I'm trying to use PowerShell to extra a private key from a certificate stored in the personal store. Most of the tools seem related to Local Machine certificates and are not working, and I hit on the steps in this post: https://hope.mx/2019/recovering-a-certificate-where-the-private-key-is-marked-as-non-exportable/
I tried to use those steps:
PS Cert:\CurrentUser\My> $a = Get-Item Cert:\CurrentUser\My\A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0
PS Cert:\CurrentUser\My> $a.PrivateKey.CspKeyContainerInfo
MachineKeyStore : False
ProviderName : eToken Base Cryptographic Provider
ProviderType : 1
KeyContainerName : te-cd6cd72c-da9c-4862-b02d-419e7ac19123
UniqueKeyContainerName : te-cd6cd72c-da9c-4862-b02d-419e7ac19123
KeyNumber : Exchange
Exportable : False
HardwareDevice : True
Removable : True
Accessible : True
Protected : True
CryptoKeySecurity :
RandomlyGenerated : False
It was my understanding that I should be able to find that file under C:\ProgramData\Microsoft\Crypto\RSA, but it is not there and in fact none of the files in the RSA directories even start with "te-"
Does that value really represent the name of the private key file someplace in the system? If so, where?
Related
I'm trying to figure out Windows update management via MDM (https://learn.microsoft.com/en-us/windows/client-management/mdm/device-update-management) and I would like to show installed and installable updates details for clients.
So following this guide, I'm getting installed/installable/... update GUIDs from the client using Update-CSP, then try to query GUID from sws.update.microsoft.com to get the metadata.
The problem is, the client is reporting update GUIDs that cannot be found in sws.update.microsoft.com. For example the device returns an update id: "1f36097b-e8c9-41a3-bcc3-baae597f692d" as an installed update.
When I query this Using GetUpdateData, it doesn't exists.
I queried installed updated on the client and found the detail:
PS C:\Windows\system32> $session.CreateUpdateSearcher().Search("UpdateID='1f36097b-e8c9-41a3-bcc3-baae597f692d'").Updates
Title : 2021-09 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5005565)
AutoSelectOnWebSites : True
BundledUpdates : System.__ComObject
CanRequireSource : False
Categories : System.__ComObject
Deadline :
DeltaCompressedContentAvailable : True
DeltaCompressedContentPreferred : True
Description : Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.
EulaAccepted : True
EulaText :
HandlerID : http://schemas.microsoft.com/msus/2016/01/UpdateHandlers/OSInstaller
Identity : System.__ComObject
Image :
InstallationBehavior : System.__ComObject
IsBeta : False
IsDownloaded : True
IsHidden : False
IsInstalled : True
IsMandatory : False
IsUninstallable : False
Languages : System.__ComObject
LastDeploymentChangeTime : 9/14/2021 12:00:00 AM
MaxDownloadSize : 110963910278
MinDownloadSize : 0
MoreInfoUrls : System.__ComObject
MsrcSeverity :
RecommendedCpuSpeed : 0
RecommendedHardDiskSpace : 0
RecommendedMemory : 0
ReleaseNotes :
SecurityBulletinIDs : System.__ComObject
SupersededUpdateIDs : System.__ComObject
SupportUrl : https://support.microsoft.com/help/5005565
Type : 1
UninstallationNotes :
UninstallationBehavior :
UninstallationSteps : System.__ComObject
KBArticleIDs : System.__ComObject
DeploymentAction : 1
DownloadPriority : 2
DownloadContents : System.__ComObject
RebootRequired : False
IsPresent : True
CveIDs : System.__ComObject
BrowseOnly : False
PerUser : False
AutoSelection : 1
AutoDownload : 2
But when I look up this update by its name or KB article, I find the correct update id is: 9a11c8f1-525f-4088-8fb7-33d7b56dd6dc
catalog page
I'm not sure why client reports an incorrect (or deprecated?) update id.
Is there a way to make client to correct it?
How it possible to determine encryption status of non APFS volume?
For root disk it possible to use fdesetup status.
For other APFS volumes it possible to extract from diskutil info -all and check field FileVault.
But when I create a new volume by using "Disk Utility" it allow me to create "Mac Os Extended (Journaled)" and encrypt it with AES 128 or 256 but.
How may I get encryption status via terminal for such type volumes?
Following on from your comment, you will need to provide more information if hdiutil does not work for you: macOS version, type of disk image, format of disk image, how you reading the result, etc. With those details someone maybe able to help you.
hdiutil has been tested on High Sierra and Catalina with two images, 128 which is encrypted with AES128, and 256 encrypted with AES256, both HFS+. The result on Catalina:
% hdiutil info
framework : 559.100.2
driver : 559.100.2
images : 2
================================================
image-path : /Users/jacksprat/Desktop/256.dmg
image-alias : /Users/jacksprat/Desktop/256.dmg
shadow-path : <none>
icon-path : /System/Library/PrivateFrameworks/DiskImages.framework/Resources/CDiskImage.icns
image-type : read/write
system-image : false
blockcount : 195353
blocksize : 512
writeable : TRUE
autodiskmount : TRUE
removable : TRUE
image-encrypted : TRUE
mounting user : jacksprat
mounting mode : -rwx------
process ID : 2069
/dev/disk2 GUID_partition_scheme
/dev/disk2s1 48465300-0000-11AA-AA11-00306543ECAC /Volumes/256
================================================
image-path : /Users/jacksprat/Desktop/128.dmg
image-alias : /Users/jacksprat/Desktop/128.dmg
shadow-path : <none>
icon-path : /System/Library/PrivateFrameworks/DiskImages.framework/Resources/CDiskImage.icns
image-type : read/write
system-image : false
blockcount : 195353
blocksize : 512
writeable : TRUE
autodiskmount : TRUE
removable : TRUE
image-encrypted : TRUE
mounting user : jacksprat
mounting mode : -rwx------
process ID : 2068
/dev/disk3 GUID_partition_scheme
/dev/disk3s1 48465300-0000-11AA-AA11-00306543ECAC /Volumes/128
Both disks have image-encrypted : TRUE.
came across a similar question here which wasn't truly addressed - https://github.com/nightwatchjs/nightwatch/issues/1911
You cannot do what #beatfactor suggested with the above example, the port is in the middle i.e. "selenium_host" : "us1.appium.testobject.com:443/wd/hub",
I'm facing a similar problem right now, how do I provide arguments so it attempts to hit a host like the above? Currently, my failing options are providing no port which defaults to 4444 or providing a port which results in attempting to hit us1.appium.testobject.com/wd/hub:443
The desired result is :
"selenium_host" : "us1.appium.testobject.com:443/wd/hub",
TLDR - How do you provide a port in the middle of your selenium host argument given the port is always appended to the end and if you don't provide one, a default is used?
Just define your selenium_port upstream, in the declaration section and use a Template Literal:
const selenium_port = '443';
"test_settings" : {
"default" : {
"launch_url" : "http://test.com",
"selenium_port" : selenium_port
"selenium_host" : `us1.appium.testobject.com:${selenium_port}/wd/hub`,
"silent" : true,
"screenshots" : {
"enabled" : true,
"path" : "screenshots"
}
},
Hope I understood correctly. Cheers!
I defined these in defaults/main.yml:
- mode : production
- consul_server_address :192.168.1.5
when : mode == "production"
- consul_server_address :192.168.2.5
when : mode == "staging"
but I got:
The offending line appears to be:
- consul_server_address : 192.168.1.5
when : mode == "production"
^ here
When I add a space after colons on consul_server_address, the error changes to:
ERROR! The default/main.yml file for role 'dnsmasq' must contain a dictionary of
variables
I spent some time on yaml syntax but I think this idea is wrong and I should do using another ansible-playbook solution.
You start your YAML with:
- mode : production
- denotes a sequence item, so this line defines that the root element of your YAML document is a sequence. Another sequence item follows:
- consul_server_address : 192.168.1.5
But now, there is a line which is not a sequence item:
when : mode == "production"
This is invalid because we are at indentation level 0, which contains the root element, which is a sequence, which may only contain sequence items. But when : … is a mapping key and therefor illegal here.
What you probably want to do is this:
- mode : production
- consul_server_address : 192.168.1.5
when : mode == "production"
- consul_server_address : 192.168.2.5
when : mode == "staging"
By properly indenting the when lines, they are keys of the mapping contained in the sequence item.
Someone on Ansible's IRC channel suggested me to use groupvars/hostvars for this purpose.
I edited my hosts inventory file and did something like this:
[nginx-staging]
IP_ADDRESS OR FQDN
[nginx-staging:vars]
...
consul_server_address=192.168.2.5
[nginx-production]
IP_ADDRESS OR FQDN
[nginx-production:vars]
...
consul_server_address=192.168.1.5
and it worked for me with a simpler and more straight forward solution.
I'm trying to download a file from an opa database. I've used the following code :
case {path:[], query:[("download", filename)], ...} : Resource.binary(/myDatabase[filename], "application/txt")
It's working fine, but the file I download is always named "download.txt". How can I change this name ?
Thanks
case {path:[], query:[("download", filename)], ...} : Resource.binary(/myDatabase[filename], "application/txt") |> Resource.add_header(_, {content_disposition={attachment=filename}})