Why do we need userassist if we already have prefetch?

2018-10-09 16:25 Ariel Kalman imported from Stackoverflow

I know the purpose of both of the features but i don't exactly know the difference between them and what is the disadvantages and advantages of both of the features... Thanks!

See also questions close to this topic

how to display contents of text file one line at a time via timer using python on windows?

this is the code.

def wndProc(hWnd, message, wParam, lParam):
    if message == win32con.WM_PAINT:
        hdc, paintStruct = win32gui.BeginPaint(hWnd)

        dpiScale = win32ui.GetDeviceCaps(hdc, win32con.LOGPIXELSX) / 60.0
        fontSize = 36

        # http://msdn.microsoft.com/en-us/library/windows/desktop/dd145037(v=vs.85).aspx
        lf = win32gui.LOGFONT()
        lf.lfFaceName = "Times New Roman"
        lf.lfHeight = int(round(dpiScale * fontSize))
        #lf.lfWeight = 150
        # Use nonantialiased to remove the white edges around the text.
        # lf.lfQuality = win32con.NONANTIALIASED_QUALITY
        hf = win32gui.CreateFontIndirect(lf)
        win32gui.SelectObject(hdc, hf)

        rect = win32gui.GetClientRect(hWnd)
        # http://msdn.microsoft.com/en-us/library/windows/desktop/dd162498(v=vs.85).aspx
        win32gui.DrawText(
            hdc,
            **'Glory be to the Father, and to the son and to the Holy Spirit.',**
            -1,
            rect,
            win32con.DT_CENTER | win32con.DT_NOCLIP | win32con.DT_VCENTER
        )
        win32gui.EndPaint(hWnd, paintStruct)
        return 0

.where it says the "glory be to the father.." prayer I would like that string to actually display a few different prayers on a timer. what I mean is I want to save short prayers to a text file and have the line where it says "glory be.." to change to a new prayer every 60 seconds cycling through a few prayers such as the serenity prayer etc.

ubuntu 18.04 docker container
i'm runnung docker on windows 10 desktop. i like to run ubuntu 18.04 docker container. i have pulled ubuntu and ran following docker command Docker up -d ubuntu i'm not seeing image running when i check
```
docker ps
```
instead i see image stopped when i check
```
docker ps -a
```
why it is like this.? like other images i should see ubuntu running when i check
```
docker ps
```
just like wordpress or mysql images.

also i like to mount volume to ubuntu container by using -v tag. let me know if following command is correct or not
```
docker up -d --name ubuntu -p 80:80 -p 22:22 -v /ubuntu:/home ubuntu
```

X509Certificate2 Constructor fails with Byte[] using Powershell

I am hoping I missed something obvious as I have tried 3 different approaches to generate a PFX/PKCS12 byte array so that the X509Certificate2 class will initiate.

Problem: Code is throwing an exception:

Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException: 'The specified network password is not correct'

Goal: Generate a X509Certificate2 that includes the private key that passes the following code with the organization's best practice for self-signed certificates in development:

public static X509Certificate2 GetSigningCertificate(byte[] rawBytes)
{
    X509Certificate2 certificate;
    try
    {
        certificate= new X509Certificate2(rawBytes);
    }
    catch (Exception ex)
    {
        throw new Exception(Errors.MalformedCertificate);
    }

    if (!certificate.HasPrivateKey)
    {
        throw new Exception(Errors.PrivateKeyIsMissing);
    }

    return certificate;
}

Code Limitations: Due to a political/organization policy the code, above, that accepts the byte[] cannot be modified by me directly as it is controlled by another team (owners). If after all possible options are exhausted I will then put a formal request document to discuss code changes with good cause.

Platform: Windows 10 Enterprise (1803)

Compile Targets: netstandard2 & .Net 4.7.1

Automation Tooling Approach 1: Using OpenSSL

openssl.exe rand -out C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration.rnd -base64 4096
openssl.exe genrsa -rand "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration.rnd" -passout pass:"RfTjWnZr4u7x!A%E" -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-private-key.pem" 2048
openssl.exe genrsa -rand "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration.rnd" -passout pass:"RfTjWnZr4u7x!A%E" -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-private-key-encrypted.pem" -des3 2048
openssl.exe rsa -in "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-private-key.pem" -pubout -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-privatekey-corresponding-public-key.pem"
openssl.exe rsa -in "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-private-key.pem" -RSAPublicKey_out -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-privatekey-corresponding-rsa-public-key.pem"
openssl.exe req -x509 -days 90 -passin pass:"RfTjWnZr4u7x!A%E" -key "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-private-key-encrypted.pem" -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-certificate.cer" -subj "/C=US/ST=CA/L=Newport Beach/O=AutoNow Inc/OU=Application Development/CN=*.autonow.com"
openssl.exe req -new -key "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-private-key.pem" -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-certificate-signature.csr" -subj "/C=US/ST=CA/L=Newport Beach/O=AutoNow Inc/OU=Application Development/CN=*.autonow.com"
openssl.exe pkcs12 -export  -aes256 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" -name "" -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration.pfx" -passin pass:"RfTjWnZr4u7x!A%E" -inkey "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-private-key-encrypted.pem" -in "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-certificate.cer" -passout pass:"VkXp2s5v8x/A?D(G"
openssl.exe pkcs12 -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration.pem" -passin pass:"VkXp2s5v8x/A?D(G" -in "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration.pfx" -passout pass:"VkXp2s5v8x/A?D(G" -clcerts -aes256 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"

Automation Tooling Approach 2: Using Powershell cmdlets cls $VerbosePreference = "Continue"

$certStorePath = "Cert:\CurrentUser\My"

$friendlyName = "Customer Support Administration Tool SelfSigned Certificate"
$name = "*.autonow.com"
$dnsname = "services-dev.autonow.com, *.autonow.com, localhost"

$notBefore = $(Get-Date).Date.AddDays(-90)
$notAfter = $(Get-Date).Date.AddDays(90)

$pfxPassword = ConvertTo-SecureString -String "^adhd.Customer.Support.Administration.Tool.20190214" -Force -AsPlainText

$selfSignedCertificate = New-SelfSignedCertificate `
    -Subject $name `
    -DnsName $dnsname `
    -KeyAlgorithm RSA `
    -KeyLength 2048 `
    -NotBefore $notBefore `
    -NotAfter $notAfter `
    -CertStoreLocation $certStorePath `
    -FriendlyName $friendlyName `
    -HashAlgorithm SHA256 `
    -KeyUsage DigitalSignature, KeyEncipherment, DataEncipherment `
    -KeyExportPolicy Exportable `
    -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") `

$selfSignedCertificatePath = Join-Path -Path $certStorePath -ChildPath "$($selfSignedCertificate.Thumbprint)".ToUpper() 
Write-Debug $selfSignedCertificatePath

# Create temporary certificate path
$tmpPath = "C:\Vault\OpenSSL\Certificates\API\customer-support-administration"
If(!(test-path $tmpPath))
{
    $created = New-Item -ItemType Directory -Force -Path $tmpPath
}
Write-Debug $tmpPath

# Set certificate password here
$pfxFilePath = Join-Path -Path $tmpPath -ChildPath "customer-support-administration.pfx"

Write-Debug $pfxFilePath

$cerFilePath = Join-Path -Path $tmpPath -ChildPath "customer-support-administration.cer"
Write-Debug $cerFilePath

# Create pfx certificate
$exportedPfx = Export-PfxCertificate -Cert $selfSignedCertificatePath -FilePath $pfxFilePath -Password $pfxPassword -Force -CryptoAlgorithmOption AES256_SHA256
$exportedCer = Export-Certificate -Cert $selfSignedCertificatePath -FilePath $cerFilePath -Type CERT -Force

#
# Get Raw Bytes idea 1
#
[Byte[]]$pfxBytes = [System.IO.File]::ReadAllBytes($exportedPfx.FullName)
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList (,$pfxBytes), $pfxPassword

If (-not $pfx.HasPrivateKey)
{
    throw [System.Exception]::new("The certificate is incompatible with the security requirements.")
}
# Read directly from the file for the raw bytes
$pfxBase64 = [Convert]::ToBase64String($pfxBytes)

# moment of truth instantiate the certificate using the security package code for idea 1
[Byte[]]$pfxBytes = [Convert]::FromBase64String($exportBase64)
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList (,$pfxBytes),$pfxPassword

If (-not $pfx.HasPrivateKey)
{
    throw [System.Exception]::new("The rehydrated certificate is incompatible with the security requirements.")
}




#
# Get Raw Bytes idea 2
#
$pfxKeyFlags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable -bor 
    [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet -bor 
    [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::UserKeySet

$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfx.Import($pfxBytes, $pfxPassword, $pfxKeyFlags)

If (-not $pfx.HasPrivateKey)
{
    throw [System.Exception]::new("The certificate is incompatible with the security requirements.")
}

$exportedBytes = $pfx.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx, $pfxPassword)
$exportBase64 = [Convert]::ToBase64String($exportedBytes)

# test the instantiate 
[Byte[]]$newPfxBytes = [Convert]::FromBase64String($exportBase64)
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList ($newPfxBytes,$pfxPassword)

If (-not $pfx.HasPrivateKey)
{
    throw [System.Exception]::new("The rehydrated certificate is incompatible with the security requirements.")
}

# moment of truth instantiate the certificate using the security package code 
[Byte[]]$newPfxBytes = [Convert]::FromBase64String($exportBase64)
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList (,$newPfxBytes)

If (-not $pfx.HasPrivateKey)
{
    throw [System.Exception]::new("The rehydrated certificate is incompatible with the security requirements.")
}

The end result is still an exception is thrown.

New-Object : Exception calling ".ctor" with "1" argument(s): "The specified network password is not correct.
"
At line:2 char:8
+ $pfx = New-Object System.Security.Cryptography.X509Certificates.X509C ...
+        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
+ FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

The output of idea #2 base64:

PS C:\WINDOWS\system32> $exportBase64
MIIKwAIBAzCCCnwGCSqGSIb3DQEHAaCCCm0EggppMIIKZTCCBfYGCSqGSIb3DQEHAaCCBecEggXjMIIF3zCCBdsGCyqGSIb3DQEMCgECoIIE9jCCBPIwHAYKKoZIhvcNAQwBAzAOBAgi31AW/5cI5gICB9A
EggTQVgPWXArFCY2eg2jv+hDLZsc+i3wEqw4Cy2CYgcj86WnRE0n/zVcNzi9lyH5jK1zpBfTpAnfTO4WNG8cdQ5qCtOy9TjkTyrGYrXywrGHgLYmHpsg43uMMWcihWO5+zek4YP3MQDtyuQT2+hCaviFwFu
TovlaLHjGlNcYAz7AlL/6sJ54EzTjo8zfKW08zaR1GsEeP9odYIlgVEltJEgsW69Ed7v1uNs5+vprEecVvegTr5o3LzV9UflF8ye4wv65ZtjJdb+9uTHeYLwje0woWvWfGAQ1KBZTWyJeIWEGhs04vqhKbO
Dak+KmvjYh2U3BYYLKlvCDtYulFAeZlDZFZXPii+8ND279wFZmF53nzPqzjg1rlsSjNZLREZ3FIFkYkBFBDPqrQQ56OKcnh+YStFhOrXz+Q3Sc0PrUMABWUuUqeTxjE9YEpng0wQ4ocHETICLfhofcvyqAD
Zb03is15Xzr6V/Z1SJ/pZzVhN7ov9PmW/LNqD7d+hCiemIvt2GAaO1FFtKaFCVvcO4jvfalyrpFwDOBvnEFR6OAQryyYT79jqYgGFP42Y7Acs7Jju/vizkNxo8szZvABUh3UgEli72AzcNDjSOxEkdU6yzS
ycYbh+26Cwi1KLmCB/4nTErUt2s4XtczRdA4Km+0pN8xpDyHrWf+Z4StKPCsxjwCHfIB+Y9ol1LT31k/MZ9o5TX/YKxp0gBqqfemrkkSVKDzEtk/KZGsVVkusVstpqGMdsEacdf8KoRI06yrgP6SQedwexk
Zm4Zhv6VUXOumPne0ZtMTSoXb8cuQ4PbmI056LYySLqdk2b89snVTE5QL/f+t3USY45MBcp67Boti2aFq0VYrkSSaw3GO2W9PfRZk+Uw8ubt1eO1MFB57dUSy6GL38SWWuqIrwCsmRJCwMaMUSIu+L2UOcn
N409rIMFEB908r3iMZoOUS1sDTxQotKW/6rx3LZKp8vS8rdTr4j++Ka22JjOCwBWFtExSoTgQ6YegG4wCy3PrbXq96a3/kStpqo04eeblfrqD1o1lNd/hJDqnALiszI2EJW+I/Ig61bHOpYKj8+S5M2Wen5
LtB+UOzcfTzc5zwGFhDQ9zjbkZVbvl1NvCU0pcJwjayKOFhdBDMJh9uP+60i27/9Zi7xeC/ivsT5fAEMh7JJVbjKLtQAjQNf5Bkj5gSvMjdEVjRUPVG2x4OJ5wHb6/wT5ciMjipV7w4mQqn45uMtmIHUpsk
TOx7SQAzLQfn1suvDStiS95Y1pbK6wKMV/86SvtvPjxQHZ3/LNq9i4j7gc8Np9/g250vcm+UeEXn4v3iWl3DhjXwXjCdnmNXPjguCawX2BUdhE32VERBNXU8d4KJitqDXSb2T/geaRRec8tMYtgjtiewO+q
vB2eLCdDR/SXBJyfjTyzBZ36SxP8VyD0GIMAdGpUjU395DW0sWzrNmNZMBAnMHF2wG3iLpsdViJfMzCH2Nf//kxey8qJeL1wAXq+9v9p1aFWVfBOSe6adhomGj8q/hApZI6zq0BdFhYYfuNS21et2fHtLcs
RWbav1DiObDWD3ktB3+t0TxNyaaHmGxKtVDG1KS1JDrddk+Aam9xynw0IgGExWfrqwO6nvePiGHMil6BJIaKpP4ocQP/muUu/YxgdEwEwYJKoZIhvcNAQkVMQYEBAEAAAAwWwYJKoZIhvcNAQkUMU4eTAB7
AEQAMwBEAEYAQgBEADUAQwAtADgAMQBFADcALQA0ADUAMQA0AC0AOAAxADYARgAtAEUAOQAxADgAOAA3ADcANAA2ADkAOAA5AH0wXQYJKwYBBAGCNxEBMVAeTgBNAGkAYwByAG8AcwBvAGYAdAAgAFMAbwB
mAHQAdwBhAHIAZQAgAEsAZQB5ACAAUwB0AG8AcgBhAGcAZQAgAFAAcgBvAHYAaQBkAGUAcjCCBGcGCSqGSIb3DQEHBqCCBFgwggRUAgEAMIIETQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQI6JcEqu
Pyqx8CAgfQgIIEIDLZj9eiSr1DM8afM1CKB+VOPgMzvhrvmE1H1bjrAVGUp3R996v4xyOfsTvLHLgzTX0z1E/RXNA4CBU4TdHm8ptWw3jj5dHlEzOyoWMftSacouDLP7x3M3weea5Lv5BvmYKe8ZqQzNUbj
dhnVWIH3JuFKTm+CKM8nC/HELOdCC98v/hdv0b/1fy3QzXV+QCuJ9s2rfEBGmxmbgzYmRPlRHPzwN5r4qFlrDbIrbSk++6K4FJ3UTP7PD/HjLvyLRp6vzYKsd5igHbR/Qk4qpUAmWNJcyQVzoZTY034UKNX
3y6E+qHiL8r5VlsNUB3c8TizXZas71NJqqDG8yaPiaUE/HZyVZaps0zcKgbjNeyOTWdcjXN186gdAvAUIp4qm36Udo23oEcHtDtbi+Ia+IG8ca9B37cO0fbUgbNF8ePcjNYHiNKlRkZhwwALn+WjuW//bqV
6a20pINZKCNAXD34wGH2T/eFSKcgfjPqYwRbovEvQOki0sMKT8i5kXbJx5nvVEb4g3hO9k7kz05MUOYCu7FQg/J6l3BPMCKR02lOr0KWIrlyK+MzNJEQ1S6OboEF0rLSTHUHUTScHjxU4q6FonC7+dJY5pL
iCa0WzhvH6oCieY0v6mYnnOlwxK5dxllC8KKdDV4nJYha9DBivBbJEpVUEygZ/4WemGPdqExYcuB9euQ0RFpO7tVk4NAdZfnMfP8gAi8lGSGIyn1lz7t0AxyUPr0QZZr7wgpK3doTSr7j3G/n1DOKZUkuBN
CqhVO9muTOGlhblXCT4NMdRGZI+qJj+/0OEJXinvRGc7pMtMhbL6G8rSGWev7NZfmktHdC/W1VgopMzJsavpVw98WCWjz/gQYt3jc5RFCehH9NpiUFWCSbJTYqlXOfbEB3koIspX7+0hpYxCLLm0Lw+O0PK
vRHsL6AjnsyZITwnnizC/nhW4GfFKyu7ZQ/SdKq2oOWZL5nXc+tMV2KQsOzf/U1Wlu6jmlqGwS5ZOHhcGm91YLdHsBQ+KnI64ehvGQrb/CEgGz76LH/p7QhRno8c6XZt8wGQTfvX351nj8Doytx7gf1wboT
ox3VyQyQxm9lyYWhN1HlCkyJsx9hiWoOIyK4iKUyHX/1rZLRxXFPaOTBbunjSGvDY+bI6IaYtMXIqy8DkWy8KR4g/zmoKcsY8SLt8eNdM2HVX7FO3hjYnPZOhfiFZU9cBifBf+R4BIJE+8OOMtpC2adJK5J
Lia1tZdjkfMyOIfYBNLNP5GXKPKnrEd3YOG8b4cnzs9MFNgT7VLg/5Lgz8EOlRaMwRm1NObTHqAX1nVjmxbdKYvsSuJ5lATkGFgvMYC7xqnY2jkQDOGgMIKzpwMjHAbvYYmPMIYdnrd8lxbJDYyjBdG+i4h
tRfuXKlpPr/CSiQppD+HRndqLf4XzA7MB8wBwYFKw4DAhoEFGHc0Fq9VcSMZ3WjK2pi+Xp/V5kqBBRv6dOxMFKx5SsNoj74lWmA1Ua6QwICB9A=

What I was shown works is these generic steps:

openssl genrsa -out privatekey.pem 1024
openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 10000
openssl pkcs12 -export -out public_privatekey.pfx -inkey privatekey.pem -in publickey.cer

The command above does produce a pfx that will pass the constructor

# use openssl generic pfx
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList "C:\Vault\OpenSSL\Certificates\API\public_privatekey.pfx"

If (-not $pfx.HasPrivateKey)
{
    throw [System.Exception]::new("The openssl generic certificate is incompatible with the security requirements.")
}

If I reference the PFX file it does pass the constructor and works!? If I pass the raw file bytes again it works?! Where in the processes of what I wrote for automation fails while the overly generic/simple one works?

# use openssl generic pfx
[Byte[]]$pfxBytes = [System.IO.File]::ReadAllBytes("C:\Vault\OpenSSL\Certificates\API\public_privatekey.pfx")
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList (,$pfxBytes)

If (-not $pfx.HasPrivateKey)
{
    throw [System.Exception]::new("The openssl generic certificate is incompatible with the security requirements.")
}

-- Update --

Using the OpenSSL way to use non-encrypted on genrsa and the pkcs12 commands to have a -passin pass: and -passout pass: so they'll be treated as blank. This seems to work however my colleagues and myself are curious if not having an encrypted private key and export password on the pfx is best practice. If not how do we get it up to par?

openssl.exe rand -out C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration.rnd -base64 4096
openssl.exe genrsa -rand "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration.rnd" -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-private-key.pem" 2048
openssl.exe genrsa -rand "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration.rnd" -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-private-key-encrypted.pem" 2048
openssl.exe rsa -in "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-private-key.pem" -pubout -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-privatekey-corresponding-public-key.pem"
openssl.exe rsa -in "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-private-key.pem" -RSAPublicKey_out -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-privatekey-corresponding-rsa-public-key.pem"
openssl.exe req -x509 -days 90 -key "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-private-key.pem" -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-certificate.cer" -subj "/C=US/ST=CA/L=Newport Beach/O=AutoNow Inc/OU=Application Development/CN=*.autonow.com"
openssl.exe req -new -key "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-private-key.pem" -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-certificate-signature.csr" -subj "/C=US/ST=CA/L=Newport Beach/O=AutoNow Inc/OU=Application Development/CN=*.autonow.com"
openssl.exe pkcs12 -export  -aes256 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" -name "" -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration.pfx" -inkey "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-private-key.pem" -in "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration-certificate.cer" -passout pass:
openssl.exe pkcs12 -out "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration.pem" -in "C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration.pfx" -clcerts -aes256 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider" -passout pass: -passin pass:

# This now works
[Byte[]]$pfxBytes = [System.IO.File]::ReadAllBytes("C:\Vault\OpenSSL\Certificates\API\customer-support-administration\customer-support-administration.pfx")
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList (,$pfxBytes)

If (-not $pfx.HasPrivateKey)
{
    throw [System.Exception]::new("The certificate is incompatible with the security requirements.")
}

$base64Pfx = [System.Convert]::ToBase64String($pfxBytes)

# moment of truth instantiate the certificate using the security package code for updated openssl commands
[Byte[]]$pfxBytes = [Convert]::FromBase64String($base64Pfx)
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList (,$pfxBytes)

If (-not $pfx.HasPrivateKey)
{
    throw [System.Exception]::new("The rehydrated certificate is incompatible with the security requirements.")
}

$pfx | select *


$base64Pfx = [System.Convert]::ToBase64String($pfxBytes)

# moment of truth instantiate the certificate using the security package code for idea 1
[Byte[]]$pfxBytes = [Convert]::FromBase64String($base64Pfx)
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList (,$pfxBytes)

If (-not $pfx.HasPrivateKey)
{
    throw [System.Exception]::new("The rehydrated certificate is incompatible with the security requirements.")
}

Is it possible to retrieve the attributes of an Object I saved inside a .dat file in Java?

I made this class, which has attributes 'Surname' and 'pc'

public class Person implements Serializable{
    String surname;
    int pc;

    Person(String a, int c){
        this.surname = a;
        this.pc = c;
    }

And created an instance of it called 'p'. I wrote the Object p inside the file below called 'people.dat', then read the file.

public class Main{

    public static void main(String[] args) throws FileNotFoundException, IOException, ClassNotFoundException {

        Scanner sc = new Scanner(System.in);
        String a = sc.nextLine();
        int c = sc.nextInt();
        Person p = new Person(a, c);
        System.out.println(p.surname+" "+p.pc);

        FileOutputStream foo = new FileOutputStream("people.dat");
        ObjectOutputStream oos = new ObjectOutputStream(foo);
        oos.writeObject(p);

        FileInputStream fis = new FileInputStream("people.dat");
        ObjectInputStream ois = new ObjectInputStream(fis);
        Object l = ois.readObject();
    }

}

My question is, is it possible to read 'p' 's attributes now that the object is written into a file? How could I access them if so?

How to detect empty object?
This is a generic question on how to detect if an object is empty. I declare a variable as an object:
```
description = discord.Embed()
```
Put it through a method which may or may not pass arguments to the object, i.e.:
```
def my_function(x, y, z):
    ...some code goes here...
    if x == "some variable": 
        description = discord.Embed(title="X", desc="Y + z")
        return description
    else:
        description = discord.Embed()
        return description
```
I wish to display the description only if it is not empty:
```
if description: client.send_message(message.channel, embed=description)
```
However the above code doesn't seem to work and my message gets displayed regardless of whether it is empty or otherwise. What do I do?

Django Save Wiping out New One to One Relationship?

I'm trying to save a one to one relationship in Django, but after I save the Address object, it deletes the relationship on the object that I'm trying to create a relationship to.

In this case, I'm trying to create a relationship between a 'Person' object that already exists in my database and an 'Address' object that I'm creating. I can assign the Person's address attribute to the new address, and it shows up before the save. However, after the save of the person, the Person's address object disappears. I checked to make sure I have the right MySQL permissions in the settings file, and I can do everything i need to do to save a new object. In the database, there is a new address entry, but there is no address associated with the person entry in the Person table. What am I doing wrong?

if person.address == None:
    person.address = managerModels.Addresses()
person.address.zipCode = newAttributeValue # set up zip code
print("Address pre-save {}".format(person.address))
person.address.save()
print("Address post-address save: {}".format(person.address))
person.save()
print("Address post person-save: {} ".format(person.address))

The output on the terminal is

Address pre-save None None None None 94536
Address post-address save: None None None None 94536
Address post person-save: None

Here are the way that the models are declared in the models.py file.

class Person(models.Model):

    userId = models.OneToOneField( settings.AUTH_USER_MODEL, verbose_name = "User account", on_delete=models.DO_NOTHING, null = True)
    firstName = models.CharField(max_length=40)
    lastName = models.CharField(max_length=40)
    phone = models.CharField("Phone Number", max_length=12)
    address = models.OneToOneField(Addresses, verbose_name = "Address", on_delete=models.DO_NOTHING, null=True)
    tutorType = models.CharField("Category", max_length=12)
    gender = models.CharField("Gender", max_length=6)
    subjects = models.CharField("Subjects", max_length = 256)
    email = models.CharField("Email", max_length = 45, blank = True)
    active = models.BooleanField(default = True)


    class Meta:
        ordering = ('userId', 'firstName', 'lastName', 'phone','tutorType', 'gender', 'subjects')
        db_table = 'Persons'

    def __str__(self):
        return "\n{} {}\nPhone: {}\nAddress:{}\ntutorType: {}\nGender: {}\nsubjects: {}\nemail: {}\nactive {}".format(self.firstName,self.lastName, self.phone, self.address, self.tutorType, self.gender, self.subjects, self.email, self.active)


class Addresses(models.Model):
    address1 = models.CharField("Address Line 1", max_length=128, null=True)
    address2 = models.CharField("Address Line 2", max_length=128, null=True)
    city = models.CharField("City", max_length=64, null=True)
    state = models.CharField("State", max_length=64, null = True)
    zipCode = models.CharField("Zip Code", max_length=5, null = True)

    class Meta:
        ordering = ('address1', 'address2', 'city', 'state','zipCode')
        db_table = 'Addresses'
    def __str__(self):
        return "{} {} {} {} {}".format(self.address1, self.address2, self.city, self.state, self.zipCode)

The relationship between Person and address is one to one. Is there anything obviously wrong that I'm doing? I've narrowed this issue down to this exact few lines of code and I am still stuck. Any advice?

Edit: I have updated the code so that I'm only working with an instance of the person address, but the save on the person is wiping out the address data. still don't know what's wrong.

Django chaining prefetch_related and select_related
Let's say I have following models
```
class Foo(models.Model):
    ...

class Prop(models.Model):
    ...

class Bar(models.Model):
    foo: models.ForeignKey(Foo, related_name='bars', ...)
    prop: models.ForeignKey(Prop, ...)
```
Now I want to make the following query.
```
foos = Foo.objects.prefetch_related('bars__prop').all()
```
Does the above query makes 3 Database calls or only 2 (select_related for prop from bar), given that only one prop is associated with bar

If it takes 3 calls then, is there a way to make it 2 calls by using selected_related for bar -> prop
Waiting for a prefetch to complete

As far as I know, on both recent AMD and Intel chips, prefetch instructions can retire before the associated data arrives. That is, unlike loads, retirement doesn't depend on the arrival of the associated data in the requested cache level¹.

Assuming I issue a series of prefetch instructions and now I want to wait for the data to arrive before proceeding, is there any way to do it? It doesn't seem like lfence will work since the instruction can retire even if the data hasn't arrived.

¹ There does seem to be a significant difference relating to how Intel and AMD chips handle execution of prefetch instructions: Intel will always execute the prefetch instruction, and so will block if resources (such as fill buffers) are not available. AMD chips on the other hand, seem to only execute the prefetch instruction if resources are available: otherwise, the prefetch may simply be dropped. Both strategies have their merits depending on the code and access pattern.
Prefetching Instructions / Functions instead of Data

How can the prefetch instruction be used to prefetch instructions rather than data?

I can find plenty of information/documentation on prefetch for data. I have been using __builtin_prefetch in GCC and my understanding is by passing the address of the desired data, it will prefetch that cache line that contains that data if the data type supports it.

However, I can't seem to find explicit information on how to prefetch instructions. Would you just pass a pointer to a function for example? And if so, how do you know how long the given instructions is (if you need to include extra cache lines for example). If a given function's assembly code involves a jump of some kind to code that might not be in the same cache line, do you just have to determine that yourself and explicitly prefetch the potential additional functions/instructions?
WAL data Firefox history
where does Firefox store the deleted items? So if Firefox opened, a WAL- File were created and if Firefox closed the the file got deleted and so where is the deleted wal -file goes, so I can try to recover this wal file?
```
Hope u understand :)
```
Best regards

Extract usernames from FileVault 2-encrypted disk image

I am working on bitstream (dd) images of disks from MacBook (Mac OS X 10.11.6) encrypted with File Vault 2. I do not have any password, passphrase or recovery key to unlock the drive, but I am not interested on unlocking/decrypting the drive.

I only need to extract all the possible information related to the login screen. This information should include usernames enabled to log in and password suggestions (if any). For password suggestion, I mean the suggestions which are available if you click on the question mark (?) at the right of the password box.

Here is an example of login screen:

As far as I understood, the system starts a special EFI pre-boot where it displays the FileVault 2 unlock screen with the icons of designated OS X accounts approved to unlock the disk. Login information (usernames, etc) should not be encrypted because they are available and visible when you start the system and before user logs in using the password (i.e., disk is not unlocked yet).

I have also tried to get this information by attaching the image and then using sudo fdesetup list -device <UUID> but apparently this operation is not allowed for an external device. Again, I am not able to unlock the image because I do not have any password. However, I believe that usernames should be available somewhere in a not encrypted format because they are visible when I start the system.

Here is the output of diskutil list after attaching the disk image (stored in an external USB drive) with hdiutil attach -nomount /Volumes/USB/image.dd.dmg:

/dev/disk0 (internal):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                         500.3 GB   disk0
   1:                        EFI EFI                     314.6 MB   disk0s1
   2:                 Apple_APFS Container disk1         500.0 GB   disk0s2

/dev/disk1 (synthesized):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      APFS Container Scheme -                      +500.0 GB   disk1
                                 Physical Store disk0s2
   1:                APFS Volume Macintosh HD            143.2 GB   disk1s1
   2:                APFS Volume Preboot                 21.0 MB    disk1s2
   3:                APFS Volume Recovery                522.1 MB   disk1s3
   4:                APFS Volume VM                      1.1 GB     disk1s4

/dev/disk2 (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *3.0 TB     disk2
   1:         Microsoft Reserved                         16.8 MB    disk2s1
   2:       Microsoft Basic Data TARGET                  3.0 TB     disk2s2

/dev/disk3 (disk image):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        +121.3 GB   disk3
   1:                        EFI EFI                     209.7 MB   disk3s1
   2:          Apple_CoreStorage Macintosh HD            120.5 GB   disk3s2
   3:                 Apple_Boot Recovery HD             650.0 MB   disk3s3

Offline
                                 Logical Volume Macintosh HD on disk3s2
                                 UUUUUUUU-UUUU-UUUU-UUUU-UUUUUUUUUUUU
                                 Locked Encrypted

Here is the output of diskutil cs list:

CoreStorage logical volume groups (1 found)
|
+-- Logical Volume Group UUUUUUUU-UUUU-UUUU-UUUU-UUUUUUUUUUUU
    =========================================================
    Name:         Macintosh HD
    Status:       Online
    Size:         120473067520 B (120.5 GB)
    Free Space:   12656640 B (12.7 MB)
    |
    +-< Physical Volume UUUUUUUU-UUUU-UUUU-UUUU-UUUUUUUUUUUU
    |   ----------------------------------------------------
    |   Index:    0
    |   Disk:     disk3s2
    |   Status:   Online
    |   Size:     120473067520 B (120.5 GB)
    |
    +-> Logical Volume Family UUUUUUUU-UUUU-UUUU-UUUU-UUUUUUUUUUUU
        ----------------------------------------------------------
        Encryption Type:         AES-XTS
        Encryption Status:       Locked
        Conversion Status:       Complete
        High Level Queries:      Fully Secure
        |                        Passphrase Required
        |                        Accepts New Users
        |                        Has Visible Users
        |                        Has Volume Key
        |
        +-> Logical Volume XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
            ---------------------------------------------------
            Disk:                  -none-
            Status:                Locked
            Size (Total):          120108089344 B (120.1 GB)
            Revertible:            Yes (unlock and decryption required)
            LV Name:               Macintosh HD
            Content Hint:          Apple_HFS

If I try the fdesetup command, I get the following error:

$ fdesetup status -device XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Error: The -device option is not allowed for this operation.

Every attempt using another UUID causes this error: Error: The specified volume or device 'UUUUUUUU-UUUU-UUUU-UUUU-UUUUUUUUUUUU' did not return any information.

Finally, the question is "How can I extract login information (not passwords) from a disk image encrypted with File Vault 2?". Based on the availability of this information before entering the password, I assume that usernames as well as other information (e.g., password hints) are not encrypted and could be extracted from a disk image.

Looking forward for your feedback.

Thanks a lot. gostep

Problem with FTK Licenses and security device

I installed FTK but l cant run it. After clicking on icon l get this message : "No security device was found . Would you like to specify a location for a network security device? Yes to continue or No to exit FTK"

Also l need a licenses for CodeMeter but l dont have it on my PC . If anyone can help me ...

Related questions

Why do we need userassist if we already have prefetch?

See also questions close to this topic