Deploying OpenStack
by
Ken Pepple
Published 26 Jul 2011
Nova Database Schema Table NameDescription migrate_version Stores current version of the database schema as well as other migration-related info. Only used internally and by developers during upgrades. migrations Used for running host-to-host migration. auth_tokens Maps Authorization tokens (for all API transactions) to actual users (via the user id field). certificates Mappings for user, projects, and x509 certificates files networks Information pertaining to networks defined in Nova. Includes IP addressing, VLAN, and VPN information. compute_nodes Capabilities (vcpus, memory, etc.) and state (vcpus used, memory used, etc.) of each compute node. projects Information about projects, including project manager.
Mastering Blockchain, Second Edition
by
Imran Bashir
Published 28 Mar 2018
Organizational Unit Name (eg, section) []:NA Common Name (e.g. server FQDN or YOUR name) []:drequinox Email Address []:drequinox@drequinox.com The certificate can be explored using the following command: $ openssl x509 -in ecccertificate.pem -text -noout The following output shows the certificate: X509 certificate that uses ECDSA algorithm with SHA-256 There following topics in cryptography are presented because of their relevance to blockchain, or their potential use in future blockchain ecosystems. Homomorphic encryption Usually, public key cryptosystems, such as RSA, are multiplicative homomorphic or additive homomorphic, such as the Paillier cryptosystem, and are called Partially Homomorphic Encryption (PHE) systems.
Engineering Security
by
Peter Gutmann
SPK 663 Name Authorisation Name I Authorisation Figure 179: X.509 (top) and SPKI (bottom) certificate functionality In abstract terms an X.509 certificate can be thought of as a signed n-tuple that asserts a predicate p( x1, x2, x3, … xn ) over the fields that it contains. Unfortunately there’s no way to indicate exactly what that predicate is. Some examples of required predicates might include has_read_access_to or can_withdraw_money_from, while the only real predicate that an X.509 certificate can offer is the tautological is_an_X509_certificate [38]. An alternative technology to X.509 called Simple Public Key Infrastructure (SPKI), whose operation is shown in Figure 179, asserts a user-defined predicate specified by the issuer of the certificate, so that the relying party can make meaningful authorisation decisions based on the contents of the certificate [90][91].
…
“Internet Security enters the Middle Ages”, Rolf Oppliger, IEEE Computer, Vol.28, No.10 (October 1995), p.100. “Compliance Defects in Public-Key Cryptography”, Don Davis, Proceedings of the 6th Usenix Security Symposium (Security’96), July 1996, p.171. “WiMAX Certificate Authority Users Overview”, WiMAX Forum, undated but apparently mid-2008, http://members.wimaxforum.org/certification/x509_certificates/pdfs/wimax_ca_users_overview.pdf. [33] [34] [35] [36] [37] [38] [39] [40] [41] [42] [43] [44] [45] [46] “Is PGP X.509's secret weapon?”, Peter Gutmann, posting to the cryptography@metzdowd.com mailing list, message-ID E1LsDw2-0000ezUF@wintermute01.cs.auckland.ac.nz 10 April 2009.
Exim: The Mail Transfer Agent
by
Philip Hazel
Published 7 Jul 2001
* See http://www.openssl.org/. 9 October 2001 09:11 Encrypted SMTP Connections 369 To support TLS on a server, you must set tls_advertise_hosts to match some hosts, and you must also specify files that contain a certificate and a private key. For example: tls_advertise_hosts = * tls_certificate = /etc/secure/exim/cert tls_privatekey = /etc/secure/exim/privkey The first file contains the server’s X509 certificate, and the second contains the private key that goes with it. These files need to be readable by the Exim user. They can be the same file if both the certificate and the key are contained within it. With just these two options set, Exim will work as a server with clients such as Netscape. It does not require the client to have a certificate (but see the next section for how to insist on this).