X-Git-Url: https://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/7d79a3ed2b071df82e69eb512a6f3ed985516cd2..d7229285e9b6e0c99611af5fc2c6f5a669e5826e:/blog/tags/sikkerhet/index.html

diff --git a/blog/tags/sikkerhet/index.html b/blog/tags/sikkerhet/index.html
index 8069188545..ec51ada3e7 100644
--- a/blog/tags/sikkerhet/index.html
+++ b/blog/tags/sikkerhet/index.html
@@ -20,6 +20,158 @@
 
     <h3>Entries tagged "sikkerhet".</h3>
     
+    <div class="entry">
+      <div class="title">
+        <a href="http://people.skolelinux.org/pere/blog/Fetching_trusted_timestamps_using_the_rfc3161ng_python_module.html">Fetching trusted timestamps using the rfc3161ng python module</a>
+      </div>
+      <div class="date">
+         8th October 2018
+      </div>
+      <div class="body">
+        <p>I have  earlier covered the basics of trusted timestamping using the
+'openssl ts' client.  See blog post for
+<a href="http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html">2014</a>,
+<a href="http://people.skolelinux.org/pere/blog/syslog_trusted_timestamp___chain_of_trusted_timestamps_for_your_syslog.html">2016</a>
+and
+<a href="http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html">2017</a>
+for those stories.  But some times I want to integrate the timestamping
+in other code, and recently I needed to integrate it into Python.
+After searching a bit, I found
+<a href="https://dev.entrouvert.org/projects/python-rfc3161">the
+rfc3161 library</a> which seemed like a good fit, but I soon
+discovered it only worked for python version 2, and I needed something
+that work with python version 3.  Luckily I next came across
+<a href="https://github.com/trbs/rfc3161ng/">the rfc3161ng library</a>,
+a fork of the original rfc3161 library.  Not only is it working with
+python 3, it have fixed a few of the bugs in the original library, and
+it has an active maintainer.  I decided to wrap it up and make it
+<a href="https://tracker.debian.org/pkg/python-rfc3161ng">available in
+Debian</a>, and a few days ago it entered Debian unstable and testing.</p>
+
+<p>Using the library is fairly straight forward.  The only slightly
+problematic step is to fetch the required certificates to verify the
+timestamp.  For some services it is straight forward, while for others
+I have not yet figured out how to do it.  Here is a small standalone
+code example based on of the integration tests in the library code:</p>
+
+<pre>
+#!/usr/bin/python3
+
+"""
+
+Python 3 script demonstrating how to use the rfc3161ng module to
+get trusted timestamps.
+
+The license of this code is the same as the license of the rfc3161ng
+library, ie MIT/BSD.
+
+"""
+
+import os
+import pyasn1.codec.der
+import rfc3161ng
+import subprocess
+import tempfile
+import urllib.request
+
+def store(f, data):
+    f.write(data)
+    f.flush()
+    f.seek(0)
+
+def fetch(url, f=None):
+    response = urllib.request.urlopen(url)
+    data = response.read()
+    if f:
+        store(f, data)
+    return data
+
+def main():
+    with tempfile.NamedTemporaryFile() as cert_f,\
+    	 tempfile.NamedTemporaryFile() as ca_f,\
+    	 tempfile.NamedTemporaryFile() as msg_f,\
+    	 tempfile.NamedTemporaryFile() as tsr_f:
+
+        # First fetch certificates used by service
+        certificate_data = fetch('https://freetsa.org/files/tsa.crt', cert_f)
+        ca_data_data = fetch('https://freetsa.org/files/cacert.pem', ca_f)
+
+        # Then timestamp the message
+        timestamper = \
+            rfc3161ng.RemoteTimestamper('http://freetsa.org/tsr',
+                                        certificate=certificate_data)
+        data = b"Python forever!\n"
+        tsr = timestamper(data=data, return_tsr=True)
+
+        # Finally, convert message and response to something 'openssl ts' can verify
+        store(msg_f, data)
+        store(tsr_f, pyasn1.codec.der.encoder.encode(tsr))
+        args = ["openssl", "ts", "-verify",
+                "-data", msg_f.name,
+	        "-in", tsr_f.name,
+		"-CAfile", ca_f.name,
+                "-untrusted", cert_f.name]
+        subprocess.check_call(args)
+
+if '__main__' == __name__:
+   main()
+</pre>
+
+<p>The code fetches the required certificates, store them as temporary
+files, timestamp a simple message, store the message and timestamp to
+disk and ask 'openssl ts' to verify the timestamp.  A timestamp is
+around 1.5 kiB in size, and should be fairly easy to store for future
+use.</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+
+      </div>
+      <div class="tags">
+        
+        
+        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+        
+        
+      </div>
+    </div>
+    <div class="padding"></div>
+    
+    <div class="entry">
+      <div class="title">
+        <a href="http://people.skolelinux.org/pere/blog/Stortingsflertallet_g_r_inn_for_ny_IP_basert_sensurinfrastruktur_i_Norge.html">Stortingsflertallet går inn for ny IP-basert sensurinfrastruktur i Norge</a>
+      </div>
+      <div class="date">
+        24th April 2018
+      </div>
+      <div class="body">
+        <p><a href="https://www.vg.no/sport/i/J1g8zj/stortingsvedtak-snart-ip-blokkerer-utenlandske-spillselskaper">VG</a>,
+<a href="https://www.dagbladet.no/nyheter/stortinget-blokkerer-utenlandske-spillselskaper/69740219">Dagbladet</a>
+og
+<a href="https://www.nrk.no/ostfold/tar-opp-kampen-mot-utenlandske-spillselskap-1.14021381">NRK</a>
+melder i dag at flertallet i Familie- og kulturkomiteen på Stortinget
+har bestemt seg for å introdusere en ny sensurinfrastruktur i Norge.
+Fra før har Norge en «frivillig» sensurinfrastruktur basert på
+DNS-navn, der de største ISP-ene basert på en liste med DNS-navn
+forgifter DNS-svar og omdirigerer til et annet IP-nummer enn det som
+ligger i DNS.  Nå kommer altså IP-basert omdirigering i tillegg.  Når
+infrastrukturen er på plass, er sensur av IP-adresser redusert et
+spørsmål om hvilke IP-nummer som skal blokkeres.  Listen over
+IP-adresser vil naturligvis endre seg etter hvert som myndighetene
+endrer seg.  Det er ingen betryggende tanke.</p>
+
+      </div>
+      <div class="tags">
+        
+        
+        Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+        
+        
+      </div>
+    </div>
+    <div class="padding"></div>
+    
     <div class="entry">
       <div class="title">
         <a href="http://people.skolelinux.org/pere/blog/_Rapporten_ser_ikke_p__informasjonssikkerhet_knyttet_til_personlig_integritet_.html">«Rapporten ser ikke på informasjonssikkerhet knyttet til personlig integritet»</a>
@@ -4310,12 +4462,37 @@ betydelige.</p>
 <h2>Archive</h2>
 <ul>
 
+<li>2019
+<ul>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2019/01/">January (2)</a></li>
+
+</ul></li>
+
 <li>2018
 <ul>
 
 <li><a href="http://people.skolelinux.org/pere/blog/archive/2018/01/">January (1)</a></li>
 
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2018/02/">February (1)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2018/02/">February (5)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2018/03/">March (5)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2018/04/">April (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2018/06/">June (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2018/07/">July (5)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2018/08/">August (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2018/09/">September (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2018/10/">October (5)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2018/11/">November (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2018/12/">December (4)</a></li>
 
 </ul></li>
 
@@ -4594,7 +4771,7 @@ betydelige.</p>
 <h2>Tags</h2>
 <ul>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (15)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (16)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
 
@@ -4602,15 +4779,15 @@ betydelige.</p>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/bankid">bankid (4)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (9)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (10)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (16)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (17)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/bsa">bsa (2)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (155)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (165)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (158)</a></li>
 
@@ -4620,30 +4797,32 @@ betydelige.</p>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/dld">dld (17)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (24)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (25)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (365)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (396)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (23)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (13)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (14)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (32)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (33)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox (9)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (18)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (20)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/h264">h264 (20)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (42)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (15)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (16)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (20)</a></li>
 
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/kodi">kodi (4)</a></li>
+
  <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (9)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/lego">lego (4)</a></li>
@@ -4656,21 +4835,21 @@ betydelige.</p>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/mesh network">mesh network (8)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (39)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (42)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/nice free software">nice free software (9)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/nice free software">nice free software (11)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (294)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (301)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (190)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (192)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (33)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (34)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/open311">open311 (2)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (71)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (73)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (104)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (108)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (2)</a></li>
 
@@ -4684,23 +4863,23 @@ betydelige.</p>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (5)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (6)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (53)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (55)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/skepsis">skepsis (5)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (55)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (58)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (6)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (12)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (52)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (55)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (4)</a></li>
 
@@ -4708,13 +4887,13 @@ betydelige.</p>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/valg">valg (9)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/verkidetfri">verkidetfri (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/verkidetfri">verkidetfri (15)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (61)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (73)</a></li>
 
  <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (4)</a></li>
 
- <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (40)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (42)</a></li>
 
 </ul>