Security and mac
I want to lock a folder so only my family can access it. How do I do that?
GH
GH,
If you wish to password protect file or folder information, I recommend that you consider using the Encrypted Disk Image feature of Mac OS X.
The article states: "By default, the password is stored in your login keychain when you create an encrypted disk image."
In my opinion, if you want total control of this disk image, "Do Not" add the password to keychain. That way a password must be entered every time that you attempt to open the Disk Image. Just be sure to remember the password or your data will be reduced to a jumble of 1's and 0's forever.
;~)
Similar Messages
-
After upgrading to Mountain Lion I am not able to access "security and privacy" button under "system preferences". I like to activate "find my mac" but cannot access privacy setting after upgrade. Kindly advice.
-
i kept a dual boot of windows 7 and mac os x lion in macbook pro. so, should i keep antivirus for windows 7? which is prescribable between bit defender(bd) and microsoft security essentials(mse)?does bd and mse un-installs easily?
lower your font size unless you have difficulty
MS Security Essentials is excellent
Then again maybe time to investigate Windows 8 RP (which uses Defender) -
I have a 4 yr. old iMac. I recently got a trojan on it that sent out emails to my address book. I got Norton Internet Security for Mac, and now my Mac is running slow, with way too many spinning beach balls of death. Was it a mistake to install Norton?
yankeecat wrote:
I have a 4 yr. old iMac. I recently got a trojan on it that sent out emails to my address book.
There is no such Trojan or other malware known today that will do that using OS X nor has there ever been one. The most probable explanation is that somebody hacked into your e-mail account on the server, so you should change that password to something stronger right away. If it had come from your Mac then there would almost certainly be copies of those messages in your Sent Mail mailbox. -
After update June 28 of security and Java on 17in mac bk pro laptop cannot startup
After June 28 security and Java updates my 17 in mac book pro will not start up properly..I get a screen with text on the side and a window telling me to press the sart button to shut down and then press again to start up...( a gray panel comes down over the page before the window appears)...I have tried the install disc and done the disc and permissions repair...permissions repair could not repair "System/Library/Core Services/Remote Management ARDAgent/Contents/Mac OS/ARDAgent" a SUID file. What can I do?
Follow these documents.
http://support.apple.com/kb/TS2570
http://support.apple.com/kb/TS1440
http://support.apple.com/kb/HT1455
http://support.apple.com/kb/ht3964
This one about permissions you can ignore
http://support.apple.com/kb/TS1448
Try to get into your machine and if you do, the first thing you do is backup your files to a external drive. (not TimeMachine) via regular drag and drop methods.
Disconnect this drive. and all others.
You can then c boot off the installer disk for your OS version and under the Utilities menu is Disk Utility > Repair Disk
Also you can totally reinstall OS X, shouldn't effect your programs or files (but backup all files just in case)
If that don't work, c boot off the installer disk again, this time use Disk Utility to Erase >format HFS+ Journaled with Security option > Zero All Data (will take some time) This will totally wipe the drive of everything and is a last ditch effort.
When it's done quit, and reinstlal OS X.
You'll have to go through the setup and reinstall your programs and files from backup. Secret is use the same user name and drive name as the previous time so your iTunes folder will work without a hitch.
If you restore from TimeMachine, it's possible whatever problem you had can return, but you can try and if it doesn't work, just repeat above without TimeMachine.
Later look at free Carbon Copy Clone your boot drive to a external HFS+ Journaled formatted drive and keep in a safe place, it hold option bootable, great if your hard drive bites it, or TimeMachine gets hosed. TM isn't bootable. -
i'm trying to load avira free mac security and am told i am not on the patch level required, to update to latest patch level, what to do?
afickera wrote:
i'm trying to load avira free mac security ...
Please See Here > Antivirus Discussion
More Info Here > http://www.reedcorner.net/mmg/ -
Mac security and maintenance advice needed.
can someone please advice me how to keep my mac secured and well maintained. i mean the macbook hardware as well as software.
any antispyware or antivirus i should get for mac? would u recommend one? and which one? also suggest me some free alternatives.
on pcs putting realtime scanners would slow down the system. i hope thats not the case in mac.
also, any maintenance software like a defragmenter? i have been told macs dont need a defrag program. recently a whole lot of permissions went bad when i did a 'verify permissions' check.
also, can someone tell me how often one should calibrate the battery?Kappy's Personal Suggestions for OS X Maintenance
For disk repairs use Disk Utility. For situations DU cannot handle the best third-party utilities are: Disk Warrior; DW only fixes problems with the disk directory, but most disk problems are caused by directory corruption; Disk Warrior 4.x is now Intel Mac compatible. TechTool Pro provides additional repair options including file repair and recovery, system diagnostics, and disk defragmentation. TechTool Pro 4.5.1 or higher are Intel Mac compatible; Drive Genius is similar to TechTool Pro in terms of the various repair services provided. Versions 1.5.1 or later are Intel Mac compatible.
OS X performs certain maintenance functions that are scheduled to occur on a daily, weekly, or monthly period. The maintenance scripts run in the early AM only if the computer is turned on 24/7 (no sleep.) If this isn't the case, then an excellent solution is to download and install a shareware utility such as Macaroni, JAW PseudoAnacron, or Anacron that will automate the maintenance activity regardless of whether the computer is turned off or asleep. Dependence upon third-party utilities to run the periodic maintenance scripts had been significantly reduced in Tiger and Leopard.
OS X automatically defrags files less than 20 MBs in size, so unless you have a disk full of very large files there's little need for defragmenting the hard drive. As for virus protection there are few if any such animals affecting OS X. You can protect the computer easily using the freeware Open Source virus protection software ClamXAV. Personally I would avoid most commercial anti-virus software because of their potential for causing problems.
I would also recommend downloading the shareware utility TinkerTool System that you can use for periodic maintenance such as removing old logfiles and archives, clearing caches, etc.
For emergency repairs install the freeware utility Applejack. If you cannot start up in OS X, you may be able to start in single-user mode from which you can run Applejack to do a whole set of repair and maintenance routines from the commandline. Note that presently AppleJack is not compatible with Leopard.
When you install any new system software or updates be sure to repair the hard drive and permissions beforehand. I also recommend booting into safe mode before doing system software updates.
Get an external Firewire drive at least equal in size to the internal hard drive and make (and maintain) a bootable clone/backup. You can make a bootable clone using the Restore option of Disk Utility. You can also make and maintain clones with good backup software. My personal recommendations are (order is not significant):
1. Retrospect Desktop (Commercial - not yet universal binary)
2. Synchronize! Pro X (Commercial)
3. Synk (Backup, Standard, or Pro)
4. Deja Vu (Shareware)
5. Carbon Copy Cloner (Donationware)
6. SuperDuper! (Commercial)
7. Intego Personal Backup (Commercial)
8. Data Backup (Commercial)
The following utilities can also be used for backup, but cannot create bootable clones:
1. Backup (requires a .Mac account with Apple both to get the software and to use it.)
2. Toast
3. Impression
4. arRSync
Apple's Backup is a full backup tool capable of also backing up across multiple media such as CD/DVD. However, it cannot create bootable backups. It is primarily an "archiving" utility as are the other two.
Impression and Toast are disk image based backups, only. Particularly useful if you need to backup to CD/DVD across multiple media.
Visit The XLab FAQs and read the FAQs on maintenance, optimization, virus protection, and backup and restore.
Additional suggestions will be found in Mac Maintenance Quick Assist.
Referenced software can be found at www.versiontracker.com and www.macupdate.com.
Do You Need Anti-Virus Protection for Your Mac?
According to Rich Mogull's article, Should Mac Users Run Antivirus Software?,
"The reality is that today the Mac platform is relatively safe. There are hundreds of thousands of viruses and other malicious software programs floating around for Windows, but less than 200 are known to target the Mac, and many of those are aimed at versions of the Mac OS prior to Mac OS X (and thus have no effect on a modern Mac).
It's not that Mac OS X is inherently more secure against viruses than current versions of Windows (although it was clearly more secure than Windows prior to XP SP2); the numerous vulnerabilities reported and patched in recent years are just as exploitable as their Windows equivalents. But most security experts agree that malicious software these days is driven by financial incentives, and it's far more profitable to target the most dominant platform."
Mr. Mogull is a computer security expert. I recommend reading the entire article as it is quite informative.
For additional information on viruses, trojans, and spyware visit The XLab FAQs and read the FAQs on viruses and spyware.
About Batteries in Modern Apple Laptops
Apple - Batteries - Notebooks
Extending the Life of Your Laptop Battery
Apple - Batteries
Determining Battery Cycle Count
Calibrating your computer's battery for best performance
Battery University
Repairing the Hard Drive and Permissions
Boot from your OS X Installer disc. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Installer menu (Utilities menu for Tiger and Leopard.) After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list. In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive. If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors are reported click on the Repair Permissions button. Wait until the operation completes, then quit DU and return to the installer. Now restart normally.
If DU reports errors it cannot fix, then you will need Disk Warrior (4.0 for Tiger, and 4.1 for Leopard) and/or TechTool Pro (4.6.1 for Leopard) to repair the drive. If you don't have either of them or if neither of them can fix the drive, then you will need to reformat the drive and reinstall OS X.
would keeping the charger plugged in extend battery life?
It will neither hurt nor improve battery life. The life of the battery is determined by the number of full charge cycles - about 500 is the average life. If you use the computer mostly in a location with access to an AC outlet then you should use the AC adapter rather than run on the battery. -
I Have discovered this in the security and privacy settings of my mac. Is it something I should get rid of ?
Login to another User account. Is it faster there?
17" 2.2GHz i7 Quad-Core MacBook Pro 8G RAM 750G HD + OCZ Vertex 3 SSD Boot HD -
I have a 3rd generation iPod Touch and just did the update to IOS 5. Now I can't connect to my Netgear wifi router. My iPhone connects fine along with all of my other laptops etc. I have the router set with WPA-PSK [TKIP] security and an access list. I've confirmed the mac address is included on that list and that the password is correct. Under choses netwrok I select the network and it just goes into a spin. I have tried removing the password and the access list settings and it still will not complete the connection to the router thus no internet access. The routers firmware is also up to date. This thing worked fine before this update and I've already tried to restore from backup. Any ideas or is the wifi nic bad in this thing with the new apple firmware update? Any fix?
Thanks Bob, I don't know why but it all of a sudden worked a few days later. It's a mystery but at least problem solved.
-
system preferences's security and privacy are greyed out and it freezes how do i fix it? and when i try to connect to my school wifi it says that is not connected but it is how do i fix that too?
Hello NoraV,
It looks like your Security and Privacy pane is not loading at all, and is making the window unresponsive when you oepn it. I recommend checking your hard drive for errors with the following article:
Disk Utility 12.x: Repair a disk
http://support.apple.com/kb/PH5836
If the issue is not resolved, try performing the steps in this article to boot to Safe Mode, then leave it to retest the issue:
OS X: What is Safe Boot, Safe Mode?
http://support.apple.com/kb/ht1564
Starting up in Safe Mode
To start up into Safe Mode (to Safe Boot), follow these steps.
Be sure your Mac is shut down.
Press the power button.
Immediately after you hear the startup tone, hold the Shift key.
The Shift key should be held as soon as possible after the startup tone, but not before the tone.
Release the Shift key when you see the gray Apple logo and the progress indicator (looks like a spinning gear).
After the logo appears, you should see a progress bar during startup. This indicates that your computer is performing a directory check as part of Safe Mode.
To leave Safe Mode, restart your computer without holding any keys during startup.
Thank you for using Apple Support Communities.
All the best,
Sterling -
Session key and MAC generation in SCP '02' i='15'
Hi,
I am trying send a PUT KEY command and it resolves to '6982' after a '9000' EXTERNAL AUTHENTICATE.
I suspect that my encryption is causing the problem.(not really sure!)
I compare my session keys to some that ppl had derived and posted on the forum and I don't really get what they did.
I am trying to find out if I'm deriving the correct session keys or not?!?!
e.g
//Calculating session keys with
//static key = '404142434445464748494a4b4c4d4e4f' (keyData)
//sequence counter = '003b'
//"0101" + sequenceCounter + "000000000000000000000000" for session CMAC key (data)
//"0102" + sequenceCounter + "000000000000000000000000" for session RMAC key (data)
//"0181" + sequenceCounter + "000000000000000000000000" for session DEK key (data)
//"0182" + sequenceCounter + "000000000000000000000000" for session ENC key (data)
//sessionCMAC is :3213860da8f8d9796794cbcec43ef7a23213860da8f8d979: with sequence counter:003b (result)
//sessionRMAC is :042a687f6e0dd3f80eabf1e5d51ccefe042a687f6e0dd3f8: with sequence counter:003b (result)
//sessionDEK is :1fe31370c22354e3b90d6b8ad5686d371fe31370c22354e3: with sequence counter:003b (result)
//sessionENC is :94a47ad54ffbf423fe4a9d915befab5294a47ad54ffbf423: with sequence counter:003b (result)
<code>
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
DESedeKeySpec keySpec = new DESedeKeySpec(keyData);
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("DESede");
SecretKey key = secretKeyFactory.generateSecret(keySpec);
IvParameterSpec iv = new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
Cipher desedeCBCCipher = Cipher.getInstance("DESede/CBC/NoPadding");
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, key, iv);
byte[] result = desedeCBCCipher.doFinal(data);
if (result .length == 16) {
byte[] temp = (byte[]) result .clone();
result = new byte[24];
System.arraycopy(temp, 0, result , 0, temp.length);
System.arraycopy(temp, 0, result , 16, 8);
keySpec = new DESedeKeySpec(result);
secretKeyFactory = SecretKeyFactory.getInstance("DESede");
key = secretKeyFactory.generateSecret(keySpec);
</code>
I use the same encrytion to derive KeyCheckValue with
newKey ='505152535455565758595a5b5c5d5e5f', data = '0000000000000000'
and it results to : '6d377e' (of course the last 3 bytes)
Even though my CMAC session key is different from others (e.g "RLopes" in "http://192.9.162.102/thread.jspa?threadID=5365173&tstart=363" and I have seen it in others too and its really odd to me that its slightly different if you take a close look you will get what i mean) i get the EXTERNAL AUTHENTICATION to work.
If there is anyone who is 100% sure meaning he/she got other commands to work after EXTERNAL AUTHENTICATE using CMAC please help me verify the keys I got?
Can he/she test with his code to see if he/she is getting the same session keys or check value?
Thanks in advance
KamranHi,
Here is the Class and thanks for the tip, I've honestly tried these <code></code> but didn't work and I know it is indeed annoying without the tags :D
I really hope it helps...
* To change this template, choose Tools | Templates
* and open the template in the editor.
package terminalpcsc;
import java.lang.Exception;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.SecureRandom;
import java.util.List;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.security.sasl.AuthenticationException;
import javax.smartcardio.*;
* @author Kamran
* @param args the command line arguments
public class Main {
private static CardChannel channel;
private static Card card;
private static int CHALLENGE_LENGTH = 8;
private static byte[] keyDiversification = new byte[10];
private static byte[] keyInformation = new byte[2];
private static byte[] sequenceCounter = new byte[2];
private static byte[] cardChallenge = new byte[6];
private static byte[] cardCryptogram = new byte[8];
private static byte[] hostChallenge = new byte[8];
private static byte[] hostCryptogram = new byte[8];
private static String keyDiversificationHexString;
private static String keyInformationHexString;
private static String sequenceCounterHexString;
private static String cardChallengeHexString;
private static String cardCryptogramHexString;
private static String hostChallengeHexString;
private static String hostCryptogramHexString;
private static byte[] sessionCMAC;
private static byte[] sessionDEK;
private static byte[] sessionENC;
private static byte[] sessionRMAC;
private static byte[] icvNextCommand;
private static IvParameterSpec ivAllZeros = new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
private static byte[] staticKey = hexStringToByteArray("404142434445464748494a4b4c4d4e4f4041424344454647");
private static byte[] newKey = hexStringToByteArray("505152535455565758595a5b5c5d5e5f");
private static byte[] CMAC;
* @param args the command line arguments
public static void main(String[] args) throws Exception {
initiateCardChannel();
String apduString = generateSelectAPDU("a000000003535041");
byte[] bufferC = hexStringToByteArray(apduString);
CommandAPDU capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Select AID: " + byteArrayToHexString(bufferC));
ResponseAPDU rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
byte[] bufferR = rapdu.getData();
String responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
apduString = generateInitializeUpdateAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Initialize Update: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
// protocol 01
//System.arraycopy(bufferR,0,keyDiversification,0,10);
//System.arraycopy(bufferR,10,keyInformation,0,2);
//System.arraycopy(bufferR,12,cardChallenge,0,8);
//System.arraycopy(bufferR,20,cardCryptogram,0,8);
// protocol 02
System.arraycopy(bufferR, 0, keyDiversification, 0, 10);
System.arraycopy(bufferR, 10, keyInformation, 0, 2);
System.arraycopy(bufferR, 12, sequenceCounter, 0, 2);
System.arraycopy(bufferR, 14, cardChallenge, 0, 6);
System.arraycopy(bufferR, 20, cardCryptogram, 0, 8);
keyDiversificationHexString = byteArrayToHexString(keyDiversification);
keyInformationHexString = byteArrayToHexString(keyInformation);
sequenceCounterHexString = byteArrayToHexString(sequenceCounter);
cardChallengeHexString = byteArrayToHexString(cardChallenge);
cardCryptogramHexString = byteArrayToHexString(cardCryptogram);
System.out.println("keyDiversification: " + keyDiversificationHexString);
System.out.println("keyInformation: " + keyInformationHexString);
System.out.println("sequenceCounter: " + sequenceCounterHexString);
System.out.println("cardChallenge: " + cardChallengeHexString);
System.out.println("cardCryptogram: " + cardCryptogramHexString);
System.out.println("Calculating Session Keys... encryption with CBC");
//E.4.1 GP 2.1.1
sessionCMAC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0101" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionCMAC is :" + byteArrayToHexString(sessionCMAC) + ": with sequence counter:" + sequenceCounterHexString);
sessionRMAC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0102" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionRMAC is :" + byteArrayToHexString(sessionRMAC) + ": with sequence counter:" + sequenceCounterHexString);
sessionDEK = deriveEncryptionCBC(staticKey, hexStringToByteArray("0181" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionDEK is :" + byteArrayToHexString(sessionDEK) + ": with sequence counter:" + sequenceCounterHexString);
sessionENC = deriveEncryptionCBC(staticKey, hexStringToByteArray("0182" + sequenceCounterHexString + "000000000000000000000000"));
System.out.println("sessionENC is :" + byteArrayToHexString(sessionENC) + ": with sequence counter:" + sequenceCounterHexString);
System.out.println("Calculating and Verifying Card Cryptogram...");
byte[] signature = cbcMACSignature(hexStringToByteArray(hostChallengeHexString + sequenceCounterHexString + cardChallengeHexString + "8000000000000000"), sessionENC);
String signatureHexString = byteArrayToHexString(signature);
if (signatureHexString.equalsIgnoreCase(cardCryptogramHexString)) {
System.out.println("signature is :" + signatureHexString + "\ncardCryptogram is :" + cardCryptogramHexString + " \nCard cryptogram authenticated");
apduString = generateExternalAuthenticateAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU External Authenticate: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
apduString = generatePutKeyAPDU();
bufferC = hexStringToByteArray(apduString);
capdu = new CommandAPDU(bufferC);
System.out.println("Sending APDU Put Key: " + byteArrayToHexString(bufferC));
rapdu = channel.transmit(capdu);
System.out.println("Sending Apdu: Done!");
System.out.println("Waiting For Response...");
bufferR = rapdu.getData();
responseData = byteArrayToHexString(rapdu.getBytes());
System.out.println("Response: " + responseData);
} else {
System.out.println("signature is :" + signatureHexString + "\ncardCryptogram is :" + cardCryptogramHexString + " \nCard cryptogram is not authenticated");
releaseCardChannel();
public static byte[] cbcMACSignature(byte[] data, byte[] sessionSENC) throws AuthenticationException {
IvParameterSpec params =
new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
if (sessionSENC.length == 16) {
byte[] temp = (byte[]) sessionSENC.clone();
sessionSENC = new byte[24];
System.arraycopy(temp, 0, sessionSENC, 0, temp.length);
System.arraycopy(temp, 0, sessionSENC, 16, 8);
byte[] temp = null;
SecretKey secretKey = new SecretKeySpec(sessionSENC, "DESede");
try {
Cipher cbcDES = Cipher.getInstance("DESede/CBC/NoPadding");
cbcDES.init(Cipher.ENCRYPT_MODE, secretKey, params);
temp = cbcDES.doFinal(data);
} catch (GeneralSecurityException e) {
e.printStackTrace();
byte[] signature = new byte[8];
System.arraycopy(temp, temp.length - 8, signature, 0, signature.length);
return signature;
// generateInitialUpdateAPDU()
//CLA '80'
//INS '50' INITIALIZE UPDATE
//P1 'xx' Key Version Number
//P2 '00' Reference control parameter P2
//Lc '08' Length of host challenge
//Data 'xx xx…' Host challenge
//Le '00'
//RESPONSE TEMPLATE
//Key diversification data 10 bytes
//Key information 2 bytes
//Card challenge 8 bytes
//Card cryptogram 8 bytes
public static String generateInitializeUpdateAPDU() throws Exception {
hostChallenge = generateHostChallenge();
hostChallengeHexString = byteArrayToHexString(hostChallenge);
return "8050000008" + hostChallengeHexString + "00";
//CLA '80' or '84'
//INS 'D8' PUT KEY
//P1 'xx' Reference control parameter P1 Key Version Number -- '00' is new key range is '01' to '7F'
//P2 'xx' Reference control parameter P2 Key Identifier -- '00' to '7F'
//Lc 'xx' Length of data field
//Data 'xxxx..' Key data (and MAC if present)
//Le '00'
public static String generatePutKeyAPDU() throws Exception {
String keyCheckValue = new String();
//keyCheckValue = keyCheckValue.substring(keyCheckValue.length() - (3 * 2));
keyCheckValue = byteArrayToHexString(deriveEncryptionECB(newKey, hexStringToByteArray("0000000000000000")));
keyCheckValue = keyCheckValue.substring(keyCheckValue.length() - (3 * 2));
System.out.println("keyCheckValue :" + keyCheckValue + " 3DES ECB, key is new key '505152535455565758595a5b5c5d5e5f5051525354555657', data is 8 zeroes");
String encryptedNewKey = byteArrayToHexString(deriveEncryptionECB(sessionDEK, newKey));
//System.out.println("sessionDEK.getEncoded() :" + sessionDEK.getEncoded() + " len is:" + sessionDEK.getEncoded().length);
System.out.println("encryptedNewKey :" + encryptedNewKey);
//testing newKey
String dataField = "01" + "8010" + encryptedNewKey + "03" + keyCheckValue + "8010" + encryptedNewKey + "03" + keyCheckValue + "8010" + encryptedNewKey + "03" + keyCheckValue;
// String dataField2 = "01" + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue + "8010" + byteArrayToHexString(newKey) + "03" + keyCheckValue;
System.out.println("datafield to calculate cmac :" + dataField);
System.out.println("icv to calculate cmac is previous mac first 8 byte sessionCMAC in CBC single des :" + byteArrayToHexString(icvNextCommand));
CMAC = generateCMac2((byte) 0x84, (byte) 0xD8, (byte) 0x00, (byte) 0x81, hexStringToByteArray(dataField), sessionCMAC, icvNextCommand);
System.out.println("data field with des padding for encryption (encryption in CBC sessionENC) :" + desPadding(dataField));
String dataField3 = byteArrayToHexString(deriveEncryptionCBC(sessionENC, hexStringToByteArray(desPadding(dataField))));
System.out.println("data field after encryption :" + dataField3);
Integer CMACLen = byteArrayToHexString(CMAC).length() / 2;
System.out.println("CMACLen :" + CMACLen);
Integer dataFieldLen = dataField3.length() / 2;
System.out.println("dataFieldLen :" + dataFieldLen);
Integer intLc = dataFieldLen + CMACLen;
System.out.println("intLc :" + intLc);
String hexLc = Integer.toString(intLc, 16);
System.out.println("hexLc :" + hexLc);
return "84D80081" + hexLc + dataField3 + byteArrayToHexString(CMAC) + "00";
//generateExternalAuthenticateAPDU()
//CLA '84'
//INS '82' EXTERNAL AUTHENTICATE
//P1 'xx' Security level --'03' C-DECRYPTION and C-MAC.--'01' C-MAC.'00' No secure messaging expected.
//P2 '00' Reference control parameter P2
//Lc '10' Length of host cryptogram and MAC
//Data 'xx xx…' Host cryptogram and MAC
//Le Not present
public static String generateExternalAuthenticateAPDU() throws Exception {
System.out.println("Calculating and Verifying Host Cryptogram...");
hostCryptogram = cbcMACSignature(hexStringToByteArray(sequenceCounterHexString + cardChallengeHexString + hostChallengeHexString + "8000000000000000"), sessionENC);
hostCryptogramHexString = byteArrayToHexString(hostCryptogram);
System.out.println("hostCryptogram is :" + hostCryptogramHexString);
CMAC = generateCMac2((byte) 0x84, (byte) 0x82, (byte) 0x03, (byte) 0x00, hostCryptogram, sessionCMAC, new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
return "8482030010" + hostCryptogramHexString + byteArrayToHexString(CMAC);
// generateSelectAPDU()
//CLA '00' ISO/IEC 7816-4 command
//INS 'A4' SELECT
//P1 'xx' Reference control parameter P1 --'04' select by name
//P2 'xx' Reference control parameter P2 --'00' First or only occurrence --'02' Next occurrence
//Lc 'xx' Length of AID
//Data 'xxxx..' AID of Application to be selected
//Le '00'
// RESPONSE TEMPLATE
//'6F' File Control Information (FCI template) Mandatory
//'84' Application / file AID Mandatory
//'A5' Proprietary data Mandatory
//'73' Security Domain Management Data (see Appendix F for detailed coding) Optional
//'9F6E' Application production life cycle data Optional
//'9F65' Maximum length of data field in command message Mandatory
public static String generateSelectAPDU(String AID) throws Exception {
String AIDlen = Integer.toString(AID.length() / 2, 16);
if (AIDlen.length() == 1) {
AIDlen = "0" + AIDlen;
System.out.println("00A40400" + AIDlen + AID);
return "00A40400" + AIDlen + AID;
public static String byteArrayToHexString(byte[] b) throws Exception {
String result = "";
for (int i = 0; i < b.length; i++) {
result +=
Integer.toString((b[i] & 0xff) + 0x100, 16).substring(1);
return result;
public static void initiateCardChannel() throws CardException {
System.out.println("Connecting to Java Card...");
TerminalFactory factory = TerminalFactory.getDefault();
List<CardTerminal> terminals = factory.terminals().list();
System.out.println("Terminals Detected: " + terminals);
// get the first terminal
System.out.println("Connecting to: " + terminals + "...");
CardTerminal terminal = terminals.get(0);
System.out.println("Connected to: " + terminals);
// establish a connection with the card
System.out.println("Connecting to Java Card...");
card = terminal.connect("T=0");
System.out.println("Connected to card: " + card);
System.out.println("Obtaining Channel...");
channel = card.getBasicChannel();
System.out.println("Connecting to Channel: " + channel.getChannelNumber());
public static void releaseCardChannel() throws CardException {
System.out.println("Disconnection all...");
card.disconnect(false);
System.out.println("Disconnection Done");
System.out.println("*END*");
public static byte[] hexStringToByteArray(String s) {
int len = s.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i + 1), 16));
return data;
//To generate the derivation data:
public static byte[] deriveEncryptionCBC(byte[] keyData, byte[] data) throws GeneralSecurityException {
//Key key = getSecretKey(keyData);
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
SecretKey secretKey = new SecretKeySpec(keyData, "DESede");
IvParameterSpec dps =
new IvParameterSpec(new byte[]{0, 0, 0, 0, 0, 0, 0, 0});
String algorithm = "DESede/CBC/NoPadding";
Cipher desedeCBCCipher = Cipher.getInstance(algorithm);
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, secretKey, dps);
byte[] result = desedeCBCCipher.doFinal(data);
//adjustParity(result);
return result;
public static byte[] deriveEncryptionECB(byte[] keyData, byte[] data) throws GeneralSecurityException {
//Key key = getSecretKey(keyData);
if (keyData.length == 16) {
byte[] temp = (byte[]) keyData.clone();
keyData = new byte[24];
System.arraycopy(temp, 0, keyData, 0, temp.length);
System.arraycopy(temp, 0, keyData, 16, 8);
SecretKey secretKey = new SecretKeySpec(keyData, "DESede");
String algorithm = "DESede/ECB/NoPadding";
Cipher desedeCBCCipher = Cipher.getInstance(algorithm);
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] result = desedeCBCCipher.doFinal(data);
//adjustParity(result);
return result;
* Adjust a DES key to odd parity
* @param key
* to be adjusted
public static byte[] adjustParity(byte[] key) {
for (int i = 0; i < key.length; i++) {
int akku = (key[i] & 0xFF) | 1;
for (int c = 7; c > 0; c--) {
akku = (akku & 1) ^ (akku >> 1);
key[i] = (byte) ((key[i] & 0xFE) | akku);
return key;
public static byte[] generateCMac2(byte cla, byte ins, byte p1, byte p2, byte[] dataField, byte[] SMacSessionKey, byte[] icv) throws GeneralSecurityException, Exception {
if (SMacSessionKey.length == 16) {
byte[] temp = (byte[]) SMacSessionKey.clone();
SMacSessionKey = new byte[24];
System.arraycopy(temp, 0, SMacSessionKey, 0, temp.length);
System.arraycopy(temp, 0, SMacSessionKey, 16, 8);
byte[] cMac = new byte[8];
byte[] padding = {(byte) 0x80, 0, 0, 0, 0, 0, 0, 0};
int paddingRequired = 8 - (5 + dataField.length) % 8;
byte[] data = new byte[5 + dataField.length + paddingRequired];
//Build APDU
data[0] = cla;
data[1] = ins;
data[2] = p1;
data[3] = p2;
data[4] = (byte) ((byte) dataField.length + (byte) 0x08);
System.arraycopy(dataField, 0, data, 5, dataField.length);
System.arraycopy(padding, 0, data, 5 + dataField.length, paddingRequired);
System.out.println("data to calculate mac :" + byteArrayToHexString(data));
System.out.println("icv to calculate mac :" + byteArrayToHexString(icv));
Cipher cipher = Cipher.getInstance("DESede/CBC/NoPadding");
Cipher singleDesCipher = Cipher.getInstance("DES/CBC/NoPadding", "SunJCE");
SecretKeySpec desSingleKey = new SecretKeySpec(SMacSessionKey, 0, 8, "DES");
SecretKey secretKey = new SecretKeySpec(SMacSessionKey, "DESede");
//Calculate the first n - 1 block. For this case, n = 1
IvParameterSpec ivSpec = new IvParameterSpec(icv);
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
byte ivForLastBlock[] = singleDesCipher.doFinal(data, 0, 8);
int blocks = data.length / 8;
for (int i = 0; i < blocks - 1; i++) {
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
byte[] block = singleDesCipher.doFinal(data, i * 8, 8);
ivSpec = new IvParameterSpec(block);
int offset = (blocks - 1) * 8;
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
cMac = cipher.doFinal(data, offset, 8);
ivSpec = new IvParameterSpec(new byte[8]);
singleDesCipher.init(Cipher.ENCRYPT_MODE, desSingleKey, ivSpec);
icvNextCommand = singleDesCipher.doFinal(cMac);
return cMac;
public static byte[] generateHostChallenge() {
byte[] hostChallenge = new byte[CHALLENGE_LENGTH];
SecureRandom random = new SecureRandom();
random.nextBytes(hostChallenge);
return hostChallenge;
public static String desPadding(String hexString) {
System.out.println("String to pad before:" + hexString);
hexString = hexString + "80";
int hexStringLen = hexString.length() / 2;
int padding = 8 - (hexStringLen % 8);
for (int i = 0; i < padding; i++) {
hexString = hexString + "00";
System.out.println("String to pad after :" + hexString);
return hexString;
}Thanks in advance
Kamran -
i made a dual boot of windows 7 and mac os x lion in my macbook pro .i installed m icrosoft support software also. now, can i install windows updates? do i turn on the automatic updating of updates?
yes you need the updates and patches.
Only some of the drivers that Windows will automatically install at times
and always make sure to insure it is using restore points
do all the maintenance andsuch as normal
use MS Security Essentials for AV is really top notch
Clean disk space
Use WinClone new program to inisure you have a restore image -
What is the best way to secure and harden a Macbook Pro against unwanted surveillance?
What is the best way to secure and harden a Macbook Pro against unwanted surveillance? Tor, VPN, Little Snitch, etc. This would be for that latest version of Mavericks.
djbabybokchoy wrote:
Nothing specific, just speaking in general. Ex-wives, governments, bad guys...anyone really. I'm just looking to make my Mac a bit more private and secure, especially when on public networks.
Governments and ex's will/may have recourse to the legal process (or in the case of the Gov they can choose to ignore the legal system if they feel like it) when they want to see something of yours, good luck hardening your Mac against that. The best way to avoid the possibility of snooping over public networks is to avoid them but if you can't then Kappy's suggestion will help.
Strong passwords (everywhere) and don't use the same password in multiple locations.
If you really want to secure your home wireless use Mac address connection authentication, do not allow unknown Mac addresses to connect. It's much stronger than a WPA password alone. -
Password protecting PDF from copy/paste, not secure in Mac "Preview"?
I created a book for someone and sent a PDF of it. I secured it with a password so it can be printed but not edited or copy/paste compatible. When I open the PDF on Acrobat on my PC, its locks me out as it should. I sent to friend and of course its the same way on Acrobat on his Mac. But when he opened it in "Preview" on the Mac, it lets him copy paste. He said he is using OSX Lion 10.7.4.
Why is Mac's viewer bypassing the security and how can I keep it from doing this?A PDF consumer (viewer) is expected to honor any standard security restrictions that are in place, but there is no way to ensure that every one will. A different method that provides a strong form of security could be used, such as Certificate security or LiveCycle Rights Management (a type of DRM), but then non-Adobe viewers such as Preview wouldn't be able to open the document at all.
-
Link problem between PCs and Macs
Hello. We have 3 Macs running OSX 10.5.x and Adobe Std CS5, and they share their Illustrator creations, images, etc., on a NAS file server. Recently, I downloaded the CS5.5. trial version for a PC running Windows XP Pro and on the same network with same file access and security. All machines use CIFS to access files.
PC user will create an Illustrator file in one of these shared folders on the NAS and link in images from another shared folder on the NAS and save it. When a Mac user opens the Illustrator file, however, none of the links are valid so the Mac user has to re-link those images and re-save the file. What change(s) do I need to make on the PC-side to stop this problem? Does the PC need to be on CS5, too?Thanks to both of you for your help. We found out that the PC and Mac show the absolute path slightly differently when connecting to our NAS. However, if we create an ai file with linked images on the PC, save it, and then open it in the Mac, even though the links are off we can fix all of them if we simply re-link one image and then "Ignore" the rest of the pop-up error messages. There are less (or no) link issues if the images are in the same folder as the ai file, but that kind of defeats the advantage of linking over embedding. We need to have one central images folder since the same image can be used many times over. Is there any way to force Illustrator to use relative paths instead of absolut paths? For example, if I have a share name "Sales" and three folder within: "Images", "ABC company" and "DEF company", can the ai files I create in ABC company contain links like, "..\Images\image01.eps" instead of something like \\NAS2\Sales\Images\image01.eps? Would be nice if Adobe Illustrator had a preference setting of something like "Default location of ai files" where I can set it to, \\NAS2\Sales\, and then any documents I create would use that setting as a link starting point.
Maybe you are looking for
-
HT4889 After migrating Safari will not open up. It's coming back with "Safari quit unexpectedly".
Just purchased a new MBA, I'm trying to migrate my files from my MBP to my MBA using the Apple Cap. Safari is coming up with an error and will not open. The message from Safari is stating: Safari quit unexpectedly. I'm running MAC OS X 10.7.4 on my b
-
ITunes Library on External Drive - NO .xml file
i recently had some serious hard drive corruption on my old computer, and figuring it was time for an upgrade anyway I decided to buy a new MacBook. i had been storing all of my iTunes music on an external hard drive. i'm trying to figure out how to
-
Calling Web SErvice from Forms 10g R2
Hi All We are building a new form that calls out a web service. We used JDeveloper to build the stub and successfully import the same into Forms. We added the jar file names to class path, formsweb.cfg and default env files in the desktop. When we ru
-
External Hard Drive No Longer able to Mount
When my dad's iMac G3's power died we turn his G3's internal hard drive into a external so he could mount it to his new user account on my iMac G5. It's been fine until I recently had to force power of my computer. Now his G3 HD won't mount. We have
-
Hi This is my first post and hope that somebody has the patience to give some advice to a newcomer. I 'discovered' programming via the familiar (?) route of Excel to VBA and got hooked on programming and what it can do. I did some reading and it seme