Symmetric key creation with CKA_SENSITIVE false and CKA_PRIVATE as true - cryptography

I am working on a cloud HSM service and I see CKA_ATTRIBUTE_INVALID error when I am trying to create a AES 256 key with following attributes:
CKA_TOKEN=0
CKA_SENSITIVE=0
CKA_PRIVATE=1
CKA_ENCRYPT=1
CKA_DECRYPT=1
CKA_SIGN=1
CKA_VERIFY=1
CKA_WRAP=1
CKA_UNWRAP=1
CKA_DERIVE=1
CKA_EXTRACTABLE=1
CKA_MODIFIABLE=0
and hence the error:
Status: C_DeriveKey returned error. (CKR_ATTRIBUTE_VALUE_INVALID)
I figured out if I pass CKA_SENSITIVE and CKA_PRIVATE both as 1 it passes and key gets created.
My question is how do I know which are the valid attribute combinations?
Can someone point me to a documentation, please.
I didn't find much details in standard PKCS#11 spec guide.
I would appreciate any help here!!
Cheers.

As far as I can see the following attributes are have wrong values:
CKA_SIGN=1
CKA_VERIFY=1
Symmetric key can't be used in signing.
Also this values are have some questions:
CKA_TOKEN=0
means that the key is session object,
CKA_SENSITIVE=0
means that the key value is "visible" - it is not secure.
From my experience:
try to remove attributes from template one by one and you can find which of them are wrong.

Related

Mule esb 3.8 How to check if property exist in payload and validate it is guid (uuid)

I know how to validate property if its match regexp:
regex = "^[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$"
for guid, but if its not send in payload - receiving error, is it a simple way to check if property exist and do validate only then?
As per now I check with choice if its exist and if so then do validation, but interested if its more smarter way to do such as if I will have 20 properties to check its becomes very messy flow.
For example 3 validations at the moment:
You could use the Validations Module All validator which seems to cover this use case. Note that you can not customize the exception or message. If this is not acceptable then you could use individual validations in the flow instead.
Example:
<validation:all doc:name="Validation">
<validation:validations>
<validation:is-not-empty doc:name="Validation" value="#[payload.firstName]" message="Firstname cannot be empty"/>
<validation:is-not-empty doc:name="Validation" value="#[payload.lastName]" message="Lastname cannot be empty"/>
<validation:is-number message="Not an adult" value="#[payload.age]" minValue="18" numberType="INTEGER"/>
<validation:is-email email="#[payload.email]" />
<validation:matches-regex message="Invalid SSN" value="#[payload.ssn]" regex="^(?!000|666)[0-8][0-9]{2}-(?!00)[0-9]{2}-(?!0000)[0-9]{4}$"/>
<validation:validate-size value="#[payload.ssn]" min="11" max="11" message="SSN too short"/>
</validation:validations>
</validation:all>

I am trying to understand what exactly is signature query parameter in binance

I am trying to access this endpoint, where signature parameter has to be sent as query parameter
https://binance-docs.github.io/apidocs/spot/en/#current-open-orders-user_data
I am trying to understand what value for that signature key should be passed.
Firstly i thought it was secret key binance exchange given. But it was not, because when try to above endpoint it says that :
{
"code": -1022,
"msg": "Signature for this request is not valid."
}
^Postman
As you can see i passed my secret key as the value for signature key. It is not working. So what am i really missing here ? or do i need to do some transformations to the secret key ? please help me understand it and advance thanks!
It looks like you are putting the timestamp before the recvWindow in your query string.
timestamp is always the last parameter and the order of the parameters in the docs clearly puts recvWindow before timestamp.
I managed to get it working with query string recvWindow=60000&timestamp=1652512756366
Secret key and signature are two different things.
You need to sign the parameters with your secret key. This process produces a signature. And then you pass this resulting signature to the payload.
I'm not sure how to produce the signature in C++, however Binance docs show an example of signing the data in console with openssl (scroll right on all 3 examples).

How to add custom message from Key Value pair to the model validation error messages

Hi I just got question where i need to assign the error messages for my model validation from key value pair, i tried with the ModelState.AddModelError("TaskName","Error Message"), but i need some thing more reliable and Error messages are residing in database.
So any luck from my friends out there.
Thanks in advance

2 DKIM on same domain

We are using an external service for our newsletter, which has required the followin DKIM setup in our domain gipote.dk:
_domainkey.gipote.dk. 43200 IN TXT "o=~"
default._domainkey.gipote.dk. 43200 IN TXT "k=rsa\; p=MIGf...ibnrkoqQIDAQAB"
(I truncated the public key for purpose of readability...)
However we are also sending out e-mail from our own server, which I would also like to sign.
Is it possible to have more than one public-key TXT record in our domain gipote.dk? If so, how should it be set up?
EDIT: I do not have access to the private key, that is used by the newsletter service. So I will not be able to just install that on my own server.
/ Carsten
I found out, that the answer is YES :-)
"default" can easily be replaced with another selector name.
Yes you can change the default to another selector.
BUT if you do the domain it is on will no longer verify the domain.
You need to Add a second key NOT CHANGE whats existing
using Google mail you end up with
default._domainkey "v=DKIM1; k=rsa; p=MIIBIj....."
google._domainkey "v=DKIM1; k=rsa; p=MIGfMA......"

Using the Bloomberg API, how do I request the price information for the HTUSMOML and GSTHHVIP indexes

Using the Bloomberg API, how do I request the price information for the HTUSMOML and GSTHHVIP indexes.
Part of the basic code which I am using is listed below:
session.OpenService("//blp/refdata");
Service refDataService = session.GetService("//blp/refdata");
Request request = refDataService.CreateRequest("ReferenceDataRequest");
request.Set("security", "HTUSMOML US INDEX");
request.Set("security", "GSTHHVIP US INDEX");
request.Append("fields", "PX_LAST");
request.Append("fields", "OPEN");
I get an error of "Symbol not available in service: ReferenceDataRequest.
Thanks
RC
Have you tried using the same syntax and asking for a well-known index, like INDU or QQQQ or something? That would eliminate a lot of possibilities.
If that works, then are you sure there is reference data available for these indices? Sometimes they only have pricing data, not reference data.
Next, are you sure you are permissioned to get this data? Either you may not be allowed, or your API setup may not be providing proper authentication for an account that does have permission.
If none of that works, you really need to follow Help Help and call the analytics desk for assistance.
There are a few issues with your code you should address:
You're setting the security twice, the second time overrides the first
You probably should be doing
request.Append("securities", ...);
The yellow key which you're specifying should be given in lower case.
Index securities don't have an exchange in their name - lose the US, it's just "HTUSMOML Index"
I recommend not using the yellow key at all, instead use the Bloomberg Global Identifier in this format:
request.Append("securities", "/bbgid/BBG000RGBSK8");
(BTW, BBG000RGBSK8 is the actual Bloomberg Global Identifier for HTUSMOML Index)