As you may know, Thales has introduced two attributes named CKA_EXPORT and CKA_EXPORTABLE to make the key backup procedures more secure.
Based on the documentation, only Security Officer (SO) can enable CKA_EXPORT attribute of a key and as far as I know, SO have access to non-Private keys only.
So to enable CKA_EXPORT of a key, I think I need to do the following procedure:
Login as "User" and create a key with PRIVATE attribute equal to False
Login as "SO" and modify the attributes to make EXPORT = True and Private = True.
Well, I can enable EXPORT attribute, but when I want to modify PRIVATE attribute, I receive an error which say:
C:\Users\admin>ctkmu m -s1 -n "myKeyName" -aP
ProtectToolkit C Key Management Utility 5.2.0
Copyright (c) Safenet, Inc. 2009-2016
Enter user PIN for slot 1:
ctkmu: Modify operation failed 0x10 - attribute read only
The question is: How can I make the key PRIVATE after enabling its EXPORT attribute?
Related
The transit secrets engine returns encrypted data with a prefix:
% vault write transit/encrypt/my-key plaintext=$(base64 <<< "my secret data")
Key Value
ciphertext vault:v1:C7BqsulaJTww6+zyO+0TnjFUUdDVTQWIatlbxOtEkZbF5govTZAp8S6gjQ==
Is there any way of customazation where we can change vault:v1: >>>> CMPname:APP:
vault:v2:VHTTBb2EyyNYHsa3XiXsvXOQSLKulH+NqS4eRZdtc2TwQCxqJ7PUipvqQ==
So that it becomes:
CompnanyName:appV1:0VHTTBb2EyyNYHsa3XiXsvXOQSLKulH+NqS4eRZdtc2TwQCxqJ7PUipvqQ==
Vault has a default version template that evaluates to vault:v{{version}}. There is code that support a custom version template, but the version_template parameter is ignored when you create the key.
So as of today, this option does not exist, sorry.
This metadata is not encrypted (nor signed). I suggest you either add a prefix to it:
CompnanyName:app:vault:v1:0VHTTBb2EyyNYHsa3XiXsvXOQSLKulH+NqS4eRZdtc2TwQCxqJ7PUipvqQ=
Or replace it:
CompnanyName:app:v1:0VHTTBb2EyyNYHsa3XiXsvXOQSLKulH+NqS4eRZdtc2TwQCxqJ7PUipvqQ=
To be future proof (so that you can remove your custom code and use version_template one day), I suggest that you keep a link between my-key (the name of the key) and the prefix. As the code stands today, it is unlikely that Vault will support multiple prefixes for a single key name.
How to create a valid key for azurite storage explorer, when I give some random alpha numeric values, it's failing saying not a valid base64 value
can you provide some more details on the scenario you are trying to address?
The storage emulator will default to the standard dev account key see:
https://github.com/Azure/Azurite#storage-accounts
If you want to use a different key, you need to replace the account key with a valid base64 string, found in the constants.ts files, one per API.
You can see how it is done in the code :
export const EMULATOR_ACCOUNT_KEY_STR =
"Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==";
export const EMULATOR_ACCOUNT_KEY = Buffer.from(
EMULATOR_ACCOUNT_KEY_STR,
"base64"
);
I am developing an api.ai bot that will search for the Vendor name in the database.
a ) if vendor exist -> provide username -> provide password
b) if vendor doesn't exist -> (add vendor -> yes ) or (add vendor -> No)
I have a webhook which is checking the vendor exist in database or not .
Bot Scenario: (Example )
Case1:
User: Do Alpha exist as a vendor?
Bot: yes, Alpha exist in Database. Please Provide User Name.
User: abc#gmail.com
Bot: Please Provide Password?
User: abcdef
Bot : Welcome
Case 2:
User: Do Beta exist as a vendor ?
Bot: No Beta is not a vendor. Do you want to Register?
Case 1:
User: Yes
Bot: Please fill this Form.
Case 2:
User: No
Bot: Is there any other way I can help
One thing I have figured out, I have to use output context to trigger the intent. But how can I do it in this complex case? and how can I call multiple to follow up intent using Output Context?
I might be using a bad approach, Is there any other way to solve this ?
I do have a follow-up question.
when we pass the fulfillment response back to dialogue flow. The response print on bot console will be the default text response, how can I get "fulfillmentText" to be the Response.
Thank you Guys. This is the followup Intent scenario.
This is not complex, you are doing it wrong by having two intents for collecting username/password.
Try the following way
When you detect that your vendor is present - set the context in webhook, as say, "vendor-present"
When the vendor is not present - set the context in webhook, as say, "vendor-new"
Use lifespan (the number at the left side of the context) to set the lifetime or validity of the context.
Create a separate intent for existing vendor - say "Vendor Data Collection" for collecting username and password. Set input context as "vendor-present" in the Dialogflow. Here you will collect these as parameters in the same intent (see image below). Mark these parameters as 'required' so that they must be collected by your bot. Use the Prompt section to put your response question for collecting information like "Please provide username".
If the vendor is not present, use existing intents and set input context as "vendor-new" in the Dialogflow.
Now, few things to note - the username parameter can be collected using the system entity #sys.given-name. But it is not very accurate with the Non-American/English names. I am not sure if this is improved or not. Secondly, there is no system entity to collect passwords, so you need to set the entity as #sys.any and in the webhook, you need to use regex to extract passwords on your own. BTW - you are not supposed to share passwords!
Hope this helped you!
In my form it showing my policy and x-amz-credential, x-amz-alorithm, x-amz-signature, my bucket, etc...
data-form-data = "{"key":"/uploads/temporary/<some random numbers/letters>/${filename}",
"success_action_status":"201",
"acl":"public-read",
"Content-Type":"image/jpeg",
"policy":"<bunch of random numbers/letters",
"x-amz-credential":"<your-access-key-id>/<date>/<aws-region>/<aws-service>/aws4_request",
"x-amz-algorithm":"<some random numbers/lettering>",
"x-amz-date":"<some random numbers/letters>",
"x-amz-signature":"<some random numbers/letters>"}"
data-url="https://<bucket-name>.s3.amazonaws.com"
data-hose="<bucket-name>.s3.amazonaws.com
Yes, that's fine. It's designed not to expose sensitive data, and this data isn't sensitive.
Your AWS Access Key Secret is the only value that is secret and must not be revealed. (There's also a sensitive intermediate value called the signing key that's generated from the secret, which you won't see unless you wrote your own V4 request signing code). The signature is derived from the signing key and other request parameters; the signing key is service and region specific and is derived from the secret and used in your code, then discarded... and both of these values are generated using in a one-way process that makes it computationally infeasible to reverse-engineer.
Is there and Access equivalent to excel code Application.UserName to auto fill a text box as a default value?
Based on Feedback From HansUp I have modified as follows
Private Sub Form_Load()
Me.LastChgUser = Excel.Application.UserName
End Sub
As my Load event for the form. I now receive a Compile Error: Method or Data Member Not found. THe Txt box "LastChgUser" is on a subform "Staffing" as part form "Associate Lookup"
Access' CurrentUser() function returns the Access security account name, which will be "Admin" unless you have set up user-level security.
You can use the Windows API to get the name of the current Windows user. Try the fOSUserName() function from Get Login name.
Another alternative is the Environ() function:
? Environ("USERNAME")
hans
Although that approach is insecure, it may be adequate for your purpose: load a default value which the user will be allowed to change. However, security settings may not allow you to use it directly as the control source for a text box.