Thursday, September 19, 2013

Small Side Project

The other day, while on lunch, I decided to write a quick bash script to determine the IP of my machine.   For the first incarnation of this script, I chose Bash as it is just a quick and dirty way to achieve my goal.  
Well, after working on it for a little bit on my Linux machine, I looked to my right and saw my Macbook sitting next to me.  Being a *nix backed OS, I decided that the script also needed to support it, as well.  What the heck, why not throw Solaris into the bunch as well, seeing as I also have access to a Solaris machine.
Once I decided to take a break, I created a new repo up on Github to host the project, created a license and readme file and got my script checked into the repo.  Shortly after I put up a facebook post about the new repo, a colleague downloaded it, tested it and quickly posted a suggestion for improvement.  
I will be the first to admit that my initial design was a bit short-sighted and didn't take into account interfaces that were not active.  
I quickly went about a re-design to determine which interface(s) were active, and report their IP's.  After getting the script working as hoped on Mac, I turned my attention to Linux and Solaris.  I quickly realized that when dealing with servers, you will most likely have multiple active interfaces, including virtual (vnet) interfaes. 
Sitting here writing this, I think I may simply report each one, and also print the interface name in the output, which is currently not done.  The code is a work in progress, so if you are interested, please stay tuned and watch the updates flow.  
As always, if you have any suggestions for script improvement or if you find any bugs, please open an issue through the project on Github.  

Thursday, September 05, 2013

Effing ARGH!!!!!

Let me just say how painful it is when you have been pouring tons of time into a pet project that you feel strongly about, and that you had a "grand plan" for, only to literally stumble upon another site that has already implemented the idea.  ARGH!!!!!

My idea was to be a nutritional information site.  It would cover not only standard foods and processed foods from your grocery store, but also the food at restaurants.  I wanted this thing to be the one-stop-shop for anyone conscious about their health and what they eat.  

One of the main reasons this is near and dear to me is that I am a Diabetic, and earlier this year changed my entire eating style to be Paleo.  Its been an amazing journey thus far and I wanted this site to be the nutritional information bible.

Well, while downloading restaurant nutritional information last night, I noticed that one of the PDF's was not hosted at the restaurant's site, but instead another site all together.  I went to the root url only to discover that this site, where the info was hosted, already provided what my site was going to provide.  And on top of that, it was pretty slick.  A friend suggested I use their data as my source and make a better site, but to be honest, it wouldn't be right.  Yes, I am one of those honest people and believe in doing the right thing.

You can say 'C'est la vie'..... move on..... whatever you choose, but it doens't take the sting out of the fact that I feel robbed and completely screwed over having been totally beaten to the fully implemented concept.  

I am going to just have to ensure that the next idea that I have gets to fruition quicker, before someone else does it.

Monday, September 02, 2013

Do My SSL Keys Match Up?

Recently, at my day job, we had an issue where the SSL certificate that we had in place for one of our URL's, was expiring and needed renewing.  One of my colleagues had renewed the certificate, but did not have time to install it immediately.  So, the day that its expiring we had to do a bit of scrambling to get it replaced on the server.

So, having been given this task, I logged on to the server and noticed that the public key, signing keys and private keys were all put into the same directory.  Cool, I don't have to figure out where to put them.  So, I downloaded the certificate bundle from our issuer and unzipped it.  It was then that I realized that the bundle only contained the public key and the signing certificate(s).  

So here I am, with the new key and no private key.  Plus, looking on our issuer's site, there was no way to tell what private key was used.  Thus became my quick search of the Googles to determine how to compare a public key with a private key to see if they are a pair.  

If you have manually created SSL certificates before, then you should already (hopefully) be familiar with the openssl software.  Thankfully, that software can also be used to pair up public and private keys.

In order to match up two keys, you need get some output from the keys themselves.  On the public key, you want to run the following:

openssl x509 -noout -text -in cert.crt
You will then want to run the following on the private key that you suspect may match up:

openssl rsa -noout -text -in cert.key
As part of the output of both of those commands you will see a section called "Modulus", which looks something like this:

Modulus (4096 bit):
                    00:e4:86:e3:fb:49:07:1d:a6:11:df:3b:1f:d8:1b:
                    65:c8:97:06:28:fa:73:d2:bc:d2:05:94:b3:f3:0d:
                    69:6d:ae:fa:80:a5:4d:63:6f:bf:1e:62:67:fe:3d:
                    be:96:ab:17:25:87:b5:ac:04:15:70:20:e7:d3:0b:
                    e3:fe:99:53:eb:10:60:2e:48:a2:0d:00:de:9c:c4:
                    7c:79:f4:ff:66:e7:40:37:2a:4a:7c:93:8a:af:66:
                    17:f1:04:60:94:c7:62:86:83:e0:1f:28:b8:4d:8e:
                    dd:30:59:47:76:ba:b9:60:b5:a7:2a:af:1d:be:2c:
                    bb:1f:58:6d:56:f0:36:a4:72:f7:1b:9e:c9:f6:57:
                    99:e2:3d:3a:7b:db:9a:2d:50:47:3f:3e:15:27:5a:
                    b2:fe:84:4b:4d:68:a7:ca:32:6d:4c:59:1a:a4:74:
                    39:f0:f3:10:a8:fa:9f:de:cb:4f:c8:b1:86:24:aa:
                    01:48:32:8b:e9:06:1f:71:43:2d:64:1a:30:73:d3:
                    7c:9f:46:f9:17:59:1a:db:0b:fa:a3:49:b0:56:90:
                    e5:37:79:42:35:05:24:e5:82:80:59:4c:16:94:3f:
                    9c:d3:d3:f5:ea:03:87:d6:5f:c8:23:1a:08:9c:43:
                    78:be:7d:98:a0:e0:82:05:74:de:1a:bb:4a:2e:d6:
                    a3:cd:70:24:a3:5d:05:06:a6:28:2c:f8:75:2d:61:
                    34:28:a6:44:69:b6:f8:cc:ea:9d:f1:97:35:3c:cd:
                    46:b5:69:e6:7e:7d:a5:07:7d:cb:bc:98:d1:80:18:
                    f9:87:fa:d8:db:c7:42:4d:93:54:36:4b:83:45:0c:
                    79:b3:0f:1c:28:e1:f7:92:0b:56:86:f2:17:80:55:
                    fe:31:67:c9:31:5c:7b:87:d2:ea:ea:a8:38:0e:b1:
                    37:68:ef:a1:d1:be:a1:69:8e:37:45:bb:96:b7:9d:
                    27:1e:a9:d5:6a:be:36:a8:20:ae:ab:4f:5e:a1:40:
                    f6:92:57:17:ff:68:c6:9b:4e:ee:d1:2f:47:b9:9f:
                    9c:be:4b:21:ad:20:a7:12:38:89:2b:12:0e:62:cc:
                    44:65:e7:af:31:fe:ba:c7:e7:60:e3:cc:65:b2:91:
                    15:73:2c:d7:17:95:53:f9:d6:f8:6a:4c:3c:5a:62:
                    c7:5b:c9:2b:52:37:66:ec:56:be:4a:75:49:0b:9e:
                    32:a1:e3:62:0a:a3:de:3a:a5:00:03:d8:01:79:df:
                    9b:46:1f:44:a2:06:71:28:0d:8a:61:00:5c:7f:5a:
                    0c:37:c0:dd:dc:3b:80:a1:b7:ad:df:1d:08:fa:95:
                    f8:35:42:3f:4c:e6:8e:f3:94:12:d6:83:63:84:63:
                    89:bb:61 

What is really nice is that if they are the correct pair, the modulus of both keys will be identical.  To finish my anecdote regarding work, I got lucky and the first key that I chose (which was the private key previously used), ended up being a match, proving that they new key was generated using it by our provider.  

I hope this has helped someone find their long lost matching keys.  
 
Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.