Django SEM

•

0 likes•5,967 views

The document discusses how to sign an email message for identity verification and non-repudiation. It describes adding the 'SEM' app to INSTALLED_APPS, configuring DEFAULT_CHARSET and AUTH_CERT settings, and using the SignedEmailMessage class from the SEMail module instead of the regular EmailMessage class to send a signed message. The SignedEmailMessage requires a from_key and from_cert to attach a digital signature to the message.

Technology

Django-sem,
how to make SignedEmailMessage
out of EmailMessage in few simple
steps.
Jakub Wasielak, 2012

Identity verification

Why?
● Easier bureaucracy

● Fraud prevention
● Enabling law
● Interpersonal communication

Identity verification

How?
● Ancient times

Mostly verbal verification

Identity verification

How?
● Ancient times Mostly verbal verification
● Middle Ages

Sealing wax

Identity verification

How?
● Ancient times Mostly verbal verification
● Middle Ages Sealing wax
● Before internet

Stamps

Identity verification

How?
● Ancient times Mostly verbal verification
● Middle Ages Sealing wax
● Before internet Stamps
● Now

S/MIME

Public-key infrastructure

Creating, managing, using, storing, and
revoking Digital Certificates.

Public-key infrastructure

All the stuff connected with
Digital Certificates.

Public-key infrastructure

All the stuff connected with
Digital Certificates.

CA – Certificate Authority – the unit capable
of issuing and verifying the digital
certificates.

Digital Certificate

X.509 (PKI)
● Signature Algorithm – selected by CA
● Issuer – CA itself
● Subject – your data
● Subject Public Key – your public key
● Certificate signature – the actual signature
● Version, Serial Number, Validity

Digital Certificate
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 7829 (0x1e95)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,
OU=Certification Services Division,
CN=Thawte Server CA/emailAddress=server-certs@thawte.com
Validity
Not Before: Jul 9 16:04:02 1998 GMT
Not After : Jul 9 16:04:02 1999 GMT
Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala,
OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb:
...
e8:35:1c:9e:27:52:7e:41:8f
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d:
...
8f:0e:fc:ba:1f:34:e9:96:6e:6c:cf:f2:ef:9b:bf:de:b5:22

Signing – first steps
MeTooCrypto:

M2Crypto is the most complete Python
wrapper for OpenSSL featuring RSA, DSA,
DH, HMACs, message digests, symmetric
ciphers, SSL functionality, HTTPS, urllib,
xmlrpclib, HMAC'ing AuthCookies,
FTP/TLS, S/MIME, ZserverSSL and
ZSmime.

Signing – first steps
MeTooCrypto:

M2Crypto is not well documented.

SignedEmailMessage – a week later
1. Add 'SEM' into INSTALLED_APPS.
2. Add DEFAULT_CHARSET and
AUTH_CERT into setting.
3. Use it.

1. Add 'SEM' into INSTALLED_APPS.

pip install django-sem

INSTALLED_APPS = (
...
'SEM',
...
)

2. Add DEFAULT_CHARSET and
AUTH_CERT into setting.
DEFAULT_CHARSET = 'utf-8'
AUTH_CERT = "resources/cert.pem"

/resources/cert.pem

-----BEGIN CERTIFICATE-----
AGSJGAS34BDS4htg0234gADSG923ng92G3h2tgjs9afgf
...
...
j892th39gSAHGy329hggeZHDg89hegZGDSHY0==
-----END CERTIFICATE-----

The CA certificate. Available at CA site.

3. Use it.
Normal EmailMessage usage
from django.core.mail import EmailMessage

msg = EmailMessage(
subject, message_body, sender, recipient_list,
attachments=attachments)
msg.send()

SignedEmailMessage usage

from SEM import SEMail

msg = SEMail.SignedEmailMessage(
subject, message_body, sender, recipient_list,
attachments=attachments,
from_key=from_key, from_cert=from_cert)
msg.send()

Similar to Django SEM

Dirty Little Secrets They Didn't Teach You In Pentest Class v2

Rob Fuller

Dirty Little Secrets They Didn't Teach You In Pentest Class v2

Chris Gates

Best Practices of IoT in the Cloud

Amazon Web Services

hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2

Chris Gates

Steam Learn: HTTPS and certificates explained

inovia

Best Practices for IoT Security in the Cloud

Amazon Web Services

Introduction to Cryptography

Bharat Kumar Katur

Cisco Connect Ottawa 2018 secure on prem

Cisco Canada

Encryption is a favorite of security and compliance professionals everywhere. Many compliance frameworks actually mandate encryption. Though encryption is important, it is also treacherous. Cryptographic protocols are subtle, and researchers are constantly finding new and creative flaws in them. Using encryption correctly, especially over time, also is expensive because you have to stay up to date. AWS wants to encrypt data. And our customers, including Amazon, want to encrypt data. In this talk, we look at some of the challenges with using encryption, how AWS thinks internally about encryption, and how that thinking has informed the services we have built, the features we have vended, and our own usage of AWS.

AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...

Amazon Web Services

AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. This webinar will introduce the best practices for IoT Security in the cloud and the access control mechanisms used by AWS IoT. These mechanisms can be used to not only securely build and provision devices, as well as integrate devices with other AWS services to create secure solutions. Learning Objectives: • Common IoT Thing Management Issues • Learn about AWS IoT Security and Access Control Mechanisms • Build Secure interactions with the AWS Cloud Who Should Attend: • Technical Decision Makers, Developers, Makers

Best Practices for IoT Security in the Cloud

Amazon Web Services

A pragmatic approach to using public / private certificates in keystores in Java. Presentation starts with a technical, but simplified explanation of security, certificates and keystores. Then it introduces best practices regarding use and maintainance of these resources. Afterwards practical howtos (eg. making certificates, keystores, ..) and a demo-application, using 2-way SSL are shown. The presentation ends with some tips and tricks regarding troubleshooting.

Java security

Bart Blommaerts

What is SSL/TLS, 1-way and 2-way SSL?

pqrs1234

There is a big bunch of tools offering HTTP/SSL traffic interception. However, when it comes to penetration tests of specialized embedded software or thick clients, we often encounter proprietary protocols with no documentation at all. Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. Though, based on our experience, it very often hides a shameful secret - completely unsecured mechanisms breaking all secure coding practices. To demonstrate, we will show a few case-studies - most interesting examples from real-life industry software, which in our opinion are a quintessence of "security by obscurity". We will challenge the security of proprietary protocols in pull printing solutions, FOREX trading software, remote desktops and home automation technologies.

Shameful secrets of proprietary network protocols

Slawomir Jasek

Secure socket layer

CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols

PROIDEA

Secrity project keyvan

itrraincity

[Wroclaw #8] TLS all the things!

OWASP

[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜

Seungmin Shin

Slides from talks at DunDDD and NDCLondon. News stories of security vulnerabilities in mobile apps are becoming more common and their impact risks affecting more and more business and consumers. It doesn't have to be this way. There are solutions to all the common security issues in mobile but sometimes we need to be made aware of what the issues are and how they can be prevented. That's what I'll show in this talk. I'll draw on more than twelve years personal experience building apps for a wide variety of industries and the accumulated knowledge of the OWASP Mobile Security. We'll look at some examples of the common security mistakes apps on iOS, Android and Windows have made and then show practical examples of how to address the issues. You'll leave this session wanting to review the security of your mobile apps but armed with the knowledge to make improvements and fix some security holes.

Is your mobile app as secure as you think?

Matt Lacey

Hardening cassandra for compliance or paranoia

zznate

Similar to Django SEM (20)

Dirty Little Secrets They Didn't Teach You In Pentest Class v2

Best Practices of IoT in the Cloud

hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2

Steam Learn: HTTPS and certificates explained

Best Practices for IoT Security in the Cloud

Introduction to Cryptography

Cisco Connect Ottawa 2018 secure on prem

AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...

Best Practices for IoT Security in the Cloud

Java security

What is SSL/TLS, 1-way and 2-way SSL?

Shameful secrets of proprietary network protocols

Secure socket layer

CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols

Secrity project keyvan

[Wroclaw #8] TLS all the things!

[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜

Is your mobile app as secure as you think?

Hardening cassandra for compliance or paranoia

Recently uploaded

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Manulife - Insurer Innovation Award 2024

The Digital Insurer

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Increase engagement and revenue with Muvi Live Paywall! In this presentation, we will explore the five key benefits of using Muvi Live Paywall to monetize your live streams. You'll learn how Muvi Live Paywall can help you: Monetize your live content easily: Set up pay-per-view access to your live streams and start generating revenue from your content. Increase audience engagement: Provide exclusive, premium content behind the paywall to keep your viewers engaged. Gain valuable viewer insights: Track viewer data and analytics to better understand your audience and tailor your content accordingly. Reduce content piracy: Muvi Live Paywall's security features help protect your content from unauthorized distribution. Streamline your workflow: The all-in-one platform simplifies the process of managing and monetizing your live streams. With Muvi Live Paywall, you can take control of your live stream monetization and create a sustainable business model for your content. Learn more about Muvi Live Paywall and start generating revenue from your live streams today!

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Roshan Dwivedi

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

MINDCTI Revenue Release Quarter One 2024

MIND CTI

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Real Time Object Detection Using Open CV

Khem

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Powerful Google developer tools for immediate impact! (2023-24 C)

Axa Assurance Maroc - Insurer Innovation Award 2024

How to Troubleshoot Apps for the Modern Connected Worker

Data Cloud, More than a CDP by Matt Robison

Manulife - Insurer Innovation Award 2024

Automating Google Workspace (GWS) & more with Apps Script

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Exploring the Future Potential of AI-Enabled Smartphone Processors

🐬 The future of MySQL is Postgres 🐘

MINDCTI Revenue Release Quarter One 2024

Boost PC performance: How more available memory can improve productivity

Real Time Object Detection Using Open CV

Artificial Intelligence Chap.5 : Uncertainty

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

presentation ICT roal in 21st century education

Django SEM

1. Django-sem, how to make SignedEmailMessage out of EmailMessage in few simple steps. Jakub Wasielak, 2012

2. Identity verification Why? ● Easier bureaucracy ● Fraud prevention ● Enabling law ● Interpersonal communication

3. Identity verification How? ● Ancient times Mostly verbal verification

4. Identity verification How? ● Ancient times Mostly verbal verification ● Middle Ages Sealing wax

5. Identity verification How? ● Ancient times Mostly verbal verification ● Middle Ages Sealing wax ● Before internet Stamps

6. Identity verification How? ● Ancient times Mostly verbal verification ● Middle Ages Sealing wax ● Before internet Stamps ● Now S/MIME

7. Public-key infrastructure Creating, managing, using, storing, and revoking Digital Certificates.

8. Public-key infrastructure All the stuff connected with Digital Certificates.

9. Public-key infrastructure All the stuff connected with Digital Certificates. CA – Certificate Authority – the unit capable of issuing and verifying the digital certificates.

10. Digital Certificate X.509 (PKI) ● Signature Algorithm – selected by CA ● Issuer – CA itself ● Subject – your data ● Subject Public Key – your public key ● Certificate signature – the actual signature ● Version, Serial Number, Validity

11. Digital Certificate Certificate: Data: Version: 1 (0x0) Serial Number: 7829 (0x1e95) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Validity Not Before: Jul 9 16:04:02 1998 GMT Not After : Jul 9 16:04:02 1999 GMT Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb: ... e8:35:1c:9e:27:52:7e:41:8f Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d: ... 8f:0e:fc:ba:1f:34:e9:96:6e:6c:cf:f2:ef:9b:bf:de:b5:22

12. Signed mail in Thunderbird

13. Signed mail in Outlook

14. Signed mail in some apple client

15. Signed mail in Gmail ?

16. Signing – first steps MeTooCrypto: M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers, SSL functionality, HTTPS, urllib, xmlrpclib, HMAC'ing AuthCookies, FTP/TLS, S/MIME, ZserverSSL and ZSmime.

17. Signing – first steps MeTooCrypto: M2Crypto is not well documented.

18. SignedEmailMessage – a week later 1. Add 'SEM' into INSTALLED_APPS. 2. Add DEFAULT_CHARSET and AUTH_CERT into setting. 3. Use it.

19. 1. Add 'SEM' into INSTALLED_APPS. pip install django-sem INSTALLED_APPS = ( ... 'SEM', ... )

20. 2. Add DEFAULT_CHARSET and AUTH_CERT into setting. DEFAULT_CHARSET = 'utf-8' AUTH_CERT = "resources/cert.pem" /resources/cert.pem -----BEGIN CERTIFICATE----- AGSJGAS34BDS4htg0234gADSG923ng92G3h2tgjs9afgf ... ... j892th39gSAHGy329hggeZHDg89hegZGDSHY0== -----END CERTIFICATE----- The CA certificate. Available at CA site.

21. 3. Use it. Normal EmailMessage usage from django.core.mail import EmailMessage msg = EmailMessage( subject, message_body, sender, recipient_list, attachments=attachments) msg.send() SignedEmailMessage usage from SEM import SEMail msg = SEMail.SignedEmailMessage( subject, message_body, sender, recipient_list, attachments=attachments, from_key=from_key, from_cert=from_cert) msg.send()

Django SEM

Recommended

Recommended

More Related Content

Similar to Django SEM

Similar to Django SEM (20)

Recently uploaded

Recently uploaded (20)

Django SEM