Apologies, as it is not programming related... I've made a mistake and will my ISP screw me over
I accidentally came across some animal pornography. I saw it, and with shock, I started to look further (clicking at least 3 links by now) and now I am anxious the police will come to my door. Will they? And what's the worst that can happen?
See also questions close to this topic
Data privacy using Microsoft translation services
We as an enterprise use Microsoft Office Click to run (O365 subscription). Client software present us with popup that indicate/warn data is send to MS or third parties. Mentioned popup obviously is making users unhappy. Is data really send to any third parties? This article says somewhat contrary:
Are my applications safe from the GDPR suspension?
Since then (10 months), my apps are running fine without any warnings. Should I be concerned or is it fine to leave apps like that? I don't use consent SDK or anything else. I have few apps where I plan to add AdMob ads, and I am wondering is it safe to do it like with previous apps.
And here I plan to put ads: https://play.google.com/store/apps/details?id=com.sladjan.music
extract stored passphrase from the oracle keystore
Our customer complains about stored encryption key in the Tomcat context.xml as plain text (well, he is definitely right at this point). And he wants to use external keystore to store this encryption key.
I was able to create a keystore and put a symmetric key in there with following command:
keytool -importpassword -alias encryption-key -keystore your.keystore -storetype pkcs12
This keystore has the 'PSCS12' type and, actually, can store symmetric keys. My stored password has an alias, which is 'encryption-key'. 'your.keystore' is a keystore file.
But i have a problem - i can not extract it.
If i will try to extract if from the java code - then i will need to provide salt and iterations count, like this:
final SecretKey secretKey = (SecretKey) keyStore.getKey(alias, password.toCharArray()); System.out.println("[*] Encryption algorithm: " + secretKey.getAlgorithm()); Cipher cipher = Cipher.getInstance(secretKey.getAlgorithm()); AlgorithmParameterSpec algorithmParameterSpec = new PBEParameterSpec(SALT, ITERATION_COUNT); cipher.init(Cipher.DECRYPT_MODE, secretKey, algorithmParameterSpec); String decryptedData = Arrays.toString(cipher.doFinal(secretKey.getEncoded())); System.out.println("Decrypted Key: " + decryptedData);
But i'm not sure which values i should provide to it, because i was storing my passphrase using the command line.
Encryption algorithm that are being used is PBEWithMD5AndDES. I can see my stored passphrase in a debugger session, i can actually see even a passphrase length, but i can not decrypt it.
So, what are my options here? Customer wants to have a standard implementation (JCA). How can i extract my passphrase that was generated with a command above?