The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,481 other followers

Archive for the ‘Public Key Cryptography’ Category

List of “Plain Text Offenders”; hopefully someone publishes a list of https offenders too

Posted by jpluimers on 2016/10/24

This Plain Text Offenders site lists email screenshots of organisations sending back plain-text passwords they kept on file (According to Robert Love, Idera/Embarcadero should be on the list as well).

It is one of the most horrible things that can be done for a password.

Business and IT do many horrible things, so I really hope someone will start a similar site about SSL Labs F-rated domains. The ones that are so broken that they degraded their https to virtually plain-text http quality.

In the past, a notorious example of this was Embarcadero, who in the past managed to get F-rating or had wrong configurations on the below domains, therefore preventing me from logging in and getting new products from them (which is far worse than them not cleaning up their bug database):

Read the rest of this entry »

Posted in Delphi, Development, Hashing, https, OpenSSL, Power User, Public Key Cryptography, QC, Security, Signing, Software Development | 3 Comments »

Diffie-Hellman Key Exchange – YouTube

Posted by jpluimers on 2016/07/20

Great explanation of Diffie-Hellman Key Exchange – YouTube.

It is based on mixing colors and some colors of the mix being private.



Posted in Algorithms, Development, Encryption, Hashing, https, OpenSSL, Power User, Public Key Cryptography, Security, Software Development | Leave a Comment »

DEFCON 17: More Tricks For Defeating SSL – YouTube

Posted by jpluimers on 2016/07/11

Still relevant after a few years: DEFCON 17: More Tricks For Defeating SSL – YouTube.

I landed there after trying to find out how to verify the Internic root server file is actually pubished by Internic via authentication – Ways to sign gpg public key so it is trusted? – Information Security Stack Exchange.

I remember reading his “if you have to perform any cryptographic operation before verifying the MAC on a message you’ve received, it will somehow inevitably lead to doom” post (Moxie Marlinspike >> Blog >> The Cryptographic Doom Principle), but never noticed his videos.

It is still relevant as there are lots of implementations still vulnerable to these kinds of attacks.

Many more of his blog entries are interesting as well:

Read the rest of this entry »

Posted in Encryption, Hashing, https, OpenSSL, PKI, Power User, Public Key Cryptography, Security, Signing | Leave a Comment »

Index of /materials/haxpo2015ams

Posted by jpluimers on 2015/11/27

It feels like yesterday, but haxpo2015ams was already six months ago!

Session materials index:

Index of /materials/haxpo2015ams

[ICO] Name Last modified Size Description

[PARENTDIR] Parent Directory
[ ] D1 – Frank Breedijk – Help my Security Officer is Allergic to DevOps.pdf 2015-05-28 07:19 6.7M
[ ] D1 – Lisha Sterling – Hacking Humanitarian Project for Fun and Profit.pdf 2015-05-27 18:27 6.1M
[ ] D1 – Marc Newlin – ReDECTed.pdf 2015-05-27 16:56 1.7M
[ ] D1 – P. Mason, K. Flemming A. Gill – All Your Hostnames Are Belong to Us.pdf 2015-05-27 16:03 2.8M
[ ] D1 – Wouter van Rooij – Future Privacy.pdf 2015-05-27 16:16 715K
[ ] D2 – Bob Baxley – Privacy and Security in the Internet of Things.pdf 2015-05-28 17:00 7.1M
[ ] D2 – Edwin Sturrus – Data Security and Privacy in the Age of Cloud.pdf 2015-05-28 15:24 1.2M
[ ] D2 – Jessica Maes – Privacy in Digital Society.pdf 2015-05-28 12:18 4.1M
[ ] D2 – Jimmy Shah – BYOD is Now BYOT – Current Trends in Mobile APT.pdf 2015-05-28 15:55 3.6M
[ ] D3 – Jaya Baloo – Crypto is Dead Long Live Crypto.pdf 2015-05-29 17:17 4.4M
[ ] D3 – Jeroen van der Ham – Responsible Disclosure in The Netherlands.pdf 2015-05-29 16:37 1.7M
[ ] D3 – Oliver Matula and Christopher Scheuring – Evaluating the APT App Armor.pdf 2015-05-29 11:55 3.9M
[ ] D3 – R. Schaefer and J. Salazar – Pentesting in the Age of IPv6.pdf 2015-05-29 16:22 1.8M
[ ] D3 – Ruben van Vreeland – New Attack Vectors for Exploiting Web Platforms.pdf 2015-05-29 11:55 816K
[ ] HAXPO HIGHLIGHT – Andrew Tanenbaum – MINIX3.pdf 2015-05-28 15:19 9.2M
[ ] HAXPO HIGHLIGHT – Eleanor Saitta – Designing Security Outcomes.pdf 2015-05-29 15:15 1.4M
[ ] HAXPO HIGHLIGHT – Reuben Paul – The A-to-Z of CyberSecurity.pdf 2015-05-28 15:19 17M
[ ] HAXPO WELCOME – Richard Thieme – Too Much to Know.pdf 2015-05-27 13:37 6.3M

Apache/2.4.7 (Ubuntu) Server at Port 80


Posted in *nix, *nix-tools, Encryption, Hashing, https, LifeHacker, OpenSSL, PKI, Power User, Public Key Cryptography, Security, Signing | Leave a Comment »

security – How do I view the contents of a PFX file on Windows? – Super User

Posted by jpluimers on 2015/07/27

Dumping any kind of certificate file gives you access to more details than the Windows UI usually shows you.

This is especially handy when checking out errors or issues (which can be very difficult to track down).

For binary PFX files, the certutil and openssl commands come in very handy:

Some options to view PFX file details:Open a command prompt and type: certutil -dump Install OpenSSL and use the commands to view the details, such as: openssl pkcs12 -info -in unverified.

OpenSSL is a separate download (from my OpenSSL category of articles, see Some command-line tips for OpenSSL and file format pfx, p12, cer, crt, key, etc. conversion of certificates, keys) to get it.

CertUtil now ships with Windows by default (it wasn’t in the Windows XP era, I’m not sure about Windows Server 2003).

Here is the CertUtil help for dumping certificate information;

Dump certificate file information CertUtil [Options] [-dump] [File] Options: [-f] [-silent] [-split] [-p Password] [-t Timeout]


  • the [-v] option is not listed, but does work; it will give a more verbose dump.
  • [-dump] also works other certificate file extensions like .p7b files.

Here is the OpenSSL help for dumping pkcs12 information:

openssl pkcs12 [-export] [-chain] [-inkey filename] [-certfile filename] [-name name] [-caname name] [-in filename] [-out filename] [-noout] [-nomacver] [-nocerts] [-clcerts] [-cacerts] [-nokeys] [-info] [-des | -des3 | -idea | -aes128 | -aes192 | -aes256 | -camellia128 | -camellia192 | -camellia256 | -nodes] [-noiter] [-maciter | -nomaciter | -nomac] [-twopass] [-descert] [-certpbe cipher] [-keypbe cipher] [-macalg digest] [-keyex] [-keysig] [-password arg] [-passin arg] [-passout arg] [-rand files] [-CAfile file] [-CApath dir] [-CSP name]


The pkcs12 command allows PKCS#12 files sometimes referred to as PFX files to be created and parsed. PKCS#12 files are used by several programs including Netscape, MSIE and MS Outlook.


There are a lot of options the meaning of some depends of whether a PKCS#12 file is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12 file can be created by using the -export option see below.


-in filenameThis specifies filename of the PKCS#12 file to be parsed. Standard input is used by default.

-infooutput additional information about the PKCS#12 file structure, algorithms used and iteration counts.

and the OpenSSL help for dumping pkcs7 information:

openssl pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out filename] [-print_certs] [-text] [-noout] [-engine id]


The pkcs7 command processes PKCS#7 files in DER or PEM format.


-inform DER|PEM; This specifies the input format. DER format is DER encoded PKCS#7 v1.5 structure.PEM the default is a base64 encoded version of the DER form with header and footer lines.

-print_certs; prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format.

-text; prints out certificates details in full rather than just subject and issuer names.


  • do not forget the -inform DER option to specify a binary .p7b file.
  • the -text option gives you more verbose information

via OpenSSL: Documents, pkcs71.



Posted in OpenSSL, PKI, Power User, Security | Leave a Comment »

%d bloggers like this: