Django SEM

•

0 likes•5,967 views

The document discusses how to sign an email message for identity verification and non-repudiation. It describes adding the 'SEM' app to INSTALLED_APPS, configuring DEFAULT_CHARSET and AUTH_CERT settings, and using the SignedEmailMessage class from the SEMail module instead of the regular EmailMessage class to send a signed message. The SignedEmailMessage requires a from_key and from_cert to attach a digital signature to the message.

Technology

Django-sem,
how to make SignedEmailMessage
out of EmailMessage in few simple
steps.
Jakub Wasielak, 2012

Identity verification

Why?
● Easier bureaucracy

● Fraud prevention
● Enabling law
● Interpersonal communication

Identity verification

How?
● Ancient times

Mostly verbal verification

Identity verification

How?
● Ancient times Mostly verbal verification
● Middle Ages

Sealing wax

Identity verification

How?
● Ancient times Mostly verbal verification
● Middle Ages Sealing wax
● Before internet

Stamps

Identity verification

How?
● Ancient times Mostly verbal verification
● Middle Ages Sealing wax
● Before internet Stamps
● Now

S/MIME

Public-key infrastructure

Creating, managing, using, storing, and
revoking Digital Certificates.

Public-key infrastructure

All the stuff connected with
Digital Certificates.

Public-key infrastructure

All the stuff connected with
Digital Certificates.

CA – Certificate Authority – the unit capable
of issuing and verifying the digital
certificates.

Digital Certificate

X.509 (PKI)
● Signature Algorithm – selected by CA
● Issuer – CA itself
● Subject – your data
● Subject Public Key – your public key
● Certificate signature – the actual signature
● Version, Serial Number, Validity

Digital Certificate
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 7829 (0x1e95)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,
OU=Certification Services Division,
CN=Thawte Server CA/emailAddress=server-certs@thawte.com
Validity
Not Before: Jul 9 16:04:02 1998 GMT
Not After : Jul 9 16:04:02 1999 GMT
Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala,
OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb:
...
e8:35:1c:9e:27:52:7e:41:8f
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d:
...
8f:0e:fc:ba:1f:34:e9:96:6e:6c:cf:f2:ef:9b:bf:de:b5:22

Signing – first steps
MeTooCrypto:

M2Crypto is the most complete Python
wrapper for OpenSSL featuring RSA, DSA,
DH, HMACs, message digests, symmetric
ciphers, SSL functionality, HTTPS, urllib,
xmlrpclib, HMAC'ing AuthCookies,
FTP/TLS, S/MIME, ZserverSSL and
ZSmime.

Signing – first steps
MeTooCrypto:

M2Crypto is not well documented.

SignedEmailMessage – a week later
1. Add 'SEM' into INSTALLED_APPS.
2. Add DEFAULT_CHARSET and
AUTH_CERT into setting.
3. Use it.

1. Add 'SEM' into INSTALLED_APPS.

pip install django-sem

INSTALLED_APPS = (
...
'SEM',
...
)

2. Add DEFAULT_CHARSET and
AUTH_CERT into setting.
DEFAULT_CHARSET = 'utf-8'
AUTH_CERT = "resources/cert.pem"

/resources/cert.pem

-----BEGIN CERTIFICATE-----
AGSJGAS34BDS4htg0234gADSG923ng92G3h2tgjs9afgf
...
...
j892th39gSAHGy329hggeZHDg89hegZGDSHY0==
-----END CERTIFICATE-----

The CA certificate. Available at CA site.

3. Use it.
Normal EmailMessage usage
from django.core.mail import EmailMessage

msg = EmailMessage(
subject, message_body, sender, recipient_list,
attachments=attachments)
msg.send()

SignedEmailMessage usage

from SEM import SEMail

msg = SEMail.SignedEmailMessage(
subject, message_body, sender, recipient_list,
attachments=attachments,
from_key=from_key, from_cert=from_cert)
msg.send()

Similar to Django SEM

Dirty Little Secrets They Didn't Teach You In Pentest Class v2

Rob Fuller

Dirty Little Secrets They Didn't Teach You In Pentest Class v2

Chris Gates

Best Practices of IoT in the Cloud

Amazon Web Services

hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2

Chris Gates

Steam Learn: HTTPS and certificates explained

inovia

Best Practices for IoT Security in the Cloud

Amazon Web Services

Introduction to Cryptography

Bharat Kumar Katur

Cisco Connect Ottawa 2018 secure on prem

Cisco Canada

Encryption is a favorite of security and compliance professionals everywhere. Many compliance frameworks actually mandate encryption. Though encryption is important, it is also treacherous. Cryptographic protocols are subtle, and researchers are constantly finding new and creative flaws in them. Using encryption correctly, especially over time, also is expensive because you have to stay up to date. AWS wants to encrypt data. And our customers, including Amazon, want to encrypt data. In this talk, we look at some of the challenges with using encryption, how AWS thinks internally about encryption, and how that thinking has informed the services we have built, the features we have vended, and our own usage of AWS.

AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...

Amazon Web Services

AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. This webinar will introduce the best practices for IoT Security in the cloud and the access control mechanisms used by AWS IoT. These mechanisms can be used to not only securely build and provision devices, as well as integrate devices with other AWS services to create secure solutions. Learning Objectives: • Common IoT Thing Management Issues • Learn about AWS IoT Security and Access Control Mechanisms • Build Secure interactions with the AWS Cloud Who Should Attend: • Technical Decision Makers, Developers, Makers

Best Practices for IoT Security in the Cloud

Amazon Web Services

A pragmatic approach to using public / private certificates in keystores in Java. Presentation starts with a technical, but simplified explanation of security, certificates and keystores. Then it introduces best practices regarding use and maintainance of these resources. Afterwards practical howtos (eg. making certificates, keystores, ..) and a demo-application, using 2-way SSL are shown. The presentation ends with some tips and tricks regarding troubleshooting.

Java security

Bart Blommaerts

What is SSL/TLS, 1-way and 2-way SSL?

pqrs1234

There is a big bunch of tools offering HTTP/SSL traffic interception. However, when it comes to penetration tests of specialized embedded software or thick clients, we often encounter proprietary protocols with no documentation at all. Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. Though, based on our experience, it very often hides a shameful secret - completely unsecured mechanisms breaking all secure coding practices. To demonstrate, we will show a few case-studies - most interesting examples from real-life industry software, which in our opinion are a quintessence of "security by obscurity". We will challenge the security of proprietary protocols in pull printing solutions, FOREX trading software, remote desktops and home automation technologies.

Shameful secrets of proprietary network protocols

Slawomir Jasek

Secure socket layer

CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols

PROIDEA

Secrity project keyvan

itrraincity

[Wroclaw #8] TLS all the things!

OWASP

[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜

Seungmin Shin

Slides from talks at DunDDD and NDCLondon. News stories of security vulnerabilities in mobile apps are becoming more common and their impact risks affecting more and more business and consumers. It doesn't have to be this way. There are solutions to all the common security issues in mobile but sometimes we need to be made aware of what the issues are and how they can be prevented. That's what I'll show in this talk. I'll draw on more than twelve years personal experience building apps for a wide variety of industries and the accumulated knowledge of the OWASP Mobile Security. We'll look at some examples of the common security mistakes apps on iOS, Android and Windows have made and then show practical examples of how to address the issues. You'll leave this session wanting to review the security of your mobile apps but armed with the knowledge to make improvements and fix some security holes.

Is your mobile app as secure as you think?

Matt Lacey

Hardening cassandra for compliance or paranoia

zznate

Similar to Django SEM (20)

Dirty Little Secrets They Didn't Teach You In Pentest Class v2

Best Practices of IoT in the Cloud

hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2

Steam Learn: HTTPS and certificates explained

Best Practices for IoT Security in the Cloud

Introduction to Cryptography

Cisco Connect Ottawa 2018 secure on prem

AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst...

Best Practices for IoT Security in the Cloud

Java security

What is SSL/TLS, 1-way and 2-way SSL?

Shameful secrets of proprietary network protocols

Secure socket layer

CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols

Secrity project keyvan

[Wroclaw #8] TLS all the things!

[KGC 2010] 게임과 보안, 암호 알고리즘과 프로토콜

Is your mobile app as secure as you think?

Hardening cassandra for compliance or paranoia

Recently uploaded

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

Exploring Multimodal Embeddings with Milvus

Zilliz

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

ICT role in 21st century education and its challenges

rafiqahmad00786416

Understanding the FAA Part 107 License ..

Christopher Logan Kennedy

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Recently uploaded (20)

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Artificial Intelligence Chap.5 : Uncertainty

WSO2's API Vision: Unifying Control, Empowering Developers

Exploring Multimodal Embeddings with Milvus

presentation ICT roal in 21st century education

ICT role in 21st century education and its challenges

Understanding the FAA Part 107 License ..

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Vector Search -An Introduction in Oracle Database 23ai.pptx

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

How to Troubleshoot Apps for the Modern Connected Worker

CNIC Information System with Pakdata Cf In Pakistan

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

FWD Group - Insurer Innovation Award 2024

Corporate and higher education May webinar.pptx

Elevate Developer Efficiency & build GenAI Application with Amazon Q

AWS Community Day CPH - Three problems of Terraform

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Django SEM

1. Django-sem, how to make SignedEmailMessage out of EmailMessage in few simple steps. Jakub Wasielak, 2012

2. Identity verification Why? ● Easier bureaucracy ● Fraud prevention ● Enabling law ● Interpersonal communication

3. Identity verification How? ● Ancient times Mostly verbal verification

4. Identity verification How? ● Ancient times Mostly verbal verification ● Middle Ages Sealing wax

5. Identity verification How? ● Ancient times Mostly verbal verification ● Middle Ages Sealing wax ● Before internet Stamps

6. Identity verification How? ● Ancient times Mostly verbal verification ● Middle Ages Sealing wax ● Before internet Stamps ● Now S/MIME

7. Public-key infrastructure Creating, managing, using, storing, and revoking Digital Certificates.

8. Public-key infrastructure All the stuff connected with Digital Certificates.

9. Public-key infrastructure All the stuff connected with Digital Certificates. CA – Certificate Authority – the unit capable of issuing and verifying the digital certificates.

10. Digital Certificate X.509 (PKI) ● Signature Algorithm – selected by CA ● Issuer – CA itself ● Subject – your data ● Subject Public Key – your public key ● Certificate signature – the actual signature ● Version, Serial Number, Validity

11. Digital Certificate Certificate: Data: Version: 1 (0x0) Serial Number: 7829 (0x1e95) Signature Algorithm: md5WithRSAEncryption Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/emailAddress=server-certs@thawte.com Validity Not Before: Jul 9 16:04:02 1998 GMT Not After : Jul 9 16:04:02 1999 GMT Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=baccala@freesoft.org Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb: ... e8:35:1c:9e:27:52:7e:41:8f Exponent: 65537 (0x10001) Signature Algorithm: md5WithRSAEncryption 93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d: ... 8f:0e:fc:ba:1f:34:e9:96:6e:6c:cf:f2:ef:9b:bf:de:b5:22

12. Signed mail in Thunderbird

13. Signed mail in Outlook

14. Signed mail in some apple client

15. Signed mail in Gmail ?

16. Signing – first steps MeTooCrypto: M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers, SSL functionality, HTTPS, urllib, xmlrpclib, HMAC'ing AuthCookies, FTP/TLS, S/MIME, ZserverSSL and ZSmime.

17. Signing – first steps MeTooCrypto: M2Crypto is not well documented.

18. SignedEmailMessage – a week later 1. Add 'SEM' into INSTALLED_APPS. 2. Add DEFAULT_CHARSET and AUTH_CERT into setting. 3. Use it.

19. 1. Add 'SEM' into INSTALLED_APPS. pip install django-sem INSTALLED_APPS = ( ... 'SEM', ... )

20. 2. Add DEFAULT_CHARSET and AUTH_CERT into setting. DEFAULT_CHARSET = 'utf-8' AUTH_CERT = "resources/cert.pem" /resources/cert.pem -----BEGIN CERTIFICATE----- AGSJGAS34BDS4htg0234gADSG923ng92G3h2tgjs9afgf ... ... j892th39gSAHGy329hggeZHDg89hegZGDSHY0== -----END CERTIFICATE----- The CA certificate. Available at CA site.

21. 3. Use it. Normal EmailMessage usage from django.core.mail import EmailMessage msg = EmailMessage( subject, message_body, sender, recipient_list, attachments=attachments) msg.send() SignedEmailMessage usage from SEM import SEMail msg = SEMail.SignedEmailMessage( subject, message_body, sender, recipient_list, attachments=attachments, from_key=from_key, from_cert=from_cert) msg.send()

Django SEM

Recommended

Recommended

More Related Content

Similar to Django SEM

Similar to Django SEM (20)

Recently uploaded

Recently uploaded (20)

Django SEM