disk Utility on 10.3.9 to create an encrypted disk image, it doesn't give me any choice as to the file system format. It allows me to choose what directory to create it in, how big it should be, and whether or not to use AES128 encryption -- that's it. Maybe there are more choices on Tiger/Leopard.
  So, what file system type will Disk Utility on 10.3.9 create?

• [SOLVED] Arch Linux on encrypted luks partition on USB key

  Hi
  I've installed Arch Linux on a USB key following this Wiki page: https://wiki.archlinux.org/index.php/In … _a_USB_key
  I also used dm-crypt as described in this Wiki page: https://wiki.archlinux.de/title/Festpla … iante_1.29
  I installed Arch Linux on the USB key using VirtualBox.
  To do that, I created a "rawvmdk":
  vboxmanage internalcommands createrawvmdk -filename ./usb.vmdk -rawdisk /dev/sdd
  Everything works fine when I'm trying to start the system within VirtualBox.
  Syslinux loads Arch using the following kernel command:
  APPEND cryptdevice=UUID=6aa73872-3755-4bdf-bee3-d1cd7a3fe0bf:main root=/dev/mapper/main-root rw
  /etc/mkinitcpio.conf holds the following "HOOKS" configuration:
  HOOKS="base udev autodetect modconf block keyboard keymap encrypt lvm2 filesystems fsch resume"
  As already mentioned the configuration works within VirtualBox. When I'm trying to boot from the USB key on my real computer, I'm getting an error. Syslinux works fine and loads Linux, but Linux is complaining. Here's the log:
  :: running hoock [encrypt]
  Waiting 10 seconds for device /dev/disk/by-uuid/6aa73872-3755-4bdf-bee3-d1cd7a3fe0bf ...
  ERROR: device '/dev/mapper/main-root' not found. Skipping fschk.
  ERROR: Unable to find root device '/dev/mapper/main-root'.
  You are being dropped to a recovery shell
  I'm not getting prompted for the passphrase since the cryptdevice can not be found. But why? It can be found when I'm booting within VirtualBox. What might be different? I successfully installed other Linux distributions (but without encryption and using GRUB as bootloader) previously within VirtualBox and was able to boot from the USB key on a real machine afterwards.
  Some additional information that might help:
  Here's the "lsblk -f output" for the stick:
  sdd
  ├─sdd1 ext4 usbboot bb45e84e-842e-4209-8c44-1af3c7933389
  └─sdd2 crypto_L 6aa73872-3755-4bdf-bee3-d1cd7a3fe0bf
  When I'm running "lsblk" or "blkid" from the recovery shell after the failure, I'm getting no output. "ls /dev/sd*" returns nothing as well. The directory /dev/disk does not even exists in the recovery shell. (I'm not sure if this is normal or not.)
  Thanks for helping.
  Last edited by The Infinity (2014-08-14 20:26:06)

  I still haven't solved the problem:
  When starting the system on a machine with NVIDIA GTX 560Ti graphics card:
  - X doesn't start using startx or xinit and there are no log entries in /var/log/Xorg.*.log (as I haven't tried to start X).
  - I'm getting the message "Waiting for X server to begin accepting connections .. .. .. ..".
  - I already tried to uninstall xf86-video-nouveau and nouveau-dri with no effect.
  - Additionally: The "default terminals tty1/2/3/..." (which I'm using to start X) from have a poor resolution (I think 640x480 pixel).
  When starting the system on a virtual machine or a machine with an ATI Radeon (mobile) graphics card:
  - X starts and runs without any trouble the XFCE desktop environment.
  - Additionally: The default terminals have a proper resolution (I think the maximal resolution of the display).

• How to sign a document with certificate on USB key

  Hi everyone,
  I would like to know how to sign a document with a certificate on an USB key.
  Does anyone has already solve this problem ?
  Regards,
  Fred

  Hi Amitk,
  PDF is a commercial software which is not supported in MSDN forum. Maybe some forum talk about PDF is a better place to ask this question.
  I make a quick research on the web, and you may need to use some third party to sign a PDF document through DSC. Check this :
  http://stackoverflow.com/questions/378247/digitally-sign-pdf-files
  Hope this helps some.
  Shu
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• How can i save every bookmark on a usb key individually,so when i connect it i click the link,and voila

  so...what i want to do,is,save all my bookmark or link,on a usb key,cause i have too much,but i need it to be all individual...not like the json export format,because like that,it's kind of like 1 file zipped all the link together...i need to be able to when a connect my usb key,i click the link and it load in firefox...as exemple...in my bookmarks folder...i have about an hundred and more files,and in each of them a hundred or so of links...so is there a way to do that,maybe with another program...i want to erase the one i have in my firefox to put them all on the usb key...thx in advance,waiting for your answers...and i have window 7

  hi...and thx for yours time and answers...i tried what you guys said,and it does not work for me....it work but not all of them...saying some error happens....i really have to much...i tried to do folder by folder,but that does not work either,,,it zipped the total of the link instead of the folder selected....i saw that i can transfer them one by one into a new folder on my disk...but one by one gonna be a hella long thing to do....but work...i tried the keyboard shortcuts...i can select all of them but not copy them into the new folder on my disk....any idea following that....i really just want to put them all on my usb key...and not use the firefox application to store then on firefox web...thx in advance

• How to protect java application

  Hello all,
  Could you give me some clues on how to protect a java application?
  By license keys ? how to protect application by license keys? I am not sure about Signing JAR Files, is it what I need?
  Any better way than using license keys to protect a java application?
  Thanks.

  >
  Could you give me some clues on how to protect a java application?
  >
  You might want to look into obfuscators. They won't stop decompiling but they can make it hard to understand the decompiled code.
  Proguard has a good reputation
  http://proguard.sourceforge.net/
  >
  ProGuard is a free Java class file shrinker, optimizer, obfuscator, and preverifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names. Finally, it preverifies the processed code for Java 6 or for Java Micro Edition.

• How to protect an area in a chroma key?

  Hi Folks,
  I'm having a bit of a problem performing a key on a section of footage. There's an article in the foreground that unfortunately is the color of the greenscreen (bluescreen actually). Is there any way to 'protect' that area so that the chroma key filter doesn't affect it? The closest solution I've come up with is to duplicate the section of footage and move the copy to the next higher video track, then use a shape mask to frame the small section that is problematic. This works for the most part except that during the cross dissolve at the beginning and end of the clip. During the dissolve you can clearly see the shape of the mask as it doesn't 'dissolve' at the same rate as the dissolve on the underlying original clip.
  I would imagine that there has to be a simpler way to accomplish this, but it's eluding me.
  Thanks,
  Chris

  If you have to dissolve between composites, which is what you're creating with holdout and edge mattes and keys, you have to merge all the layers into one and then you can apply those transitions. You need to either key all the video you're using, export animation + which will maintain the alpha and edit into your sequence or export selects to Motion with sufficient handles for your dissolves and then import those Motion projects back into FCP.
  You could create sequences of any selects, do the key in FCP with your mattes, import those sequences into your master which would also take care of any dissolves. However, Motion has a superior keyer and matte tools over FCP.
  At any rate, this involves some organizational strategy over just applying a keyer to a layer in FCP.

• How weak is weak encryption?

  I have several values my java program is posting to my php webserver
  I have done a variety of weak encryption methods to protect already encoded values ( like serial number, username, etc. )
  I use random values to encode multiple shifts over the data, then finally encode with specific information on the sending machine
  the server takes this apart, and sends a response also encoding with the client specific info along with an alternate set of random shifts.
  the client then grabs the machine specifics and decodes the message
  How much protection do I really need when communicating back and forth between my own applications? I feel like the main security concern is man in the middle attacks, and if this method prevents that.
  Thanks for any replies.

  if they sit in the middle, they don't have the hardware spec.
  also its not an open protocol.... its not for secure data, its for authentication of a license. The hardware spec of the client is embedded into the original message from client->server in a randomized way
  server strips this out of the message and sends a response also embedded with the same hardware mixup, the client then only authenticates if it gets not only a valid license response but with the correct hardware key that matches the system.
  so even if you reconstructed the correct message, if the java app on the client can't verify your hardware, it won't launch.
  Its not really the sensitivity of the data I am worried about so much as the possibility of a client forcing java to think there is hardware on a machine that there isn't (ie they figure out what I've done and want to fake the hardware fingerprint)
  however I feel like if someone got this far they probably could have spent less time simply removing the authentication code from my java object code.

• HT5012 How to protect my iPhone 4S to virus

  How to protect my iphone to virus

  Not according to why the newest two updates to iOS were released.
  About the security content of iOS 7.1.1
  This document describes the security content of iOS 7.1.1.
  For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
  For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."
  Where possible, CVE IDs are used to reference the vulnerabilities for further information.
  To learn about other Security Updates, see "Apple Security Updates."
  iOS 7.1.1
  CFNetwork HTTPProtocolAvailable for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
  Impact: An attacker in a privileged network position can obtain web site credentials
  Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines.
  CVE-ID
  CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris
  IOKit KernelAvailable for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
  Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization
  Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object.
  CVE-ID
  CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative
  Security - Secure TransportAvailable for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later
  Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL
  Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection.
  CVE-ID
  CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris
  WebKitAvailable for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and laterImpact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code executionDescription: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.CVE-IDCVE-2013-2871 : miaubizCVE-2014-1298 : Google Chrome Security TeamCVE-2014-1299 : Google Chrome Security Team, Apple, Renata Hodovan of University of Szeged / Samsung ElectronicsCVE-2014-1300 : Ian Beer of Google Project Zero working with HP's Zero Day InitiativeCVE-2014-1302 : Google Chrome Security Team, AppleCVE-2014-1303 : KeenTeam working with HP's Zero Day InitiativeCVE-2014-1304 : AppleCVE-2014-1305 : AppleCVE-2014-1307 : Google Chrome Security TeamCVE-2014-1308 : Google Chrome Security TeamCVE-2014-1309 : cloudfuzzerCVE-2014-1310 : Google Chrome Security TeamCVE-2014-1311 : Google Chrome Security TeamCVE-2014-1312 : Google Chrome Security TeamCVE-2014-1313 : Google Chrome Security TeamCVE-2014-1713 : VUPEN working with HP's Zero Day Initiative
  Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information. 
  Last Modified: Apr 22, 2014

• Encrypt/Decrypt data, multiple public keys using Bouncy castle api?

  Hi all.
  I need to implement encrypt/decrypt functionality of some data with many public keys using bouncy castle api and EnvelopedData class in java 1.4 SE.
  Could someone give me examples how to do it. I searched whole the internet and i could not find simple example.

  Hi thanks very much.
  I had a quick look at the examples. I will see if they could help me.
  Here is more specific what i want:
  Encrypt data with multiple public keys that are kept in .pkcs12 file.
  And decrypt the data using coresponding private key after that.
  I must use bouncy castle api for java 1.4 se.
  Best regards
  Edited by: menchev on Nov 13, 2008 8:26 AM

• Password protecting and encrypting received pdf file

  Hello there,
  how can I password protect (and encrypt) a pdf file that I received from someone else? For example, I may get a copy of my tax return from my accountant that I don't want anyone else to see on my computer or when I back up contents of my computer online.
  I have only Adobe Reader 8 installed on my computer. So I am not writing these pdf files myself - I realize that then I would have full control over the security settings.
  Microsoft Word and Excel files I can password protect. How can I do this for "received pdf files"?
  Thank you for your help.

  You need Acrobat, not Reader.
  Be aware that even then, PDF security is easy to bypass.
  I use a Mac for the most part but isn't there any features in Windows that will allow you to protect folders?

• Weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting Secret Key

  Hi all,
  I have one admin server 8 managed servers in cluster environment. I am using node
  manager to start managed servers. I used the demo certificate and private key
  file provided by BEA before getting my real certificate, but when I got the real
  certificate the node manager can't no more. The error I am getting is this :
  <Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <NodeManager: for information
  on command line options, try "java weblogic.nodemanager.NodeManager help">
  <Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <Starting NodeManager >
  Exception in thread "main" weblogic.security.internal.encryption.EncryptionServiceException:
  Error decrypting Secret Key
       at weblogic.security.internal.encryption.JSafeSecretKeyEncryptor.decryptSecretKey(JSafeSecretKeyEncryptor.java:119)
       at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:205)
       at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
       at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
       at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
       at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
  --------------- nested within: ------------------
  weblogic.security.internal.encryption.EncryptionServiceException - with nested
  exception:
  [weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting
  Secret Key]
       at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:226)
       at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
       at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
       at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
       at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
  here is the setting of node manager
  # Set user-defined variables.
  BEA_HOME="/opt/app/weblogic"
  WL_HOME=${BEA_HOME}/weblogic700
  NODEMGR_HOME=${BEA_HOME}/common/nodemanager/config
  JAVA_HOME=${BEA_HOME}/software/j2sdk1_3_1_06
  #Set NODEMANAGER variables
  NODEMANAGER_CERTIFICATEFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-cert.pem
  NODEMANAGER_KEYFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-key.der
  NODEMANAGER_KEYPASSWORD="wR2DfgiHjF0m4"
  NODEMANAGER_LISTENADDRESS="uxmwpr01"
  NODEMANAGER_LISTENPORT="5501"
  NODEMANAGER_REVERSEDNS="true"
  NODEMANAGER_SSLVERIFICATION="true"
  NODEMANAGER_STARTTEMPLATE=${NODEMGR_HOME}/startManagedWeblogic
  NODEMANAGER_SSLTRUSTED=${WL_HOME}/server/lib/cacerts
  NODEMANAGER_JAVASECURITY=${WL_HOME}/server/lib/weblogic.policy
  NODEMANAGER_TRUSTEDHOSTS=${NODEMGR_HOME}/nodemanager.hosts
  NODEMANAGER_NATIVEIO="true"
  ${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -classpath "${CLASSPATH}"
  -Dbea.home=${BEA_HOME} -Dweblogic.security.SSL.trustedCAKeyStore=${NODEMANAGER_SSLTRUSTED}
  -Djava.security.policy=${NODEMANAGER_JAVASECURITY} -Dweblogic.nodemanager.javaHome=${JAVA_HOME}
  -Dweblogic.ListenAddress=${NODEMANAGER_LISTENADDRESS} -Dweblogic.ListenPort=${NODEMANAGER_LISTENPORT}
  -Dweblogic.nodemanager.certificateFile=${NODEMANAGER_CERTIFICATEFILE} -Dweblogic.nodemanager.keyFile=${NODEMANAGER_KEYFILE}
  -Dweblogic.nodemanager.keyPassword=${NODEMANAGER_KEYPASSWORD} -Dweblogic.nodemanager.reverseDnsEnabled=${NODEMANAGER_REVERSEDNS}
  -Dweblogic.nodemanager.startTemplate=${NODEMANAGER_STARTTEMPLATE} -Dweblogic.nodemanager.sslHostNameVerificationEnabled=${NODEMANAGER_SSLVERIFICATION}
  -Dweblogic.nodemanager.trustedHosts=${NODEMANAGER_TRUSTEDHOSTS} -Dweblogic.nodemanager.nativeVersionEnabled=${NODEMANAGER_NATIVEIO}
  weblogic.nodemanager.NodeManager

  "Jas" <[email protected]> wrote in message news:<3e657be5$[email protected]>...
  Hi,
  I am wondering if anyone has tried creating a domain on a weblogic server by copying
  and pasting an entire domain directory. ie. Copying %bea_home%\config\DomainName
  to the new installation %bea_home%\config\DomainName.
  When I do this I get the following error when starting up the weblogic server:
  "The WebLogic Server did not start up properly. Exception raised:
  weblogic.security.internal.encryption.EncryptionServiceException:Error decrypting
  Secret Key" when loading config.xml
  I assume this is because the weblogic system password is encrypted in the config.xml
  file. Is there anyway I can get around this so I can easily clone weblogic servers?
  Thanks,
  JasJas,
  Yeah the security key is tied to the server, what exactly are you
  trying to accomplish? Do you want seperate domains or servers? Are
  they on different physical servers?
  Also what version of wls? 6 or 7?
  Will try to help you if I can
  Steve

• How to transfer database table contain null values, primary key, and foreign key to the another database in same server. using INSERT method.

  how to transfer database table contain null values, primary key, and foreign key to the another database in same server. using INSERT method.  thanks

  INSERT targetdb.dbo.tbl (col1, col2, col3, ...)
     SELECT col1, col2, col3, ...
     FROM   sourcedb.dbo.tbl
  Or what is your question really about? Since you talke about foreign keys etc, I suspect that you want to transfer the entire table definition, but you cannot do that with an INSERT statement.
  Erland Sommarskog, SQL Server MVP, [email protected]

• How to turn off encrypted backup on itunes

  how to turn off encrypted backup on itunes?

  porkchop_d_clown wrote:
  ...it does not mention encrypted back ups.
  Not so...
  From the supplied Link...
  iTunes and encrypted backups
  You can protect your backup with a passcode using the Encrypt Backup option in the Summary pane. Encrypting your backup will back up your Keychain. This way, email account passwords, Wi-Fi passwords, and passwords you enter into websites and some applications will be remembered when you transfer to a new device. Learn how tocreate and restore from a backup.
  When your backup is encrypted, you'll need to enter the password when enabling or disabling encryption or when restoring from this backup.

• How to implement Double Encryption? (Urgent)

  I can encrypt and decrypt a message but I can't encrypt a message twice by using 2 different public keys.
  //encrypt is a method I created by myself
  // 10001 is plaintext and work at all
  encrypt cipherObj_T = new encrypt();
  byte[] S1 = cipherObj_T.to_encrypt_T("10001");
  //but it has error from here
  encrypt cipherObj = new encrypt();
  byte[] cipher = cipherObj.to_encrypt(S1);
  It shows error:
  javax.crypto.IllegalBlockSizeException: Data must not be longer than 117 bytes
  How to fix it? Please help me! Thanks!!!

  I bet you are using RSA! Depending on the implementation, the data to be encrypted must be shorter than the key length.
  RSA is normally used to encrypt a session key, not the data. Typically, to send with RSA, you use
  1) Create a random session key for your chosen symetric encryption (AES, DES etc).
  2) Encrypt the session key with the recipient's public key and ship the encrypted session key to the recipient.
  3) Encrypt your data with the session key and ship that to the recipient.
  and to receive you use
  1) Get the encrpted session key.
  2) Decrypt the session key using your private key.
  3) Decrypt the data using the session key.