search for: keypairs

Hello, I am testing mail_crypt plugin with per account encryption and wanted to generate a new keypair for an account but noticed that I now end up with 2 keypairs where one is active and the other inactive as you can see below: $ doveadm mailbox cryptokey list -u email at domain.tld -U Folder Active Public ID yes 7b140b4f3d6d68eed2c59259ac5e6f6a280dc82990292dc415b4100d6c797f67 no 1c1dd1c955757da7c19f1eeb6d6c4d0d66e6355baa2d844bc2623052...

Dear All, I just tried to use 8192bit keypair for Tinc VPN connection. The connection is unable to build up. After reduce the bit of keypair from 8192bit to 4096bit. Everything is resumed to normal. How large of public/private RSA keypair can support for TINC VPN 1.0.22 on Windows platform? Regards, ERIC P Please consider your environmental responsibility. Before printing this e-mail

??????? Original Message ??????? On Thursday, July 4, 2019 11:17 AM, @lbutlr via dovecot <dovecot at dovecot.org> wrote: > > Is it possible to delete the inactive keypair? if yes how? > > Wouldn?t you then be unable to *unencrypt* previous emails? That's also what I thought but based on my understand and on the documentation of the "mailbox cryptokey generate"

Hello. I am a newcomer to rsync so please forgive me if this question is dumb. I'm still learning rsync and I didn't find anything on this topic elsewhere. Is it possible to run the rsync client on windows with a passworded keypair using Pageant or SSH Accession? When I attempt to run these commands I receive errors. I am trying the following: rsync -e "ssh2 -l myusername -p

On 3 Jul 2019, at 06:38, mabi via dovecot <dovecot at dovecot.org> wrote: > Is it possible to delete the inactive keypair? if yes how? Wouldn?t you then be unable to encrypt previous emails?

...a_key.priv -pubout this one will print out a public key in the same format as the public key stored in the hosts file, i tested it with some clients, and every private key will generate a pubkey different to the one in the hostfile, but each of these clients do work in my vpn, so the public/private keypairs must match. A second command i found by googling ssh-keygen -y -f rsa_key.priv will output something that ist totally different to the original. openssl rsa -in rsa_key.priv -pubout: -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0P8+wFjp+VT/TsDaiDRsTBnpS Qdkd6OvEnyMJtCux1bKed9o...

Do I have to replace the "password" part with the actual password or can I just copy it like that? Will dovecot create the keypair automatically or do I have to use doveadm? 4. Sep. 2019, 08:33 von aki.tuomi at open-xchange.com: > > > > On 4.9.2019 9.21, **** **** via dovecot wrote: > >> Hello there, >> >> is there a way to make the

Hi, all. So, in reviewing my OpenSSH keypairs and evaluating the size my RSA keys should be, i realized that, if i update my 2048-bit keypairs to 4096 bits, it really doesn't matter that much, because they're still only encrypted with 3DES, which provides an effective 112 bits of symmetric encryption strength: $ head -4 ~/.ssh/id_...

...the installed default, ~/.ssh/config doesn't exist. Access is via ~/.ssh/authorized_keys only. remote[g][n] - remote internet hosts [generally untrusted] ssh[d]_config are the installed default, ~/.ssh/config doesn't exist. Access is via ~/.ssh/authorized_keys only. Policy prevents keypairs sitting on the disks of any host except for ws[g][n]. Therefore, they are not there to be selectable with: IdentityFile and IdentitiesOnly However, they are loaded in ws[g][n]'s agent. So hopping around like this works fine because ForwardAgent is set by default everywhere: wsa1 -> locala...

Is any of the password schemes supported or is there a reason you chose pkcs5? 4. Sep. 2019, 08:45 von aki.tuomi at open-xchange.com: > > It should pick up the password used by the user, there is a caveat here though. The keypair is created on first use, so password will be initialized to empty string going thru pkcs5. This is slightly inconvenient. > > > To avoid

In the u2f protocol, my understanding is in the normal case, the web browser seeds the keypair process with the hostname of the remote server. In the case of ssh, the hostname is probably not what I would want to do. But the u2f protocol seems to have a way to handle this. It just needs to be exposed to the user. The content of the private keyfile in ssh is generated somehow. Where is that done?

I have published the preview of a "hints and tips" article for the upcoming print edition of Secure Computing Magazine (Australia) on OpenSSH Public/Private Key Fingerprinting, including "BubbleBabble" encoding and the ASCII ?randomart image?, at http://cmlh.id.au/tagged/openssh -- Regards, Christian Heinrich http://cmlh.id.au/contact

Hello folks, I am new here, so please be gentle :), and any help will be appreciated. Essentially what I am trying to do is, to use Jsch ( the java implementation of SSH client). it has support for Public key based authentication. Since there is a requirement for FIPS enablement, we are trying to use the Algorithm SHA256withRSA, instead of SHA1withRSA. When the code tries to verify the

When using openssh with a u2f key, you generate a key via: ssh-keygen -t ecdsa-sk Each time you run it, it gives a different key pair. (Randomly seeming). A differently generated key pair is not valid with the first's public key. All good so far, but you run into a problem if: You generate a keypair (A). You register your public key for (A) on a bunch of ssh servers. You take

On 06.07.23 23:37, MCMANUS, MICHAEL P wrote:> So changing the forced command as stated will break the application. I > would need to create a test bed to simulate the listener rather than > use the server as is, where is. That may produce false or misleading > results. Since the forced command is tied to the specific keypair in the authorized_keys, you could -- test with a different

Hello, For those who run tinc on Debian or Debian-based distributions like Ubuntu and Knoppix, be advised that the following security issue affects tinc as well: http://www.debian.org/security/2008/dsa-1571 In short, if you generated public/private keypairs for tinc between 2006 and May 7th of 2008 on a machine running Debian or a derivative, they may have been generated without a properly seeded random number generator. Please ensure you have updated your OpenSSL packages and regenerate all suspect keypairs. Do not forget to restart tinc. If you hav...

Hello, For those who run tinc on Debian or Debian-based distributions like Ubuntu and Knoppix, be advised that the following security issue affects tinc as well: http://www.debian.org/security/2008/dsa-1571 In short, if you generated public/private keypairs for tinc between 2006 and May 7th of 2008 on a machine running Debian or a derivative, they may have been generated without a properly seeded random number generator. Please ensure you have updated your OpenSSL packages and regenerate all suspect keypairs. Do not forget to restart tinc. If you hav...

...e specifically I have been investigating working toward a more enterprise-friendly hierichical authentication scheme, but I have quickly realized the magnitude of such a change. I have worked with LDAP/PAM, but there are parts of ssh that are not very interoperable with LDAP, such as pub/priv keypairs. These can be stored in a directory, but it is quite a kludge to do so at this point. Thoughts and comments appreciated. Thanks, Ryan

> Technically creating and encrypting folder key does not > require decrypting user's private key. All folder keys > are encrypted with user's public key. Problem is for that this is a new user. The new user has no private key. I need for generating that private key. It do not the sense encrypts something using a key public if there is no private key. Both key public and private

It should pick up the password used by the user, there is a caveat here though. The keypair is created on first use, so password will be initialized to empty string going thru pkcs5. This is slightly inconvenient. To avoid this, you should probably have protocol imap { ??? passdb { ????? driver = static ????? args = userdb_mail_crypt_private_password=%{pkcs5,salt=%u,format=base64:password} }