Basic glossary about Cryptography

AES "Advanced Encryption Standard". Block cipher technique.
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
AES C++ implementation site:edu
https://www.google.com/search?sxsrf=ALeKk02JkY7UAMFDzjiQxUHOM631S2ndOw%3A1597851531788&source=hp&ei=i0c9X4O3LIu4a9aPvKAK&q=AES+C%2B%2B+implementation+site%3Aedu&oq=AES+C%2B%2B+implementation+site%3Aedu&gs_lcp=CgZwc3ktYWIQA1D7DVj7DWDBFmgAcAB4AIABTogBTpIBATGYAQCgAQKgAQGqAQdnd3Mtd2l6&sclient=psy-ab&ved=0ahUKEwjDqM_nzKfrAhUL3BoKHdYHD6QQ4dUDCAY&uact=5
AES 128 AES 128. Used with "TLS".
AES 256 AES 256. Used with "TLS".
ALPN Related to TLS.
https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation
ASIO Portable networking and other low-level I/O, including sockets, timers, hostname resolution, socket iostreams, serial ports, file descriptors and Windows HANDLEs.
https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio.html
https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference.html
http://think-async.com/Asio/
Some classes:
boost::asio::io_context https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/io_context.html
boost::asio::ip::tcp::acceptor https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/ip__tcp/acceptor.html
boost::asio::ip::tcp::endpoint https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/ip__tcp/endpoint.html
boost::asio::ip::tcp::resolver https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/ip__tcp/resolver.html
boost::asio::ip::tcp::socket https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/ip__tcp/socket.html
boost::asio::ssl::context (with OpenSSL) https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/ssl__context.html (tlsv13, tlsv13_client, tlsv13_server for TLS 1.3)
boost::asio::ssl::stream<boost::asio::ip::tcp::socket> (with OpenSSL) https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/ssl__stream.html (class template)
boost::asio::streambuf https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/streambuf.html
Some functions:
boost::asio::buffer_cast https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/buffer_cast.html
boost::asio::ip::tcp::acceptor::accept https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/basic_socket_acceptor/accept.html
boost::asio::ip::tcp::resolver::resolve https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/ip__basic_resolver/resolve.html
boost::asio::ip::tcp::socket::close https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/basic_stream_socket/close.html
boost::asio::ip::tcp::socket::is_open https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/basic_stream_socket/is_open.html
boost::asio::read_until https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/read_until.html (from socket and ssl::stream)
boost::asio::ssl::context::load_verify_file https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/ssl__context/load_verify_file.html
boost::asio::ssl::context::set_options https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/ssl__context/set_options.html
boost::asio::ssl::context::use_certificate_chain_file https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/ssl__context/use_certificate_chain_file.html
boost::asio::ssl::context::use_private_key_file https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/ssl__context/use_private_key_file.html
boost::asio::ssl::stream<boost::asio::ip::tcp::socket>::handshake https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/ssl__stream/handshake.html
boost::asio::streambuf::consume https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/basic_streambuf/consume.html
boost::asio::streambuf::data https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/basic_streambuf/data.html
boost::asio::write https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/reference/write.html (to socket and ssl::stream)
.
Example, to test the STARTTLS command of a SMPT server of the email address <localPart@domain>
nslookup -type=MX domain
openssl s_client -connect domainMailExchanger:25 -starttls smtp
and if it works, after that you can write SMTP commands and everything goes encrypted:
EHLO myDomain
MAIL FROM:<sender@myDomain>
RCPT TO:<localPart@domain>
DATA
...
https://www.openssl.org/docs/man1.1.1/man1/s_client.html
ASN_1 ASN.1. See "DER".
https://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One
https://www.openssl.org/docs/man1.0.2/man1/openssl-asn1parse.html
Asymmetric cryptography Criptografía asimétrica. Asymmetric cryptography or public key cryptography.
https://en.wikipedia.org/wiki/Public-key_cryptography
AutoFirma Software to sign files with DNIE. It can generate CAdES signatures.
https://firmaelectronica.gob.es/Home/Descargas
autoridad de sellado de tiempo
https://es.wikipedia.org/wiki/Autoridad_de_sellado_de_tiempo
Base64 Printable format to represent binary data.
https://en.wikipedia.org/wiki/Base64
https://wiki.openssl.org/index.php/Base64
#include <openssl/evp.h> // libcrypto // function EVP_EncodeBlock()
BER "Basic Encoding Rules". See also "CER" and "DER".
CA "Certification Authority". Autoridad de Certificación. See also "CAA record".
https://globalsign.com
https://digicert.com
https://godaddy.com
https://letsencrypt.org
http://cacert.org
CAA record See "DNS record".
CAdES signature It can be generated with the software AutoFirma.
https://firmaelectronica.gob.es/Home/en/Ciudadanos/Formatos-Firma.html
CBC "Cipher Block Chaining". See "CBC mode".
CBC mode El resultado del cifrado del bloque previo se incluye en el cifrado del bloque actual a través de una operación XOR. Ver también "ECB mode" y "Galois/Counter Mode".
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_block_chaining_(CBC)
CER "Canonical Encoding Rules". See also "BER" and "DER".
CP "Certificate Policy".
https://en.wikipedia.org/wiki/Certificate_policy
CPS "Certification Practice Statement".
https://en.wikipedia.org/wiki/Certification_Practice_Statement
CRL "Certificate Revocation List". Lista de revocación de certificados. X.509 defines one method of certificate revocation. This method involves each CA periodically issuing a signed data structure called a certificate revocation list (CRL). A CRL is a time stamped list identifying revoked certificates which is signed by a CA and made freely available in a public repository. Each revoked certificate is identified in a CRL by its certificate serial number. When a certificate-using system uses a certificate (e.g., for verifying a remote user's digital signature), that system not only checks the certificate signature and validity but also acquires a suitably-recent CRL and checks that the certificate serial number is not on that CRL. The meaning of "suitably-recent" may vary with local policy, but it usually means the most recently-issued CRL. See also "OSCP".
https://en.wikipedia.org/wiki/Certificate_revocation_list
CSR "Certificate Signing Request". The most common format for CSRs is defined in standard PKCS#10. See "X.509".
openssl req -new -key xformulas.net.key -subj "/C=ES/ST=Madrid/L=Madrid/O=XFORMULAS.NET/OU=https:\/\/fb.com\/erg2332/CN=Eduardo Reyes (erg2332@gmail.com, erg2332@hotmail.com)" -out xformulas.net.csr // CREA FICHERO CSR (FORMATO PEM)
// Country Name (2 letter code) [AU]:ES
// State or Province Name (full name) [Some-State]:Madrid
// Locality Name (eg, city) []:Madrid
// Organization Name (eg, company) [Internet Widgits Pty Ltd]:Eduardo Reyes (erg2332@gmail.com, erg2332@hotmail.com)
// Organizational Unit Name (eg, section) []:https://fb.com/erg2332
// Common Name (e.g. server FQDN or YOUR name) []:Eduardo Reyes (erg2332@gmail.com, erg2332@hotmail.com)
// arbitrary fields in X.509 certificates
https://en.wikipedia.org/wiki/Certificate_signing_request
https://www.openssl.org/docs/man1.0.2/man1/openssl-req.html
certificado Un certificado es básicamente un fichero con algunos datos de un sujeto (Subject) junto con la clave pública (PUBLIC KEY) de dicho sujeto, todo ello firmado con la clave privada (PRIVATE KEY) de un emisor (Issuer). Estos certificados pueden publicarse. Hay otro tipo de certificados que contienen además la clave privada del sujeto (PRIVATE KEY) que no deben publicarse (la clave privada debería ser usada solamente por el sujeto).
To get the certificate from a SSL website (https://FQDN/..), we can use the following.
openssl s_client -connect FQDN:443 < /dev/null 2> /dev/null | openssl x509 > CERTIFICATE.crt
To show the certificate:
openssl x509 -in CERTIFICATE.crt -text
openssl x509 -in CERTIFICATE.crt -text -noout
https://www.openssl.org/docs/man1.1.1/man1/x509.html
x.509 certificate site:stanford.edu filetype:pdf
https://www.google.com/search?sxsrf=ALeKk03A58L2gesRr99dE2xa3Gzeid0dFA%3A1601579304774&source=hp&ei=KCl2X5GfLMGclwT4yaG4Bw&q=x.509+certificate+site%3Astanford.edu+filetype%3Apdf&oq=x.509+certificate+site%3Astanford.edu+filetype%3Apdf&gs_lcp=CgZwc3ktYWIQA1DMFFjMFGCRNGgAcAB4AIABzwGIAc8BkgEDMi0xmAEAoAECoAEBqgEHZ3dzLXdpeg&sclient=psy-ab&ved=0ahUKEwiR06bsi5TsAhVBzoUKHfhkCHcQ4dUDCAY&uact=5
certificate, self signed Certificado autofirmado.
https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
certlm_msc certlm.msc. Programa para gestionar los certificados del contenedor de certificados local de Windows.
certmgr_msc certmgr.msc. Programa para gestionar los certificados del contenedor de certificados de usuario de Windows.
certutil Programa que permite mostrar información de un certificado, incluyendo la fecha de caducidad del certificado.
certutil -dump certificate.pfx
cipher suite See "TLS".
clave privada Private key. Ver "criptografía asimétrica".
clave pública Public key. Ver "criptografía asimétrica".
clave pública, criptografía de Public key cryptography. Criptografía de clave pública o criptografía asimétrica. Ver "criptografía asimétrica".
code signing certificate Certificado de firma de "código". Para firmar ejecutables (.exe).
https://www.google.com/search?biw=1920&bih=916&ei=ni_6XPGNG4noUeGEqYAG&q=code+signing+certificate&oq=code+signing+certificate&gs_l=psy-ab.3..0i71l8.0.0..3876...0.0..0.0.0.......0......gws-wiz.ekDwlEppnAY
criptografía asimétrica Criptografía asimétrica, Criptografía de clave pública (Public key cryptography) o Criptografía de dos claves​ (Two-key cryptography).
https://es.wikipedia.org/wiki/Criptograf%C3%ADa_asim%C3%A9trica
DDA "Dynamic Data Authentication". Referred to EMV. See also "SDA" and "EMV".
https://www.emvco.com/wp-content/uploads/2017/05/EMV_v4.3_Book_2_Security_and_Key_Management_20120607061923900.pdf#page=64
DER "Distinguished Encoding Rules". It is a binary format based in ASN.1 and used, for example, for CSR files. The DER files can be represented in plain text (Base64) using the PEM format. See also "BER" and "CER".
DES "Data Encryption Standard". Block cipher technique.
https://en.wikipedia.org/wiki/Data_Encryption_Standard
DH Diffie-Hellman.
Diffie–Hellman key exchange Used in TLS.
https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
Diffie-Hellman parameters Used in TLS. Server side.
https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
openssl dhparam -out dh2048.pem 2048
https://www.openssl.org/docs/man1.1.1/man1/dhparam.html
DNIE DNI Electrónico (Spain).
https://www.dnielectronico.es/
DNS record DNS record
https://en.wikipedia.org/wiki/List_of_DNS_record_types
https://dnschecker.org/all-dns-records-of-domain.php
ECB "Electronic codebook". See "ECB mode".
ECB mode The message is divided into blocks, and each block is encrypted separately. See also "CBC mode" and "Galois/Counter Mode".
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB)
ECC "Elliptic Curve Cryptography". Criptografía de curva elíptica. It can be used instead of RSA.
https://en.wikipedia.org/wiki/Elliptic-curve_cryptography
https://www.google.com/search?sxsrf=ACYBGNQjJ9j8FdotbeAHRZhTsveXs_AocA%3A1574768989923&source=hp&ei=XRHdXZOuNaq_lwSpkLzQDg&q=%22Elliptic+Curve+Cryptography%22+site%3Aedu+filetype%3Apdf&oq=%22Elliptic+Curve+Cryptography%22+site%3Aedu+filetype%3Apdf&gs_l=psy-ab.3...2386.2386..8477...1.0..0.59.59.1......0....2j1..gws-wiz.4P5bOU-ho8Y&ved=0ahUKEwjT0PrR54fmAhWq34UKHSkID-oQ4dUDCAU&uact=5
ECC 256
ECC 384
ECDSA "Elliptic Curve Digital Signature Algorithm".
https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
EMV commands
https://en.wikipedia.org/wiki/EMV
https://www.emvco.com/wp-content/uploads/2017/05/EMV_v4.3_Book_3_Application_Specification_20120607062110791.pdf#page=59
Email message format Internet Message Format.
https://tools.ietf.org/html/rfc5322#page-21
ENHANCEDSTATUSCODES
https://tools.ietf.org/html/rfc3463#page-14
ESMTP "Extended SMTP". See "SMTP Service Extensions".
https://en.wikipedia.org/wiki/Extended_SMTP
firma digital Una firma digital o electrónica es un hash cifrado con una clave privada o secreta. La firma digital de un fichero puede ir en otro fichero diferente o se puede incluir en el fichero si el formato del fichero lo permite. Por ejemplo, puede haber firmas digitales en ficheros .pdf de Adobe, en ficheros de Microsoft Word y en ejecutables .exe de Windows. Algunos ficheros ejecutables de Windows tienen en las propiedades del fichero (haciendo click con el botón derecho del ratón) la solapa "Digital Signatures".
Galois/Counter Mode GCM. See also "ECB mode", "CBC mode" and "TLS_AES_128_GCM_SHA256" (TLS 1.3).
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Galois/Counter_(GCM)
https://en.wikipedia.org/wiki/Galois/Counter_Mode
GCM See "Galois/Counter Mode".
Google Domains Google Domains is a domain registration service offered by Google.
https://domains.google/
https://en.wikipedia.org/wiki/Google_Domains
HSM "Hardware security module". See also "smart card".
https://en.wikipedia.org/wiki/Hardware_security_module
HTTP "Hypertext Transfer Protocol".
HTTPS "Hypertext Transfer Protocol Secure". See "TLS".
https://en.wikipedia.org/wiki/HTTPS
https://developers.google.com/web/fundamentals/security/encrypt-in-transit/enable-https
hash Un hash de unos datos son bytes que se calculan aplicando algún algoritmo matemático predefinido, por ejemplo, SHA-256. Generalmente el cambio de un bit en los datos provoca que el nuevo hash sea muy diferente del anterior. Los datos pueden ser, por ejemplo, cualquier fichero de cualquier tipo.
IPsec "Internet Protocol Security".
https://en.wikipedia.org/wiki/IPsec
jarsigner Java tool to sign and verify jar files. See keytool.
// Sign jar
jarsigner -storetype pkcs12 -keystore CERTIFICATE.pfx -storepass "STORE_PWD" .\FILE.jar "ALIAS"
jarsigner -storetype pkcs12 -keystore xformulas.net.pfx -storepass "STORE_PWD" gas_app.jar "1"
jarsigner -tsa http://timestamp.digicert.com -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts" -storepass "STORE_PWD" .\FILE.jar "ALIAS"
jarsigner -tsa http://timestamp.digicert.com -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts" -storepass "STORE_PWD" -keypass "PWD" -digestalg SHA-256 .\FILE.jar "ALIAS"
// Verify signed jar
jarsigner -verify .\FILE.jar
jarsigner -verify gas_app.jar
jarsigner -verify -verbose .\FILE.jar
jarsigner -verify -verbose gas_app.jar
jarsigner -verify -verbose -certs .\FILE.jar
jarsigner -verify -verbose -certs gas_app.jar
"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
If you get this warning, see keytool.
keytool Java tool to manage certificates of the Java keystore. See jarsigner.
// Import CA certificate (ERG2332.crt)
keytool -importcert -trustcacerts -alias "CA_ALIAS" -file CA_CERTIFICATE.crt -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts"
keytool -importcert -trustcacerts -alias "erg2332" -file ERG2332.crt -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts"
"Certificate was added to the keystore" BUT NOT AS a CA certificate (ALTHOUGH I HAVE USED THE PARAMETER "-trustcacerts")
"jarsigner -verify FILE.jar" says:
"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
In theory, the signed jar contains the certificate "xformulas.net.crt", and "xformulas.net.crt" is signed with the private key corresponding to "ERG2332.crt" (certificate configurable as CA certificate according to cryptographic tools of OPENSSL and MICROSOFT).
This works without problems, for example, with OPENSSL. Also, using the same incoming file ERG2332.crt and the tools certmgr.msc and certlm.msc of MICROSFT, I can see the new CA corresponding to "ERG2332.crt", and I can see the .exe files signed correctly in the tab "Digital Signatures" of their properties in Windows.
I am still looking for the solution to this problem. The help page of this option of keytool does not show information related to this problem.
keytool -importcert -help
// Import certificate (signed by a CA)
keytool -importcert -file CERTIFICATE.crt -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts" -alias "ALIAS"
keytool -importcert -file xformulas.net.crt -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts" -alias "xformulas_net" [THIS SHOULD NOT BE NECESSARY, BECAUSE (IN THEORY) THE XFORMULAS CERTIFICATE (SIGNED BY ERG2332) IS INCLUDED IN THE JAR FILES]
// Delete certificate with alias "erg2332" from the keystore ("C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts")
keytool -delete -alias "erg2332" -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts"
keytool -delete -alias "erg2332" -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts" -storepass "STORE_PWD"
// Show all the certificates of the Java keystore ("C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts") and their aliases
keytool -list -v -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts"
keytool -list -v -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts" -alias "ALIAS"
// Show the certificate of a .pfx file and its alias
keytool -list -v -storetype pkcs12 -keystore CERTIFICATE.pfx
// Change Java keystore password
keytool -storepasswd -keystore "C:\Program Files\Java\jre1.8.0_192\lib\security\cacerts"
key, public To get the public key from a certificate we can use the following command.
openssl x509 -pubkey -noout -in CERTIFICATE.crt > PUBLIC.key
MD5 Es un tipo de hash.
openssl dgst -md5 FILE
https://en.wikipedia.org/wiki/MD5
MIME "Multipurpose Internet Mail Extensions". See also "S/MIME".
https://en.wikipedia.org/wiki/MIME
MTA "Message transfer agent".
https://en.wikipedia.org/wiki/Message_transfer_agent
MX record See also "SMTP", "SMTPS" and "DNS record".
https://en.wikipedia.org/wiki/MX_record
NIST "National Institute of Standards and Technology".
https://www.nist.gov/topics/cryptography
OCSP "Online Certificate Status Protocol".
https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
https://tools.ietf.org/html/rfc2560
https://tools.ietf.org/html/rfc6960
OCSP responder OSCP server with OpenSSL:
openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem -text -out log.txt
-index file: certificate status index file
-port num: port to run responder on
-rsigner file: responder certificate to sign responses with
-CA file: CA certificate
-text: print text form of request and response
-out file: output filename
https://www.openssl.org/docs/man1.1.1/man1/ocsp.html
https://www.google.com/search?sxsrf=ACYBGNSfjnOOVvCEBHRuiutY3TtWSZFFlg%3A1575542150446&source=hp&ei=ht3oXcu0GMOEjLsPp_m1mAs&q=openssl+ocsp+index+indexfile+format&oq=openssl+ocsp+index+indexfile+format&gs_l=psy-ab.3..35i39.1569.1569..2018...1.0..0.69.69.1......0....2j1..gws-wiz.wz9w_wrAMyY&ved=0ahUKEwjLj9Dxp57mAhVDAmMBHad8DbMQ4dUDCAU&uact=5
OpenSSL OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
https://www.openssl.org/
https://slproweb.com/products/Win32OpenSSL.html
openssl version -a
openssl genrsa -out ERG.key 2048 // CREA CLAVES RSA PUBLICA Y PRIVADA EN UN FICHERO
openssl rsa -text -in ERG.key -noout // DECODIFICA Y MUESTRA CLAVES
openssl rsa -in ERG.key -pubout -out ERG_PUBLIC.key // CREA FICHERO SOLO CON LA CLAVE PUBLICA
openssl rsa -in ERG.key -out ERG_PRIVATE.key // CREA FICHERO SOLO CON LA CLAVE PRIVADA
openssl req -x509 -new -nodes -key ERG.key -sha256 -days 710 -subj "/C=ES/ST=Madrid/L=Madrid/O=Eduardo Reyes (erg2332@gmail.com, erg2332@hotmail.com)/OU=https:\/\/fb.com\/erg2332/CN=Eduardo Reyes (erg2332@gmail.com, erg2332@hotmail.com)" -out ERG.crt // CREA CERTIFICADO
// Country Name (2 letter code) [AU]:ES
// State or Province Name (full name) [Some-State]:Madrid
// Locality Name (eg, city) []:Madrid
// Organization Name (eg, company) [Internet Widgits Pty Ltd]:Eduardo Reyes (erg2332@gmail.com, erg2332@hotmail.com)
// Organizational Unit Name (eg, section) []:https://fb.com/erg2332
// Common Name (e.g. server FQDN or YOUR name) []:Eduardo Reyes (erg2332@gmail.com, erg2332@hotmail.com)
openssl x509 -in ERG.crt -text // MUESTRA DATOS DEL CERTIFICADO
////
openssl genrsa -out xformulas.net.key 2048 // CREA CLAVES RSA PUBLICA Y PRIVADA EN UN FICHERO
openssl rsa -text -in xformulas.net.key -noout // DECODIFICA Y MUESTRA CLAVES
openssl rsa -in xformulas.net.key -pubout -out xformulas.net_public.key // CREA FICHERO SOLO CON LA CLAVE PUBLICA
openssl rsa -in xformulas.net.key -out xformulas.net_private.key // CREA FICHERO SOLO CON LA CLAVE PRIVADA
openssl req -new -key xformulas.net.key -subj "/C=ES/ST=Madrid/L=Madrid/O=XFORMULAS.NET/OU=https:\/\/fb.com\/erg2332/CN=Eduardo Reyes (erg2332@gmail.com, erg2332@hotmail.com)" -out xformulas.net.csr // CREA FICHERO CSR (FORMATO PEM)
// Country Name (2 letter code) [AU]:ES
// State or Province Name (full name) [Some-State]:Madrid
// Locality Name (eg, city) []:Madrid
// Organization Name (eg, company) [Internet Widgits Pty Ltd]:XFORMULAS.NET
// Organizational Unit Name (eg, section) []:https://fb.com/erg2332
// Common Name (e.g. server FQDN or YOUR name) []:Eduardo Reyes (erg2332@gmail.com, erg2332@hotmail.com)
openssl req -text -in xformulas.net.csr -noout -verify // VERIFICA Y MUESTRA LOS DATOS DEL CSR
////
openssl x509 -req -in xformulas.net.csr -CA ERG.crt -CAkey ERG.key -CAcreateserial -out xformulas.net.crt -days 710 -sha256 // CREA CERTIFICADO .crt FIRMADO POR CA CON EL FICHERO .csr (también crea ERG.srl)
openssl x509 -in xformulas.net.crt -text // MUESTRA DATOS DEL CERTIFICADO
openssl pkcs12 -export -inkey xformulas.net_private.key -in xformulas.net.crt -out xformulas.net.pfx // CREA CERTIFICADO EN FORMATO .pfx A PARTIR DE CERTIFICADO .crt (se pide contraseña "pwd")
//openssl pkcs12 -export -inkey xformulas.net_private.key -in xformulas.net.crt -certfile more_certificates.crt -out xformulas.net.pfx // CREA CERTIFICADO EN FORMATO .pfx A PARTIR DE CERTIFICADO .crt (se pide contraseña "pwd") incluyendo more_certificates.crt [SEE_THIS]
openssl pkcs12 -export -inkey USER.key -in USER.crt -out USER.pfx -passout "pass:1234"
openssl pkcs12 -help
////
openssl s_client -connect xformulas.net:443 < /dev/null 2> /dev/null | openssl x509 -pubkey -noout > PUBLIC_KEY.txt // obtiene la clave pública del certificado SSL del sitio web (https) xformulas.net
openssl s_client -connect xformulas.net:443 < /dev/null 2> /dev/null | openssl x509 > CERTIFICADO.crt // obtiene el certificado (SSL) del sitio web (https) xformulas.net
openssl x509 -in CERTIFICADO.crt -text -noout // MUESTRA DATOS DEL CERTIFICADO
https://wiki.openssl.org/index.php/TLS1.3 "TSL 1.3"
OpenSSL source code It is not C++ code but...
https://www.openssl.org/source/
API functions
https://www.openssl.org/docs/man1.1.1/man3/
https://wiki.openssl.org/index.php/Documentation_Index
https://www.openssl.org/docs/man1.1.1/
OpenSSL site:android.com
https://www.google.com/search?sxsrf=ALeKk029oEVOMpVLNRSV2TfDxqQjGIYeIQ%3A1597867230055&source=hp&ei=3oQ9X56gAbqFjLsP5KSv-AQ&q=OpenSSL+site%3Aandroid.com&oq=OpenSSL+site%3Aandroid.com&gs_lcp=CgZwc3ktYWIQA1DFCFjFCGCuEWgAcAB4AIAB3gKIAd4CkgEDMy0xmAEAoAECoAEBqgEHZ3dzLXdpeg&sclient=psy-ab&ved=0ahUKEwieh5Olh6jrAhW6AmMBHWTSC08Q4dUDCAY&uact=5
OpenSSL site:nasa.gov
https://www.google.com/search?sxsrf=ALeKk01l4l0eutU3Uyqpb5jhkYG7yKTiJA%3A1599636436023&source=hp&ei=04NYX6fqO_LYgweus7SIDw&q=OpenSSL+site%3Anasa.gov&oq=OpenSSL+site%3Anasa.gov&gs_lcp=CgZwc3ktYWIQA1DKCFjKCGCo6AJoAXAAeACAAUSIAUSSAQExmAEAoAECoAEBqgEHZ3dzLXdpeg&sclient=psy-ab&ved=0ahUKEwjnn6WMxtvrAhVy7OAKHa4ZDfEQ4dUDCAY&uact=5
PEM "Privacy-enhanced Electronic Mail". It is a Base64 format. For example, the files with "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" have this format.
#include <openssl/pem.h> // libcrypto
Functions:
BIO_new_mem_buf() // byte array with key in PEM format to BIO object
PEM_read_bio_RSAPrivateKey() // BIO object to RSA object (for PRIVATE KEY)
PEM_read_bio_RSA_PUBKEY() // BIO object to RSA object (for PUBLIC KEY)
PIPELINING Related to ESMTP. Command Pipelining. See also "SMTP Service Extensions".
https://tools.ietf.org/html/rfc2920
PKCS "Public Key Cryptography Standards".
https://en.wikipedia.org/wiki/PKCS
PKCS#10 Standard. It defines the main binary format of CSR files, DER, that is based in ASN.1. These binary files can be represented in plain text using the PEM format.
PKI Public Key Infrastructure. Infraestructura de clave pública. Sistema para distribuir y gestionar claves públicas de manera segura. Elementos: certificados, autoridad de certificación, mecanismo de almacenamiento, mecanismo de distribución, mecanismo de revocación de certificados.
POP3 "Post Office Protocol" version 3. Used by email clients to retrieve email from a mail server.
https://en.wikipedia.org/wiki/Post_Office_Protocol
pfx certificate Tipo de certificado que se puede usar para firmar ejecutables .exe en Windows.
port numbers
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
private key Clave privada. See "asymmetric cryptography".
public key Clave pública. See "asymmetric cryptography".
public key cryptography Criptografía de clave pública. Asymmetric cryptography or public key cryptography.
https://en.wikipedia.org/wiki/Public-key_cryptography
RSA The RSA cryptosystem is the most widely-used public key cryptography algorithm in the world.
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
RSA C++ implementation site:edu
https://www.google.com/search?sxsrf=ALeKk00v8G6isjF1Ybj2RtMaFp9-TqM3tg%3A1597851421804&source=hp&ei=HUc9X4zQLoWclwTyppDIBQ&q=RSA+C%2B%2B+implementation+site%3Aedu&oq=RSA+C%2B%2B+implementation+site%3Aedu&gs_lcp=CgZwc3ktYWIQA1C5DVi5DWDWFmgAcAB4AIABUYgBUZIBATGYAQCgAQKgAQGqAQdnd3Mtd2l6&sclient=psy-ab&ved=0ahUKEwjM0pezzKfrAhUFzoUKHXITBFkQ4dUDCAY&uact=5
RSA 2048 RSA 2048.
#include <openssl/rsa.h> // libcrypto // functions:
RSA_private_encrypt() // cipher using the PRIVATE KEY
RSA_public_decrypt() // decipher using the PUBLIC KEY (something ciphered using the PRIVATE KEY)
RSA_public_encrypt() // cipher using the PUBLIC KEY
RSA_private_decrypt() // decipher using the PRIVATE KEY (something ciphered using the PUBLIC KEY)
RSA 4096
SDA "Static Data Authentication". Referred to EMV. See also "DDA" and "EMV".
https://www.emvco.com/wp-content/uploads/2017/05/EMV_v4.3_Book_2_Security_and_Key_Management_20120607061923900.pdf#page=49
SHA Es un tipo de hash.
SHA-1 SHA-1
SHA-256 SHA-256. Es un tipo de hash. 32 bytes. Usado con "TLS".
openssl dgst -sha256 FILE
SHA-256 C++ implementation site:edu
https://www.google.com/search?sxsrf=ALeKk00x07Lk69zk9EDIeZJGNxJLyPY2cw%3A1597852250846&source=hp&ei=Wko9X_K5MIbAa9a3lagJ&q=SHA-256+C%2B%2B+implementation+site%3Aedu&oq=SHA-256+C%2B%2B+implementation+site%3Aedu&gs_lcp=CgZwc3ktYWIQA1DMCVjMCWDXNWgAcAB4AIABZYgBZZIBAzAuMZgBAKABAqABAaoBB2d3cy13aXo&sclient=psy-ab&ved=0ahUKEwjyzr--z6frAhUG4BoKHdZbBZUQ4dUDCAY&uact=5
#include <openssl/sha.h> // libcrypto // función SHA256()
SHA-384 SHA-384. Used with "TLS".
Signature, digital See also the software AutoFirma to generate signatures with the DNIE.
openssl dgst -sha256 -sign PRIVATE.key -out SIGNATURE FILE // crea fichero SIGNATURE conteniendo la firma del fichero FILE usando PRIVATE.key
openssl dgst -sha256 -verify PUBLIC.key -signature SIGNATURE FILE // verifica que el fichero SIGNATURE es la firma del fichero FILE usando PUBLIC.key
SignTool Herramienta que permite firmar ejecutables en Windows.
// SIGN ejecutable.exe WITH .pfx CERTIFICATE PROTECTED WITH PASSWORD "pwd"
// set Path=%Path%;C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool
// signtool sign /f certificate.pfx /p "pwd" ejecutable.exe // FIRMA ejecutable.exe CON EL CERTIFICADO certificate.pfx PROTEGIDO CON CONTRASEÑA "pwd"
signtool sign /debug /f certificate.pfx /p "pwd" ejecutable.exe // FIRMA ejecutable.exe CON EL CERTIFICADO certificate.pfx PROTEGIDO CON CONTRASEÑA "pwd" (el parámetro "debug" muestra más información si no se puede realizar la operación)
////
signtool sign /n "REYES GUZMAN, EDUARDO (FIRMA)" ejecutable.exe // firma ejecutable.exe con el DNI ELECTRÓNICO (se pide el pin del DNI ELECTRÓNICO)
signtool sign /n "xformulas.net" ejecutable.exe // firma ejecutable con el certificado "xformulas.net" del contenedor de certificados (ver certmgr.msc)
////
"SignTool Error: No certificates were found that met all the given criteria."
https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe
https://docs.microsoft.com/es-es/dotnet/framework/tools/signtool-exe
https://stackoverflow.com/questions/22946399/signtool-error-no-certificates-were-found-that-met-all-given-criteria-with-a-wi
Using a TSA:
signtool.exe sign /f certificate.pfx /p "pwd" /tr http://timestamp.digicert.com ejecutable.exe
signtool.exe sign /f certificate.pfx /p "pwd" /fd sha256 /tr http://timestamp.digicert.com ejecutable.exe
https://knowledge.digicert.com/solution/SO17631.html
SMTP "Simple Mail Transfer Protocol". TCP port 25. See "STARTTLS", "SMTP Service Extensions", "SMTPS" and "MX record".
https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
A Typical SMTP Transaction Scenario
https://tools.ietf.org/html/rfc5321#appendix-D.1
STARTTLS command (for SMTP)
https://tools.ietf.org/html/rfc3207
SMTPS "Simple Mail Transfer Protocol Secure". SMTPS for SMTP, like HTTPS for HTTP. It uses TLS. TCP port 465. Deprecated? See also "SMTP", "STARTTLS" and "MX record".
https://en.wikipedia.org/wiki/SMTPS
SMTPUTF8 SMTP UTF8. Internationalized email address. See also "SMTP Service Extensions".
https://tools.ietf.org/html/rfc6531
SMTP Service Extensions SMTP Service Extensions. See also "PIPELINING" and "STARTTLS".
https://www.iana.org/assignments/mail-parameters/mail-parameters.xml
SMTP server, publicly-referenced "A publicly-referenced SMTP server is an SMTP server which runs on port 25 of an Internet host listed in the MX record (or A record if an MX record is not present) for the domain name on the right hand side of an Internet mail address" (RFC 3207).
SSH "Secure Shell".
https://en.wikipedia.org/wiki/Secure_Shell
SSL "Secure Sockets Layer". See "TLS".
SSLCertificateFile Directiva de Apache HTTP Server. Indica el fichero de certificado X.509 codificado con formato PEM de un servidor web.
SSLCertificateKeyFile Directiva de Apache HTTP Server. Fichero de clave privada codificada en formato PEM.
SSL certificate Usado habitualmente para tener un sitio web seguro (HTTPS). Ver HTTPS.
STARTTLS Related to ESMTP. Start TLS.
"A publicly-referenced SMTP server MUST NOT require use of the STARTTLS extension in order to deliver mail locally." (RFC 3207).
"It should be noted that SMTP is not an end-to-end mechanism. Thus, if an SMTP client/server pair decide to add TLS privacy, they are not securing the transport from the originating mail user agent to the recipient. Further, because delivery of a single piece of mail may go between more than two SMTP servers, adding TLS privacy to one pair of servers does not mean that the entire SMTP chain has been made private." (RFC 3207).
"Another man-in-the-middle attack is to allow the server to announce its STARTTLS capability, but to alter the client's request to start TLS and the server's response." (RFC 3207).
See also "SMTP Service Extensions", "TLS" and "S/MIME".
https://en.wikipedia.org/wiki/Opportunistic_TLS
STARTTLS command (for SMTP)
https://tools.ietf.org/html/rfc3207
S/MIME "Secure/Multipurpose Internet Mail Extensions". It allows to sign and encrypt emails using user certificates. See also "MIME".
https://en.wikipedia.org/wiki/S/MIME
https://tools.ietf.org/html/rfc8551 "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0. Message Specification"
S/MIME certificate Usados para servicios de correo electrónico firmado y cifrado, que se expiden generalmente a una persona física.
https://www.openssl.org/docs/man1.1.1/man1/openssl-req.html
sellado de tiempo confiable Se debe usar para firmar ejecutables para Windows y que la firma aparezca correctamente en las propiedades del fichero ejecutable, en la solapa "Digital Signatures". Ver también "TSA".
Si una persona ajena descubre la clave privada asociada al certificado de un sujeto, el sujeto debería poder invalidar el certificado (revocarlo) a partir de ese momento. Si el certificado es revocado, existe la posibilidad de que no sea posible probar que un documento (o un ejecutable) ha sido firmado o cifrado con la clave privada asociada al certificado antes de ser revocado el certificado. Para evitar esa posibilidad se usa el sellado de tiempo confiable.
* Creación de estampa de tiempo confiable:
La información original puede ser los bytes de un fichero .exe con la firma 1 de una Autoridad de Certificación (CA).
El usuario envía el hash de la información original (hash 1) a la TSA.
La TSA añade al hash 1 la fecha y hora en ese mismo instante de tiempo (instante 1), y calcula con eso el hash 2.
La TSA cifra con su clave privada (secreta) el hash 2, resultando la firma 2.
La TSA envía de vuelta al usuario la fecha y hora del instante 1 y la firma 2.
El usuario almacena la fecha y hora del instante 1 y la firma 2 junto con la información original. Todo esto puede ir incluido en el propio fichero ejecutable.
* Verificación posterior:
Con la información (supuestamente) original se calcula el hash 1'.
Con el hash 1' y la fecha y hora (supuestamente) del instante 1 de la TSA, se calcula el hash 2'.
Del certificado (público) de la TSA se obtiene la clave pública de la TSA.
Con el hash 2', la clave pública de la TSA, y la firma 2 de la TSA, se puede comprobar, sin la clave privada de la TSA, que la firma 2 (que se calculó usando el hash 2) se corresponde con el hash 2' (hash 2 = hash 2').
https://es.wikipedia.org/wiki/Sellado_de_tiempo_confiable
https://en.wikipedia.org/wiki/Trusted_timestamping
smart card Card with microcontroller. The private key cannot be extracted from the microcontroller if this operation is not implemented in the firmware (software inside the microcontroller). The signing and encryption with the private key is done inside the microcontroller. Very cheap and very safe. See also "DNIE".
https://en.wikipedia.org/wiki/Smart_card
https://en.wikipedia.org/wiki/Microcontroller
smart card reader Sometimes I use a Rocketek usb smart card reader to sign apps in Windows (signtool) with DNIE.
TLS "Transport Layer Security". See also "HTTPS", "SMTPS" and "cipher suite".
https://en.wikipedia.org/wiki/Transport_Layer_Security
https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-handshake-protocol
TLS 1.2 (2008)
https://tools.ietf.org/html/rfc5246
TLS 1.3 (2018)
https://tools.ietf.org/html/rfc8446
https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/overview/ssl.html
https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/example/cpp11/ssl/server.cpp ASIO y OpenSSL 1.1.1 (libcrypto.lib, libssl.lib)
https://www.boost.org/doc/libs/1_70_0/doc/html/boost_asio/example/cpp11/ssl/client.cpp ASIO y OpenSSL 1.1.1 (libcrypto.lib, libssl.lib)
https://www.boost.org/doc/libs/1_70_0/boost/asio/ssl/context_base.hpp (TLS 1.3)
To generate "dh2048.pem" (server.cpp) see "Diffie-Hellman parameters".
TLS handshake
TLS handshake site:edu filetype:pdf
https://www.google.com/search?sxsrf=ALeKk00KyH29axE4Tx3FXddXgtptdUoixA%3A1601572921692&source=hp&ei=ORB2X6GNJv6GjLsPye6TsAQ&q=TLS+handshake+site%3Aedu+filetype%3Apdf&oq=TLS+handshake+site%3Aedu+filetype%3Apdf&gs_lcp=CgZwc3ktYWIQA1CtDVitDWCBIWgAcAB4AIABQIgBQJIBATGYAQCgAQKgAQGqAQdnd3Mtd2l6&sclient=psy-ab&ved=0ahUKEwjhjc2I9JPsAhV-A2MBHUn3BEYQ4dUDCAY&uact=5
TLS handshake site:stanford.edu filetype:pdf
https://www.google.com/search?sxsrf=ALeKk03baV-ksjzGjs0rATSKWYLuplM6Bw%3A1601573093710&source=hp&ei=5RB2X464KKucjLsPkZqLgAs&q=TLS+handshake+site%3Astanford.edu+filetype%3Apdf&oq=TLS+handshake+site%3Astanford.edu+filetype%3Apdf&gs_lcp=CgZwc3ktYWIQA1DDDFjDDGCcKGgAcAB4AIABR4gBR5IBATGYAQCgAQKgAQGqAQdnd3Mtd2l6&sclient=psy-ab&ved=0ahUKEwjOvtHa9JPsAhUrDmMBHRHNArAQ4dUDCAY&uact=5
TLS_AES_128_GCM_SHA256 It is a TLS 1.3 cipher suite. A TLS-compliant application MUST implement the cipher suite TLS_AES_128_GCM_SHA256 (TLS 1.3).
https://tools.ietf.org/html/rfc8446#section-9.1
https://tools.ietf.org/html/rfc8446#appendix-B.4 "Cipher Suites"
C++ TLS_AES_128_GCM_SHA256
https://www.google.com/search?sxsrf=ALeKk03_fpe8EFXD53JHcZ-LkABg-MkJjw%3A1597866186299&source=hp&ei=yoA9X7jPD9CdjLsP39Gc8AQ&q=C%2B%2B+TLS_AES_128_GCM_SHA256&oq=C%2B%2B+TLS_AES_128_GCM_SHA256&gs_lcp=CgZwc3ktYWIQAzIECCMQJ1C0CVi0CWCrF2gAcAB4AIABRogBRpIBATGYAQCgAQKgAQGqAQdnd3Mtd2l6&sclient=psy-ab&ved=0ahUKEwi43Lizg6jrAhXQDmMBHd8oB04Q4dUDCAY&uact=5
TLS_AES_128_GCM_SHA256 site:apache.org
https://www.google.com/search?sxsrf=ALeKk03NPop4Uwqy08EyGnzFLCh82RxVOw%3A1597866490750&source=hp&ei=-oE9X-DaI4ejUO65nVg&q=TLS_AES_128_GCM_SHA256+site%3Aapache.org&oq=TLS_AES_128_GCM_SHA256+site%3Aapache.org&gs_lcp=CgZwc3ktYWIQAzoECCMQJzoECAAQQzoCCAA6BQghEKABUPcHWOQtYOJAaAFwAHgCgAGpA4gBvRSSAQk3LjguMS4xLjGYAQCgAQKgAQGqAQdnd3Mtd2l6&sclient=psy-ab&ved=0ahUKEwjgv8fEhKjrAhWHERQKHe5cBwsQ4dUDCAY&uact=5
TLS_AES_256_GCM_SHA384 It is a TLS 1.3 cipher suite. "A TLS-compliant application MUST implement the TLS_AES_128_GCM_SHA256 [GCM] cipher suite and SHOULD implement the TLS_AES_256_GCM_SHA384 [GCM] and TLS_CHACHA20_POLY1305_SHA256 [RFC8439] cipher suites (see Appendix B.4)."
https://tools.ietf.org/html/rfc8446#section-9.1
https://tools.ietf.org/html/rfc8446#appendix-B.4 "Cipher Suites"
TLS_RSA_WITH_AES_128_CBC_SHA It is a TLS 1.2 cipher suite. A TLS-compliant application MUST implement the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA (TLS 1.2).
https://tools.ietf.org/html/rfc5246#section-9
https://tools.ietf.org/html/rfc5246#appendix-C "Cipher Suite Definitions"
C++ TLS_RSA_WITH_AES_128_CBC_SHA site:edu
https://www.google.com/search?sxsrf=ALeKk01JHsgHlu66QoKQaw0N3y1qc16G0A%3A1597913648176&source=hp&ei=MDo-X53fBoyvUpr_nIAJ&q=C%2B%2B+TLS_RSA_WITH_AES_128_CBC_SHA+site%3Aedu&oq=C%2B%2B+TLS_RSA_WITH_AES_128_CBC_SHA+site%3Aedu&gs_lcp=CgZwc3ktYWIQA1DrCVjrCWC_JWgAcAB4AIABSogBSpIBATGYAQCgAQKgAQGqAQdnd3Mtd2l6&sclient=psy-ab&ved=0ahUKEwidt4KbtKnrAhWMlxQKHZo_B5AQ4dUDCAY&uact=5
http://httpd.apache.org/dev/devnotes.html "Apache HTTP Server" source code
Triple DES Block cipher technique.
https://en.wikipedia.org/wiki/Triple_DES
http://xformulas.net/images/Triple_DES.jpg
TSA "Time Stamp Authority". See also "TSP".
https://en.wikipedia.org/wiki/Trusted_timestamping
https://www.openssl.org/docs/man1.1.1/man1/ts.html (server functionality not found)
https://www.google.com/search?sxsrf=ACYBGNTL1EbmENuqTEr1RTMsdF6SgS7WRg%3A1575548286594&source=hp&ei=fvXoXfSzIImdlwSrhJDgDA&q=rfc3161+server&oq=rfc3161+server&gs_l=psy-ab.3..35i39l3j0i22i30.1077.1077..1539...1.0..0.64.64.1......0....2j1..gws-wiz.HNmFh6XSi0Y&ved=0ahUKEwj06sffvp7mAhWJzoUKHSsCBMwQ4dUDCAU&uact=5
https://www.google.com/search?sxsrf=ACYBGNSjo0gy__aMKcrc-PGC_xOjXjmTYA%3A1575548958862&source=hp&ei=HvjoXafIMZLYaOOiihg&q=servidor+rfc3161+site%3Aes&oq=servidor+rfc3161+site%3Aes&gs_l=psy-ab.3...900.900..1823...1.0..0.56.56.1......0....2j1..gws-wiz.CuoUUsNyvtc&ved=0ahUKEwinz5CgwZ7mAhUSLBoKHWORAgMQ4dUDCAU&uact=5
TSP "Time Stamp Protocol".
https://en.wikipedia.org/wiki/Time_stamp_protocol
https://tools.ietf.org/html/rfc3161
TTP "Trusted Third Party". See also "TSA".
time-stamp token
VALIDe To verify CAdES signatures created with DNIE.
https://valide.redsara.es/
XFORMULAS CA Example that creates a pfx certificate ("USER.pfx") and signs an executable ("showbytes.exe")
openssl genrsa -out USER.key 2048
openssl rsa -text -in USER.key -noout 1> USER.txt
openssl rsa -in USER.key -pubout -out USER_PUBLIC.key
openssl req -new -key USER.key -subj "/C=ES/ST=Madrid/L=Madrid/O=XFORMULAS.NET/OU=https:\/\/www.youtube.com\/user\/vanecolloto/CN=Vanesa Colloto (vflorez@xformulas.net)" -out USER.csr
openssl req -text -in USER.csr -noout -verify 1> USER_CSR.txt
openssl x509 -req -in USER.csr -CA xformulas.net.crt -CAkey xformulas.net.key -CAcreateserial -out USER.crt -days 710 -sha256
openssl x509 -in USER.crt -text 1> USER_CRT.txt
openssl pkcs12 -export -inkey USER.key -in USER.crt -out USER.pfx -passout "pass:1234"
signtool sign /debug /f USER.pfx /p "1234" "showbytes.exe"
XOR cipher Example with C++ code.
http://xformulas.net/source_code/cpp/xor_cipher.cpp.php
X_509 X.509. Standard defining the format of public key certificates.
https://en.wikipedia.org/wiki/X.509
https://www.openssl.org/docs/man1.0.2/man1/openssl-x509.html
X_509v3 certificate X.509v3 certificate. It can be used with TLS 1.3 as client certificate.
https://tools.ietf.org/html/rfc5280
https://www.openssl.org/docs/man1.1.1/man5/x509v3_config.html
X_509 certificate See also "OpenSSL" and "S/MIME".

Generated on 20201125_141923_984622 UTC