Extract private key from .crt - salesforce

I know there are plenty of discussions regarding this topic, but I am a newbie with certificates and keys and, honestly, I haven't find nothing helpful similar to what I need to do.
Briefly, I am managing an embedding procedure between Salesforce and Tableau Server in order to let users to access Salesforce ONCE and visualize their Tableau dashboards.
I enabled Salesforce as the identity provider and I created a certificate .crt that I have downloaded, as well an .xml file.
Now, these files must be sent to the Tableau Administrator that should upload them into TSM.
Once he opened TSM, I noticed this SAML key file, that must be uploaded in .key format.
I have read all the Tableau/Salesforce documentation, but I don't find anything regarding where the private .key must be taken from.
When creating the .crt in Salesforce, I noticed a checkbox "exportable private key" and another field that described the key size as "2048".
So, should the private key be extracted from .crt file through some SSL commands?
I asked the same on Tableau Community and an expert told me to utilize the same key of the SSL configuration in Tableau (as well as the same .crt). This led me to another doubt.. because the documentation clearly reports that the .crt to upload in Tableau must be the one provided from Salesforce..
Other experts told me to try with a conversion of the .crt in another format from which I should have been able to extract the private key..
Obviously, this is just a small part of the procedure, but the one in which I am stuck.
If someone could make some clarity there, I would appreciate a lot.
Thank you,
Gian
I tried what I described in the previous section.

Related

How can I encrypt and decrypt data on client in Meteor React?

I'm currently working on a password managing application in Meteor React and can't seem to find a way to encrypt and decrypt data on the client, with MmongoDB storing the encrypted data.
To add a little background to the task and specify what I am trying to do:
This whole application is for one single company and users are the employees only. The passwords, along with username info and some other attributes are stored in folders and users get view and edit rights to data within the folder. Passwords (along with additional info) need to be encrypted, but multiple users need to be able to access them based on the rights given to them. So when the data is encrypted, say when a person creates a password, other users with the rights to do so need to be able to decrypt this data as well. However, the decryption needs to happen on client and the server can only ever access the encrypted data.
I have tried using planifica:encryption, because it has exactly what we need for our project, but I ran into some errors and I can't get past them nor find any article about them. I have heard of Mylar in some answers to similar questions, but both Mylar and Planifica don't seem to have been updated for a few years now. I know Node.js has a crypto module, but I am not sure whether it could be used to share encrypted data among users and most importantly, how to do so.
Is there any way to do what we need for this project? I should also point out that I am relatively new to meteor and I have not dealt with encryption whatsoever, so my understanding is rather limited.
Thank you for reading!
This very much depends on the encryption you are using, but since you are interested in decrypting things client-side, it sounds like what you are looking for is the SubtleCrypto web api.
That should be all you need on top of what Meteor already provides. You should be able to use a regular meteor collection and publication to share the encrypted data with your clients, and then let them decrypt it using the above linked decrypt function. One question I'd have is how you will be able to get the decryption key to your clients while hiding it from the server, but I assume you've got that part figured out somehow.

Check RSA encryption via public key: command-line vs SQL Server

I have done some search, both here and on the web, but apparently it seems to be difficult to find a similar issue around, so I decided to post a question here.
I have the following task to accomplish (and unfortunately I am not an expert in OpenSSL encryption), having the following ingredients:
a SQL Server database (where I have 'sa' access rights, if necessary);
a DER certificate with a public key only.
I am requested to encrypt some DB data using that public key, and the result of the encryption must be the same I would obtain by using the following command (it uses the PKCS#1 v 1.5 padding, if I understood well):
.\openssl rsautl -encrypt -inkey <public key cert> -certin -pkcs
I know that SQL Server can import a certificate and encrypt data, but I don't know how/if I can set any options to drive the encryption process (e.g.: which padding it should use) in order to make sure that I really reproduced the template I was given.
On the other hand, if I am not wrong, since I have no private key, then I cannot test my encryption by just encrypting some data via SQL Server and then de-crypting them via the openssl command.
As an alternative, I thought that a check method could consist in encrypting the same data via openssl and via SQL Server, and then check if the returned strings are the same. Unfortunately, I learned from another StackOverflow question the every time a data is encrypted it is applied some random padding which cause the encrypted string to be always different.
Then, the first question: is it possible, both in the openssl command and in SQL Server, to temporarily 'fix' the used random seed, in order to make sure that every time one encrypts a string, it will always be applied the same padding, in order to be able to compare the results?
As an alternative, I would try to do my tests with a test certificate which I could try to generate with a pair of keys, but in this case I have some silly questions:
how can I generate a pair of keys and then create a certificate with the public key which will be an analogue to the one I was provided by the entity I will have to send data to?
how can I make sure that the format of this 'test' certificate is compliant to that of the production certificate provided to me?
Thanks a lot for every help and best regards. Sorry if my question can appear silly, but I am not an expert in this topic.

User import to Joomla from CSV file

Sorry for probably duplication but I am not technically minded so I do not understand most of the other posts.
I used to have a website hosted by Spruz - I have exported the user data in CSV files. I want to import this data into my Joomla site (hosted by 1and1) so users of the old ste can log in to the new one without signing up again - I have contacted 1and1 multiple times but I haven't got a helpful answer yet.
Any advice is greatly appreciated.
If you are not technically minded, then you are going to have to use a third party extension to do this. There are a few here:
http://extensions.joomla.org/extensions/migration-a-conversion/users-import-a-export
Make sure your csv matches the format they require.
If you want to do it manually with a database query, then the users table is where most of the data is stored, but check out what all the other tables starting user_ are saving when a user is created, as you may need to link their id to their usergroup or profile.
http://docs.joomla.org/Tables
(Unless they built your site, then it is very unlikely that web hosts will help with any questions about the website's content. You may need to hire a developer to help you if you get really stuck.)

Automatically apprend or prepend names of files uploaded with date or random number in SharePoint

I have somehow turned into the person to oversee my organization's SharePoint and I have been tasked with finding a way that when a file is uploaded to any of our document libraries the file name of said file is either prepended, appended with a date or random string in an effort to prevent naming collisions.
I understand that SharePoint will block uploading files with the same name but I would like to just apprend or prepend a date or string to the file name to just bypass the whole issue. Our users aren't the most tech savvy so to automatically rename their files for them would help us and them both.
Is there a way to do this currently in SharePoint's settings? I've looked into versioning and Document ID but neither prevent the naming issues so far. Is there a plug-in of some sort I could use? or do I need to have code written by someone and have it added to SharePoint?
Thanks!
The Content Organizer feature of SharePoint 2010 allows you to set a duplicate submissions tag to documents.
"Duplicate Submissions
This option specifies whether to use SharePoint versioning or append unique characters to the end of duplicate file names if a document is uploaded that has the same name as a document that is already in the destination library."
Play around with this to see if it is going to help before worrying about a more complex coded solution. Your users may also appreciate the drop box approach to document uploading.

Clarification on the security of storing database passwords in database.yml

Application: Building a small application for maintaining schedules of activity. It queries a MSSQL database. Storage for schedules is written to the MSSQL DB as well.
I've reviewed a large number of posts on stack overflow as well as googled extensively on securing the database.yml file. Maybe it's just me but I'm left with some major questions still.
1) Why exactly is storing my password in plain text in database.yml insecure? Is it because that method of storing password information is insecure in itself? Or is it because when publishing to a git repository you may inadvertently publish your database passwords in plain text?
2) If storing passwords in plain text under root/config/database.yml is insecure, why do I see a number of references to creating another yml file in the same directory to store the password? I see that some people are setting up a config.yml and creating global variables that can be used in database.yml. If this is more secure, why?
http://railscasts.com/episodes/85-yaml-configuration-file
My gut feeling is I'm missing some important knowledge on how to properly secure my database credentials. I'm really looking for an exhaustive explanation on what needs to be done to secure my credentials for sql.
Edit: I just wanted to update the context of this. I understand the need to encrypt passwords out of plain text - but I didn't understand why it seemed OK to store plain text password in other YML files.

Resources