We have SRKH register key values setup for i.MX6. Now we are migrating from i.MX6 to i.MX8, so can we use the same SRKH values that we use for the i.MX6?
Can we use the same SRKH key value for i.MX6 & i.MX8?
Related
For my Identity Server 4, we have two different servers set up to host the application.
I asked our operations team to install the same certificate on the two servers. However, they both have received different thumbprints, and the values in the certifiiates are different in the following fields: kid, x5t, n and the value in the x5c chain is also different between the two, when I load the .well-known/openid-configuration/jwks address. I've posted the keys below. Will this work? I thought the values would be the same for the x5c.0 value, if they were based on the same private key.
First key:
keys
0
kty "RSA"
use "sig"
kid "8366EB61F60720FE0FCC5C0E6BF3E5F8ACC98E2DRS256"
x5t "g2brYfYHIP4PzFwOa_Pl-KzJji0"
e "AQAB"
n "6sYPa_JNapDqcw3KgvlmtbrrCuYCd1sq3R_3Ao1aAW7bHjdN1isphP8eWsCA5WeTDmDSfE1GsN2ri0pyVY8LlqAYznEyqHI1FDVS_d601TMiq_WiMTapnQQKFdw0SF1xLNWVT13QsosgErYq0g7pJvlpYDRRXymU8Arw0LMya6nD2sMbFggYEpqMdT_j7KLiZ6oC_2G5v4VVaMdZOF8ppzUkFFtj4MU4k7J_8zVM1LbCy8vH8uyjxGqCsRzbryDu-yhQmPy1FIXBX4ZZgXy8gB2bLLPtndba9rmSFMq4VbWDjwe2hqAF7X4yvru0bGeu_4mxB10vxO2KPP9Sqaniqw"
x5c
0 "MIIFvDCCA6SgAwIBAgITHQAAADE6PYCZMMXL9QAAAAAAMTANB8VHvcXFg4="
alg "RS256"
keys
0
kty "RSA"
use "sig"
kid "B2042B75C33612AC9BD31051B2821E5DEB4D0F34RS256"
x5t "sgQrdcM2Eqyb0xBRsoIeXetNDzQ"
e "AQAB"
n "zJiOYj3NhxS4vxte0GtimbMwu6DtFHISguFdlLaroRQaNciqVynyRYJ2v8y5194miwT_K3jtKnh9lSGz93Q7Z500kvmZjS9boqQFn8g-I_02FOUUcLzsJJOTcBGqt6lvja5YlVhdWKG92sq8RizkDm28GV6bdDLh8mbR6GtwyvD2iN7aHs7nE6Z-S5doFlkr4SJ9lUxNMr18WpQHqXvP3Z0lpr8E5DRVv80n5HS7u9uusZvhryOp1QgQGfikCqPc8XNcZ9GyXhtGJkHD-QlpUZVbondHZOCi5IKOUrq7LK4cgILB-zDVIGVpyl0JhhjCCp02wq9kWcgKAvTcb8m8Aw"
x5c
0 "MIIFmjCCA4KgBpvenCRU6YuvZamis9K4OrGuKNK0EwNe1tbPMViVE++/H21P/utQ=="
alg "RS256"
Why don't you use the same signing key certificate with the same private key in both installations of IdentityServer?
you also need to keep in mind that the certificate for the domain name (the server) is separate from the token signing keys.
The token signing key needs to be the same in both instances. To install the private signing key, it can be convenient to wrap it up inside a X509 certificate.
A certificate contains a private key and you can have many certificates based on the save private key. I would use openssl to generate the private signing key for the tokens and keen the domain certificate separate, just to get a clear separation of concern. If you use Azure Key Vault, you can even create and store the keys there directly.
I am trying to integrate safenet HSM with our application. I am writing the program in C. I am referring to the PKCS11 v2.20 cryptoki standard document from RSA labs. I need to generate an AES 256 bit key. While defining the template for key generation I am not sure what value needs to be passed for CKA_VALUE. While generating a DES3 key, I didn't provide this attribute and I was able to generate a key.
I searched for sample programs for CKA_LABEL but failed to find any solid examples in C. I found a couple of Java programs where they have used CKA_VALUE_LEN instead of CKA_VALUE. I am not sure if that will work.
This is the snippet given in the document. Most websites give only this snippet as an example. Nothing is specified for the array value.
CK_OBJECT_CLASS class = CKO_SECRET_KEY;
CK_KEY_TYPE keyType = CKK_AES;
CK_UTF8CHAR label[] = “An AES secret key object”;
CK_BYTE value[] = {...};
CK_BBOOL true = CK_TRUE;
CK_ATTRIBUTE template[] = {
{CKA_CLASS, &class, sizeof(class)},
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
{CKA_TOKEN, &true, sizeof(true)},
{CKA_LABEL, label, sizeof(label)-1},
{CKA_ENCRYPT, &true, sizeof(true)},
{CKA_VALUE, value, sizeof(value)}
};
The CKA_VALUE is the actual value of the key. When you tell the HSM to generate a secret key, it will generate a key for you on the hardware based on the attributes you pass in secret key template, and set the value generated in the CKA_VALUE. This attribute however cannot be read/extracted nor it can be set when generating the key, because the HSM won't allow you to inject a key (directly) from the software nor allow you to extract it from the HSM (directly).
The CKA_VALUE_LEN is the length of the key you can tell the HSM to generate. The AES key can be of length 128, 192 or 256 bits. Depending on the key size you want you would set the CKA_VALUE_LEN as 16, 24 or 32 (key size as bytes).
Is there a way to define autoincrement Field in peewee.
I understand we could define sequence but the need to create the sequence manually and not managed by create_tables deters me from using it. ( The build process is managed by create tables and I would prefer not to add manual steps )
import peewee
class TestModel(peewee.Model):
test_id = peewee.BigIntegerField(sequence='test_id_seq')
Alternate to the above code I would rather have. As most databases have serial field I dont see a point maintaining a sequence.
import peewee
class TestModel(peewee.Model):
test_id = peewee.AutoIncremenetIntField()
Either you can use PrimaryKeyField() as #wyatt mentioned in comment
or you can use Playhouse- Signal Support (peewee extensions)
from playhouse.signals import Model, pre_save
class MyModel(Model):
data = IntegerField()
#pre_save(sender=MyModel)
def on_save_handler(model_class, instance, created):
# find max value of temp_id in model
# increment it by one and assign it to model instance object
next_value = MyModel.select(fn.Max(MyModel.temp_id))[0].temp_id +1
instance.temp_id = next_value
The given answers here are outdated but this was still my first Google search result.
Peewee has a special field type for an auto incrementing primary key called AutoField:
The AutoField is used to identify an auto-incrementing integer primary
key. If you do not specify a primary key, Peewee will automatically
create an auto-incrementing primary key named “id”.
Take a look at the documentation. Example usage:
class Event(Model):
event_id = AutoField() # Event.event_id will be auto-incrementing PK.
How i can get the uuid in uefi of a partition which i have the device_handle of?
For example i'm iterating through the partitions in uefi and i want to get the uuid of the partition. (This is a gpt disk.)
A "GPT Partition Entry" has 2 GUIDs
PartitionTypeGUID Unique ID that defines the purpose and type of this
Partition. A value of zero defines that this partition entry is not
being used.
UniquePartitionGUID GUID that is unique for every partition entry.
Every partition ever created will have a unique GUID. This GUID must
be assigned when the GPT Partition Entry is created. The GPT Partition
Entry is created whenever the NumberOfPartitionEntr ies in the GPT
Header is increased to include a larger range of addresses.
I consider you are looking for the UniquePartitionGUID
If you have the partition associated device_handle then you can get the corresponding DevicePath i.e using gnu-efi
DevicePath=DevicePathFromHandle(partition_handle);
next you parse the DevicePath looking for a node as follow
-Generic Device Path Header- where
Type = Media Device Path (0x04)
Sub type = Hard Drive (0x01)
...
Partition Signature = partition GUID <<<<<<<<
Partition Format = GPT (0x02)
within this structure you'll find your needed GUID
Reference UEFI spec 2.5 (chapter 9)
In the GPT header at offset 56 is a 16-byte DiskGUID that can be used to uniquely identify the disk. (Efi specs 5.3.2).
In my application i need a unique value for a specific field in the database. This field has to be of type Integer. So i was wondering if it is possible to use a sequence for the field? And how to i implement that in my GORM domain class?
See the grails doc on how to use sequences. Depending on the source of the sequence ( (oracle/postgres) sequence number generator type / database table)
static mapping = {
intField1 generator:'sequence', params:[sequence:'sequence_name']
intField2 generator:'sequence', params:[table: 'hi_value', column: 'next_value', max_lo: 100]
}