Distributed microservices using Kite and Kontrol - go

I am able to register my kite microservice to kontrol but unable to discover it,
kites, err := k.GetKites(&protocol.KontrolQuery{
Username: k.Config.Username,
Environment:k.Config.Environment,
Name:"myservice",
})enter code here
if err != nil {
fmt.Println("has error")
log.Fatalln(err)
}
I am getting authenticationError.
has error
2015/06/16 09:59:16 authenticationError: token contains an invalid number of segments
exit status 1
Also I am not able to find $USER_HOME/.kite/kite.key file.

I have figured it out. I need to export these environment variable,
export KONTROL_PORT=4099
export KONTROL_USERNAME="kontrol"
export KONTROL_STORAGE="etcd"
export KONTROL_KONTROLURL="http://127.0.0.1:4099/kite"
export KONTROL_PUBLICKEYFILE=~/certs/key_pub.pem
export KONTROL_PRIVATEKEYFILE=~/certs/key.pem
Then generate rsa token,
cd ~/certs/
openssl genrsa -out key.pem 2048
openssl rsa -in key.pem -pubout > key_pub.pem
openssl rsa -in key.pem -pubout > key_pub.pem
Run Kontrol CLI with -install flag.

Related

How to decrypt files in Go that were encrypted using Openssl aes-256-cbc

I am using OpenSSL AES-256-CBC to encrypt some of my files
openssl aes-256-cbc -in filename.txt -out filename.enc -k password
How can those files be decrypted in Go?
I hope this can help, make sure you read file bytes in opensslEncrypted variable:
Installation
git clone https://github.com/funny/crypto
Decrypt:
import (
"fmt"
"github.com/funny/crypto/aes256cbc"
)
func main() {
opensslEncrypted := "U2FsdGVkX19ZM5qQJGe/d5A/4pccgH+arBGTp+QnWPU="
passphrase := "z4yH36a6zerhfE5427ZV"
dec, err := aes256cbc.DecryptString(passphrase, opensslEncrypted)
if err != nil {
fmt.Printf("An error occurred: %s\n", err)
}
fmt.Printf("Decrypted text: %s\n", string(dec))
}
Source: github
yes , it's working, but you cmd need run this
openssl aes-256-cbc -in filename.txt -out filename.enc -k password -a

Openssl CSR Creation with -subj is failing

I'm having a Scirpt and I'm trying to create a self signed Cert:
openssl ecparam -genkey -name secp384r1 -out /etc/nginx/ssl/${MYDOMAIN}.key.pem >/dev/null 2>&1
openssl req -new -sha256 -key /etc/nginx/ssl/${MYDOMAIN}.key.pem -out /etc/nginx/ssl/csr.pem -subj "/C=/ST=/L=/O=/OU=/CN=*.${MYDOMAIN}" >/dev/null 2>&1
openssl req -x509 -days 365 -key /etc/nginx/ssl/${MYDOMAIN}.key.pem -in /etc/nginx/ssl/csr.pem -out /etc/nginx/ssl/${MYDOMAIN}.pem >/dev/null 2>&1
The creation of the CSR should be silent due to the -subj paramter, but it's not working at all with this line:
openssl req -new -sha256 -key /etc/nginx/ssl/${MYDOMAIN}.key.pem -out /etc/nginx/ssl/csr.pem -subj "/C=/ST=/L=/O=/OU=/CN=*.${MYDOMAIN}" >/dev/null 2>&1
I'm receiving an error like this:
[INFO] Creating self-signed SSL certificates...
No value provided for Subject Attribute C, skipped
No value provided for Subject Attribute ST, skipped
No value provided for Subject Attribute L, skipped
No value provided for Subject Attribute O, skipped
No value provided for Subject Attribute OU, skipped
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
It was working in that way, before I updated Openssl to 1.1.0...
With:
openssl req -new -sha256 -key /etc/nginx/ssl/${MYDOMAIN}.key.pem -out /etc/nginx/ssl/csr.pem subj "/C=DE/ST=Berlin/L=Berlin/O=Privat/OU=Privat/CN=*.${MYDOMAIN}" >/dev/null 2>&1
I'm getting this error:
[INFO] Creating self-signed SSL certificates...
unknown option subj
req [options] outfile
where options are
[...]

Creating certificate to sign GDB on Mac OS X from bash

I am trying to install gdb on Mac OS X by following link1 and link2. This process is done in four steps:
installing gdb using brew install gdb
creating a certificate
sign gdb using codesign -s [cert-name] [your-gdb-location]
How can I automate step 2 in a bash script?
This is my final code (based on here, here and here):
cat > myconfig.cnf << EOF
[ req ]
prompt = no
distinguished_name = my dn
[ my dn ]
# The bare minimum is probably a commonName
commonName = VENTOS
countryName = XX
localityName = Fun Land
organizationName = MyCo LLC LTD INC (d.b.a. OurCo)
organizationalUnitName = SSL Dept.
stateOrProvinceName = YY
emailAddress = ssl-admin#example.com
name = John Doe
surname = Doe
givenName = John
initials = JXD
dnQualifier = some
[ my server exts ]
keyUsage = digitalSignature
extendedKeyUsage = codeSigning
EOF
echo "generating the private key ..."
openssl genrsa -des3 -passout pass:foobar -out server.key 2048
echo ""
echo "generating the CSR (certificate signing request) ..."
openssl req -new -passin pass:foobar -passout pass:foobar -key server.key -out server.csr -config myconfig.cnf -extensions 'my server exts'
echo ""
echo "generating the self-signed certificate ..."
openssl x509 -req -passin pass:foobar -days 6666 -in server.csr -signkey server.key -out server.crt -extfile myconfig.cnf -extensions 'my server exts'
echo ""
echo "convert crt + RSA private key into a PKCS12 (PFX) file ..."
openssl pkcs12 -export -passin pass:foobar -passout pass:foobar -in server.crt -inkey server.key -out server.pfx
echo ""
echo "importing the certificate ..."
sudo security import server.pfx -k /Library/Keychains/System.keychain -P foobar
Now you can see the certificate listed in System keychains:
To sign gdb
sudo codesign -s VENTOS "$(which gdb)"

Padding errors using OpenSSL for encrypt/decrypt with Keys extracted from Digital Cert

I am using some command line Open SSL commands to encrypt and decrypt data using Public and Private keys extracted from a Digital Cert. When I try to decrypt I get PKCS padding errors. Can someone tell me where I'm going wrong?
These are the command I've been using:
a) Extract Public key: openssl x509 -pubkey -noout -in xxxxx.cer > xxxxxpublickey.pem
b) Extract Private Key:openssl pkcs12 -in xxxxxx.pfx -nocerts -out xxxxxprivatekey.pem -nodes
c) Encypt a key (.bin file): openssl enc -aes-256-cbc -in kenkey.bin -out kenkey_Key -pass file:xxxxxpublickey.pem
d) Decrypt key produced in c) openssl rsautl -decrypt -hexdump -in kenkey_key -inkey xxxxxprivatekey.key -out aeskey.txt
This produces errors like this:
RSA operation error 3248:error:0407109F:rsa
routines:RSA_padding_check_PKCS1_type_2:pkcs decoding
error:.\crypto\rsa\rsa_pk1.c:273: 3248:error:04065072:rsa
routines:RSA_EAY_PRIVATE_DECRYPT:padding check
failed:.\crypto\rsa\rsa_eay.c:602:

openssl generates the same public key from bash script

Im trying to generate multiple pairs of private - public keys with openssl
Im using this bash script.
openssl genrsa -out /etc/dkim10.key 1024 && openssl rsa -in /etc/dkim.key -out /etc/dkim10.pub -pubout &&
openssl genrsa -out /etc/dkim11.key 1024 && openssl rsa -in /etc/dkim.key -out /etc/dkim11.pub -pubout &&
openssl genrsa -out /etc/dkim12.key 1024 && openssl rsa -in /etc/dkim.key -out /etc/dkim12.pub -pubout
the private keys are different but the public key is always the same. the .pub files are identical when compared with diff. the same happens if I try to generate the pairs one by one. is this normal ? and how can I make it generate different public keys?
You are using the same private key for each public key command: openssl rsa -in /etc/dkim.key.
You need to use the correct private key.

Resources