jsrsasign is a opensource free pure JavaScript cryptographic library. This slide shows its features such like RSA/ECDSA signing, PKCS#1/8 private/public key, ASN.1, certificate, JWT/JWS/JWK for introduction.
Scala 3 Is Coming: Martin Odersky Shares What To KnowLightbend
Scala 3 is coming and will introduce many new features and changes while maintaining compatibility with Scala 2 code. The roadmap outlines stabilizing Scala 3.0 in fall 2019 and 2020, with Scala 2.x continuing in parallel. Key changes include replacing implicits with "givens", introducing enums, union types, and other features to improve the language for beginners, everyday usage, and experts. While significant, the changes are aimed at regularizing Scala and addressing longstanding issues like implicits in a way that eases migration from Scala 2 to 3 through common intermediate representations like Tasty.
This document discusses arrays in Java. It begins with an introduction to arrays as fixed-length data structures that hold multiple elements of the same type. The document then covers declaring and creating arrays, initializing arrays, and examples of using arrays, including summing array elements, displaying arrays in histograms, and analyzing survey results by storing responses in an array. The document also discusses passing arrays to methods by reference, meaning any changes made to the array in the method also change the original array. It provides an example program that passes an array to a method that directly modifies the array elements, as well as passing an array element by value so the method only modifies a copy of the primitive value.
WebDav implementations are complex and have many vulnerabilities. Hackers should test for XXE issues by sending XML payloads to methods like PROPPATCH and PROPFIND. XXE can be used to read files on the system or perform SSRF. Other issues include CSRF, authentication bypass by overwriting configuration files, and DoS attacks using large payloads. Developers should carefully follow security best practices for XML parsing and input validation when building WebDav services.
This document discusses test automation using Selenium. It provides an overview of Selenium, its components like Selenium IDE and Selenium Remote Control. It describes limitations of Selenium IDE. It then introduces Selenium WebDriver, highlighting its support for cross-browser testing on multiple platforms. It discusses how to set up Selenium and locate elements, providing examples of finding elements by ID, name, and XPath. Finally, it demonstrates verifying a page title using Selenium WebDriver in Java.
Locators are used in Selenium to identify specific elements on a webpage. The common locator types are id, name, class, tag name, link text, XPath, and CSS. Id is the preferred locator since each element should have a unique id. Code examples are provided to find elements by id and name by passing the locator value to the findElement method. Additional XPath locator techniques include using direct paths, attribute values, contains and other string matching functions to locate elements.
The document discusses recursion through the example of a recursive factorial function. It explains that a recursive function calls itself, resulting in the creation of identical nested functions. The recursive process is illustrated step-by-step using the factorial function, showing how each function call passes arguments and returns values until the base case is reached.
(** Selenium Training:
https://www.edureka.co/testing-with-selenium-webdriver **)
This Edureka PPT on Xpath Tutorial talks about Xpath fundamentals and steps involved in writing a Xpath Script. It also gives a brief idea on types of Xpath, Xpath Functions along with an example.
Following topics are covered in this tutorial:
Introduction to Xpath
XML DocumentX
Xpath Syntax
Types of Xpath
Xpath Functions
Selenium playlist: https://goo.gl/NmuzXE
Scala 3 Is Coming: Martin Odersky Shares What To KnowLightbend
Scala 3 is coming and will introduce many new features and changes while maintaining compatibility with Scala 2 code. The roadmap outlines stabilizing Scala 3.0 in fall 2019 and 2020, with Scala 2.x continuing in parallel. Key changes include replacing implicits with "givens", introducing enums, union types, and other features to improve the language for beginners, everyday usage, and experts. While significant, the changes are aimed at regularizing Scala and addressing longstanding issues like implicits in a way that eases migration from Scala 2 to 3 through common intermediate representations like Tasty.
This document discusses arrays in Java. It begins with an introduction to arrays as fixed-length data structures that hold multiple elements of the same type. The document then covers declaring and creating arrays, initializing arrays, and examples of using arrays, including summing array elements, displaying arrays in histograms, and analyzing survey results by storing responses in an array. The document also discusses passing arrays to methods by reference, meaning any changes made to the array in the method also change the original array. It provides an example program that passes an array to a method that directly modifies the array elements, as well as passing an array element by value so the method only modifies a copy of the primitive value.
WebDav implementations are complex and have many vulnerabilities. Hackers should test for XXE issues by sending XML payloads to methods like PROPPATCH and PROPFIND. XXE can be used to read files on the system or perform SSRF. Other issues include CSRF, authentication bypass by overwriting configuration files, and DoS attacks using large payloads. Developers should carefully follow security best practices for XML parsing and input validation when building WebDav services.
This document discusses test automation using Selenium. It provides an overview of Selenium, its components like Selenium IDE and Selenium Remote Control. It describes limitations of Selenium IDE. It then introduces Selenium WebDriver, highlighting its support for cross-browser testing on multiple platforms. It discusses how to set up Selenium and locate elements, providing examples of finding elements by ID, name, and XPath. Finally, it demonstrates verifying a page title using Selenium WebDriver in Java.
Locators are used in Selenium to identify specific elements on a webpage. The common locator types are id, name, class, tag name, link text, XPath, and CSS. Id is the preferred locator since each element should have a unique id. Code examples are provided to find elements by id and name by passing the locator value to the findElement method. Additional XPath locator techniques include using direct paths, attribute values, contains and other string matching functions to locate elements.
The document discusses recursion through the example of a recursive factorial function. It explains that a recursive function calls itself, resulting in the creation of identical nested functions. The recursive process is illustrated step-by-step using the factorial function, showing how each function call passes arguments and returns values until the base case is reached.
(** Selenium Training:
https://www.edureka.co/testing-with-selenium-webdriver **)
This Edureka PPT on Xpath Tutorial talks about Xpath fundamentals and steps involved in writing a Xpath Script. It also gives a brief idea on types of Xpath, Xpath Functions along with an example.
Following topics are covered in this tutorial:
Introduction to Xpath
XML DocumentX
Xpath Syntax
Types of Xpath
Xpath Functions
Selenium playlist: https://goo.gl/NmuzXE
Property Based Testing is an process to build robust systems.
It facilitates a deeper understanding of the system under test. It can be used on any testing level: unit, integration or functional.
The presentation introduces how Property Based Testing works, how to use it with PHPUnit, and in what way it differentiates from example based tests.
It talks about strategies to find good properties to check for.
This presentation was built for the Meet-Magento conference 2020 in Mumbai.
Ansible is an automation platform that allows users to configure, deploy, and manage applications on servers. It combines multi-node software deployment, configuration management, and task execution. Ansible works by provisioning machines using SSH and executing commands via modules. Playbooks allow users to automate complex deployment workflows through YAML scripts. Roles in Ansible allow for reusable and modular components.
Rust provides both control and safety through its ownership and borrowing model. It enforces safe patterns using the type system to prevent issues like data races, use-after-free errors, and iterator invalidation. This is achieved with no runtime overhead. Rust also supports building efficient abstractions through features like zero-cost abstractions and its approach to concurrency that guarantees freedom from data races. While Rust borrows ideas from other languages, its type system and ownership rules allow building applications that have control without compromising on safety.
XPath is a language for selecting nodes in an XML document. It uses path expressions to navigate within elements, attributes, and nodes. XPath syntax includes nodename, /, //, ., .., @, and axes like ancestor, child, and descendant to locate nodes. XPath expressions can be absolute, starting from the root, or relative from the current location. It also contains functions to select unknown nodes, test strings, and check if a node contains, starts with, or ends with a value.
Memulai Data Processing dengan Spark dan PythonRidwan Fadjar
The document discusses Spark and Python for data processing. It describes Spark's features like processing large datasets, SQL-like data processing, machine learning, and supporting various file formats. It provides examples of RDD, DataFrame, and SQL in Spark. It also demonstrates local development of Spark applications with Docker and deployment to AWS EMR. Code examples show reading, writing, and analyzing data with PySpark.
Amazon EC2 provides a broad selection of instance types to accommodate a diverse mix of workloads. In this session, we provide an overview of the Amazon EC2 instance platform, key platform features, and the concept of instance generations. We dive into the current generation design choices of the different instance families, including the General Purpose, Compute Optimized, Storage Optimized, Memory Optimized, and GPU instance families. We also detail best practices and share performance tips for getting the most out of your Amazon EC2 instances.
When performing security assessments or participating in bug bounties, there is generally a methodology you follow when assessing source-code or performing dynamic analysis. This involves using tools, reviewing results and understanding what you should be testing for. Reviewing modern web applications can be quite challenging, and this talk will go into details on how we can automate the boring (but necessary parts) and how to set a roadmap of what should be focused on when dealing with modern JavaScript applications.
Nginx is an open-source, lightweight web server that can serve static files, act as a reverse proxy, load balancer, and HTTP cache. It is fast, scalable, and improves performance and security for large websites. Some key companies that use Nginx include Google, IBM, LinkedIn, and Facebook. Nginx follows a master-slave architecture with an event-driven, asynchronous, and non-blocking model. The master process manages worker processes that handle requests in a single-threaded manner, improving concurrency.
High Availability Content Caching with NGINXNGINX, Inc.
On-Demand Recording:
https://www.nginx.com/resources/webinars/high-availability-content-caching-nginx/
You trust NGINX to be your web server, but did you know it’s also a high-performance content cache? In fact, the world’s most popular CDNs – CloudFlare, MaxCDN, and Level 3 among them – are built on top of the open source NGINX software.
NGINX content caching can drastically improve the performance of your applications. We’ll start with basic configuration, then move on to advanced concepts and best practices for architecting high availability and capacity in your application infrastructure.
Join this webinar to:
* Enable content caching with the key configuration directives
* Use micro caching with NGINX Plus to cache dynamic content while maintaining low CPU utilization
* Partition your cache across multiple servers for high availability and increased capacity
* Log transactions and troubleshoot your NGINX content cache
Analytical Queries with Hive: SQL Windowing and Table FunctionsDataWorks Summit
Hive Query Language (HQL) is excellent for productivity and enables reuse of SQL skills, but falls short in advanced analytic queries. Hive`s Map & Reduce scripts mechanism lacks the simplicity of SQL and specifying new analysis is cumbersome. We developed SQLWindowing for Hive(SQW) to overcome these issues. SQW introduces both Windowing and Table Functions to the Hive user. SQW appears as a HQL extension with table functions and windowing clauses interspersed with HQL. This means the user stays within a SQL-like interface, while simultaneously having these capabilities available. SQW has been published as an open source project. It is available as both a CLI and an embeddable jar with a simple query API. There are pre-built functions for windowing to do Ranking, Aggregation, Navigation and Linear Regression. There are Table functions to do Time Series Analysis, Allocations, and Data Densification. Functions can be chained for more complex analysis. Under the covers MR mechanics are used to partition and order data. The fundamental interface is the tableFunction, whose core job is to operate on data partitions. Function implemenations are isolated from MR mechanics, focus purely on computation logic. Groovy scripting can be used for core implementation and parameterizing behavior. Writing functions typically involves extending one of the existing Abstract functions.
The document discusses channels in Go. It defines a channel as a mechanism for concurrently executing functions to communicate by sending and receiving values. It then discusses what happens when reading from or writing to a closed channel, how channels are implemented internally using a circular buffer and lock, and provides code examples demonstrating channel usage and closing. It also includes quotes about communicating between goroutines via channels instead of sharing memory.
The document is a guide to Selenium that discusses:
1. The history and types of Selenium including Selenium IDE, Remote Control, Core, and Grid.
2. How to install and use Selenium IDE with features like recording, commands, locators, and test suites.
3. An overview of Selenium commands and how to perform actions like clicking, typing, and selecting.
OpenStack Glance provides image discovery, registration, and retrieval services. It has a RESTful API and supports storing images on various backends like filesystems and OpenStack Swift. Glance components include the Glance API, registry, and database. It supports many disk and container formats and has a caching mechanism. Images can be managed through the Glance API and used to launch instances.
This document discusses XML and XPath injection vulnerabilities. It begins with an overview of XML basics like structure and components. It then covers different types of XML injections like in node attributes, node values, and CDATA sections. Next, it discusses XPath basics like syntax and functions. The document outlines techniques for XPath injection vulnerabilities, including blind XPath injection to extract XML file structure. It concludes with recommendations for XPath injection tools and references.
This ppt is an quick introduction to sqlmap which is a tool used in ethical hacking for detecting and exploiting sql injection flaws and taking over of database servers. This slide covers the history of sqlmap, how it works and important sqlmap queries.
Building IAM for OpenStack, presented at CIS (Cloud Identity Summit) 2015.
Discuss Identity Sources, Authentication, Managing Access and Federating Identities
The document discusses various locators that can be used to locate elements in a web page using Selenium with Java, including ID, name, link text, CSS selector, DOM, and XPath. It provides examples and descriptions of how to use each locator type, such as using driver.findElement(By.id("username")) to locate an element by ID.
Suricata: A Decade Under the Influence (of packet sniffing)Jason Williams
Having just celebrated it's 10th birthday, Suricata has learned a lot about monitoring network traffic during the past decade. Suricata today is more than IDS/IPS— it is also a metadata creating, lua scripting, multi threaded, json logging, rule alerting, network security monitoring beast. Development for Suricata is funded by the non-profit Open Information Security Foundation which, along with feedback and support from the community, has made Suricata what it is today. In this talk we will discuss various aspects of modern Suricata, such as deployment, alerting, rule writing, compilation, protocols, lua, and more. Join us for a look into where Suricata has been, what it does today, and where it's going to go in the future.
Top 10 Mistakes When Migrating From Oracle to PostgreSQLJim Mlodgenski
As more and more people are moving to PostgreSQL from Oracle, a pattern of mistakes is emerging. They can be caused by the tools being used or just not understanding how PostgreSQL is different than Oracle. In this talk we will discuss the top mistakes people generally make when moving to PostgreSQL from Oracle and what the correct course of action.
Property Based Testing is an process to build robust systems.
It facilitates a deeper understanding of the system under test. It can be used on any testing level: unit, integration or functional.
The presentation introduces how Property Based Testing works, how to use it with PHPUnit, and in what way it differentiates from example based tests.
It talks about strategies to find good properties to check for.
This presentation was built for the Meet-Magento conference 2020 in Mumbai.
Ansible is an automation platform that allows users to configure, deploy, and manage applications on servers. It combines multi-node software deployment, configuration management, and task execution. Ansible works by provisioning machines using SSH and executing commands via modules. Playbooks allow users to automate complex deployment workflows through YAML scripts. Roles in Ansible allow for reusable and modular components.
Rust provides both control and safety through its ownership and borrowing model. It enforces safe patterns using the type system to prevent issues like data races, use-after-free errors, and iterator invalidation. This is achieved with no runtime overhead. Rust also supports building efficient abstractions through features like zero-cost abstractions and its approach to concurrency that guarantees freedom from data races. While Rust borrows ideas from other languages, its type system and ownership rules allow building applications that have control without compromising on safety.
XPath is a language for selecting nodes in an XML document. It uses path expressions to navigate within elements, attributes, and nodes. XPath syntax includes nodename, /, //, ., .., @, and axes like ancestor, child, and descendant to locate nodes. XPath expressions can be absolute, starting from the root, or relative from the current location. It also contains functions to select unknown nodes, test strings, and check if a node contains, starts with, or ends with a value.
Memulai Data Processing dengan Spark dan PythonRidwan Fadjar
The document discusses Spark and Python for data processing. It describes Spark's features like processing large datasets, SQL-like data processing, machine learning, and supporting various file formats. It provides examples of RDD, DataFrame, and SQL in Spark. It also demonstrates local development of Spark applications with Docker and deployment to AWS EMR. Code examples show reading, writing, and analyzing data with PySpark.
Amazon EC2 provides a broad selection of instance types to accommodate a diverse mix of workloads. In this session, we provide an overview of the Amazon EC2 instance platform, key platform features, and the concept of instance generations. We dive into the current generation design choices of the different instance families, including the General Purpose, Compute Optimized, Storage Optimized, Memory Optimized, and GPU instance families. We also detail best practices and share performance tips for getting the most out of your Amazon EC2 instances.
When performing security assessments or participating in bug bounties, there is generally a methodology you follow when assessing source-code or performing dynamic analysis. This involves using tools, reviewing results and understanding what you should be testing for. Reviewing modern web applications can be quite challenging, and this talk will go into details on how we can automate the boring (but necessary parts) and how to set a roadmap of what should be focused on when dealing with modern JavaScript applications.
Nginx is an open-source, lightweight web server that can serve static files, act as a reverse proxy, load balancer, and HTTP cache. It is fast, scalable, and improves performance and security for large websites. Some key companies that use Nginx include Google, IBM, LinkedIn, and Facebook. Nginx follows a master-slave architecture with an event-driven, asynchronous, and non-blocking model. The master process manages worker processes that handle requests in a single-threaded manner, improving concurrency.
High Availability Content Caching with NGINXNGINX, Inc.
On-Demand Recording:
https://www.nginx.com/resources/webinars/high-availability-content-caching-nginx/
You trust NGINX to be your web server, but did you know it’s also a high-performance content cache? In fact, the world’s most popular CDNs – CloudFlare, MaxCDN, and Level 3 among them – are built on top of the open source NGINX software.
NGINX content caching can drastically improve the performance of your applications. We’ll start with basic configuration, then move on to advanced concepts and best practices for architecting high availability and capacity in your application infrastructure.
Join this webinar to:
* Enable content caching with the key configuration directives
* Use micro caching with NGINX Plus to cache dynamic content while maintaining low CPU utilization
* Partition your cache across multiple servers for high availability and increased capacity
* Log transactions and troubleshoot your NGINX content cache
Analytical Queries with Hive: SQL Windowing and Table FunctionsDataWorks Summit
Hive Query Language (HQL) is excellent for productivity and enables reuse of SQL skills, but falls short in advanced analytic queries. Hive`s Map & Reduce scripts mechanism lacks the simplicity of SQL and specifying new analysis is cumbersome. We developed SQLWindowing for Hive(SQW) to overcome these issues. SQW introduces both Windowing and Table Functions to the Hive user. SQW appears as a HQL extension with table functions and windowing clauses interspersed with HQL. This means the user stays within a SQL-like interface, while simultaneously having these capabilities available. SQW has been published as an open source project. It is available as both a CLI and an embeddable jar with a simple query API. There are pre-built functions for windowing to do Ranking, Aggregation, Navigation and Linear Regression. There are Table functions to do Time Series Analysis, Allocations, and Data Densification. Functions can be chained for more complex analysis. Under the covers MR mechanics are used to partition and order data. The fundamental interface is the tableFunction, whose core job is to operate on data partitions. Function implemenations are isolated from MR mechanics, focus purely on computation logic. Groovy scripting can be used for core implementation and parameterizing behavior. Writing functions typically involves extending one of the existing Abstract functions.
The document discusses channels in Go. It defines a channel as a mechanism for concurrently executing functions to communicate by sending and receiving values. It then discusses what happens when reading from or writing to a closed channel, how channels are implemented internally using a circular buffer and lock, and provides code examples demonstrating channel usage and closing. It also includes quotes about communicating between goroutines via channels instead of sharing memory.
The document is a guide to Selenium that discusses:
1. The history and types of Selenium including Selenium IDE, Remote Control, Core, and Grid.
2. How to install and use Selenium IDE with features like recording, commands, locators, and test suites.
3. An overview of Selenium commands and how to perform actions like clicking, typing, and selecting.
OpenStack Glance provides image discovery, registration, and retrieval services. It has a RESTful API and supports storing images on various backends like filesystems and OpenStack Swift. Glance components include the Glance API, registry, and database. It supports many disk and container formats and has a caching mechanism. Images can be managed through the Glance API and used to launch instances.
This document discusses XML and XPath injection vulnerabilities. It begins with an overview of XML basics like structure and components. It then covers different types of XML injections like in node attributes, node values, and CDATA sections. Next, it discusses XPath basics like syntax and functions. The document outlines techniques for XPath injection vulnerabilities, including blind XPath injection to extract XML file structure. It concludes with recommendations for XPath injection tools and references.
This ppt is an quick introduction to sqlmap which is a tool used in ethical hacking for detecting and exploiting sql injection flaws and taking over of database servers. This slide covers the history of sqlmap, how it works and important sqlmap queries.
Building IAM for OpenStack, presented at CIS (Cloud Identity Summit) 2015.
Discuss Identity Sources, Authentication, Managing Access and Federating Identities
The document discusses various locators that can be used to locate elements in a web page using Selenium with Java, including ID, name, link text, CSS selector, DOM, and XPath. It provides examples and descriptions of how to use each locator type, such as using driver.findElement(By.id("username")) to locate an element by ID.
Suricata: A Decade Under the Influence (of packet sniffing)Jason Williams
Having just celebrated it's 10th birthday, Suricata has learned a lot about monitoring network traffic during the past decade. Suricata today is more than IDS/IPS— it is also a metadata creating, lua scripting, multi threaded, json logging, rule alerting, network security monitoring beast. Development for Suricata is funded by the non-profit Open Information Security Foundation which, along with feedback and support from the community, has made Suricata what it is today. In this talk we will discuss various aspects of modern Suricata, such as deployment, alerting, rule writing, compilation, protocols, lua, and more. Join us for a look into where Suricata has been, what it does today, and where it's going to go in the future.
Top 10 Mistakes When Migrating From Oracle to PostgreSQLJim Mlodgenski
As more and more people are moving to PostgreSQL from Oracle, a pattern of mistakes is emerging. They can be caused by the tools being used or just not understanding how PostgreSQL is different than Oracle. In this talk we will discuss the top mistakes people generally make when moving to PostgreSQL from Oracle and what the correct course of action.
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
Cryptography for Java Developers
Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA
About the Speaker
What is Cryptography?
Cryptography in Java – APIs and Libraries
Hashes, MAC Codes and Key Derivation (KDF)
Encrypting Passwords: from Plaintext to Argon2
Symmetric Encryption: AES (KDF + Block Modes + IV + MAC)
Digital Signatures, Elliptic Curves, ECDSA, EdDSA
Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples
Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM
Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/
This document provides an overview of the basic function call flow for OpenSSL to establish a secure TCP connection. It discusses initializing the OpenSSL library, creating an SSL_CTX object, generating randomness, creating an SSL object for a connection, performing the TLS/SSL handshake, and reading and writing data over the encrypted connection. It also provides examples of OpenSSL code for a client application.
Elasticsearch And Apache Lucene For Apache Spark And MLlibJen Aman
This document summarizes a presentation about using Elasticsearch and Lucene for text processing and machine learning pipelines in Apache Spark. Some key points:
- Elasticsearch provides text analysis capabilities through Lucene and can be used to clean, tokenize, and vectorize text for machine learning tasks.
- Elasticsearch integrates natively with Spark through Java/Scala APIs and allows indexing and querying data from Spark.
- A typical machine learning pipeline for text classification in Spark involves tokenization, feature extraction (e.g. hashing), and a classifier like logistic regression.
- The presentation proposes preparing text analysis specifications in Elasticsearch once and reusing them across multiple Spark pipelines to simplify the workflows and avoid data movement between systems
This document provides an overview of the Elastic Stack including Elasticsearch, Logstash, Kibana, and Beats. It describes how each component works, key terminology, installation and configuration steps. It also demonstrates how to integrate the Elastic Stack for log analytics and security information and event management (SIEM) use cases including sending logs from Auditbeat, configuring file integrity monitoring, and alerting on log events using Elastalert.
A discussion on the upcoming new features in ES6 and how they change the way we build applications with JavaScript.
Most Notable Upcoming Changes in EcmaScript 6
Classes: Classes are now first-class citizens in ES6. The language offers support for classes ("class" keyword), constructors ("constructor" keyword) and the "extend" keyword for inheritance.
Modules: Modules provide a much needed way to segment and organize JavaScript applications in logical chunks of code. Many frameworks already provide ways to modularize large apps, but standardizing a common module structure will bring a level of interoperability between various JavaScript libraries.
Block Scoping: Scoping in JavaScript can be a confusing topic for programmers coming from more traditional Object-Oriented languages such as Java or C#. There are basically two scopes in JavaScript: global and function. Until now. With the help of the "let" keyword, ES6 enables the definition of block scopes for variables and functions.
Default Parameters: A liked feature of many other languages such as Ruby, the default parameters save endless checking of they've been passed and if they are "undefined".
Enhanced Object Literals: There is now a handy expression for property: property assignments and methods can be defined without the "function" keyword.
The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers.
Most certificates in common use are based on the X.509 v3 certificate standard. First I open the shell with the openssl.exe and MS SDK tools.
Software is changing the world. CGC is a Common Gateway Coding as the name says, it is a "common" language approach for almost everything. I want to show how a multi-language approach to infrastructure as code using general purpose programming languages lets cloud engineers and code producers unlocking the same software engineering techniques commonly used for applications.
DEF CON 23: Stick That In Your (root)Pipe & Smoke ItSynack
DEF CON 23
You may ask; "why would Apple add an XPC service that can create setuid files anywhere on the system - and then blindly allow any local user to leverage this service?" Honestly, I have no idea!
The undocumented 'writeconfig' XPC service was recently uncovered by Emil Kvarnhammar, who determined its lax controls could be abused to escalate one's privileges to root. Dubbed ‘rootpipe,' this bug was patched in OS X 10.10.3. End of story, right? Nope, instead things then got quite interesting. First, Apple decided to leave older versions of OS X un-patched. Then, an astute researcher discovered that the OSX/XSLCmd malware which pre-dated the disclosure, exploited this same vulnerability as a 0day! Finally, yours truly, found a simple way to side-step Apple's patch to re-exploit the core vulnerability on a fully-patched system. So come attend (but maybe leave your MacBooks at home), as we dive into the technical details XPC and the rootpipe vulnerability, explore how malware exploited this flaw, and then fully detail the process of completely bypassing Apple's patch. The talk will conclude by examining Apple’s response, a second patch, that appears to squash ‘rootpipe’…for now.
The Security library in VisualWorks went through sweeping changes recently. Main change is replacing native smalltalk implementations of various cryptographic algorithms with pluggable interfaces to external libraries, but also a complete rewrite of the SSL implementation to support all current versions of the protocol (SSL3.0 & TLS 1.0, 1.1 and 1.2). Introducing dependencies on external libraries can complicate deployment, however the resulting pluggability of implementation and perfomance boost we're getting in exchange should more then pay off in terms of widening the scope of potential applications, where the purely native implementation was simply not acceptable. In this talk we will survey these changes and discuss their impact and backward compatibility implications.
The document discusses SSL/TLS (Secure Sockets Layer/Transport Layer Security), which are cryptographic protocols that provide secure communication over the internet. It covers SSL/TLS concepts like handshaking, encryption, authentication. It also describes JSSE (Java Secure Socket Extension), the Java implementation of SSL/TLS, including its architecture, classes and configuration. The document provides references for further reading on SSL/TLS and JSSE.
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Paula Januszkiewicz
Encryption is based on three principals: algorithm, key length, and storage. It has also become more popular and it is more often built into databases, networks, config files, OS, and users’ secrets. Is DPAPI and DPAPI-NG enough for us? Unfortunately there are many slip-ups that can be made. Come and learn if ‘encrypted’ = or != ‘safe’ and when! Tools included.
The document discusses Javascript Object Signing and Encryption (JOSE) standards being developed by the IETF to provide a framework for signing and encrypting JSON data in a secure manner. These include the JSON Web Key (JWK) format for representing cryptographic keys, the JSON Web Signature (JWS) format for signing payload data, and the JSON Web Encryption (JWE) format for encrypting payload data. The standards provide mechanisms for integrity protection and encryption of JSON content in a way that ensures interoperability.
Spark with Elasticsearch - umd version 2014Holden Karau
Holden Karau gave a talk on using Apache Spark and Elasticsearch. The talk covered indexing data from Spark to Elasticsearch both online using Spark Streaming and offline. It showed how to customize the Elasticsearch connector to write indexed data directly to shards based on partitions to reduce network overhead. It also demonstrated querying Elasticsearch from Spark, extracting top tags from tweets, and reindexing data from Twitter to Elasticsearch.
Node.js is an environment for developing high-performance web services using JavaScript on the server-side. It uses Google's V8 JavaScript engine and an event-driven, non-blocking I/O model that makes it lightweight and efficient, especially for real-time web applications with many concurrent connections. Common programming techniques in Node.js include asynchronous I/O with callbacks, event-driven programming, and a common module system for building reusable components.
The document summarizes key features of ECMAScript 2015 (ES6). It discusses classes, modules, arrow functions, default parameters, template literals, and block scoping with let and const. Classes provide clearer syntax for object creation and inheritance compared to ES5. Modules allow importing and exporting bindings. Arrow functions provide a concise syntax, preserve this binding, and cannot be called with new. Default parameters and template literals also introduce new functionality.
This document provides instructions on how to use SQL injection to execute operating system commands on a Microsoft SQL Server and retrieve a reverse shell within 30 minutes of a penetration test. It demonstrates exploiting SQL injection to execute a VBScript that downloads and executes a binary, providing remote code execution on the system through a reverse shell. Tricks are discussed like using VBPacker to obfuscate the payload and bypass outbound filtering. The ability to leverage this technique through other vulnerabilities like CSRF is also mentioned.
This API recognizes and reads a text embedded in pictures or photos.
Image to Text API uses a neural net (LSTM) based OCR engine which is focused on line
recognition, but also supports recognizing the character patterns.
It supports both handwriting and printed materials as well as street maps.
APILayer is an API marketplace where also your API can reach a broader audiences.
The document discusses symmetric key cryptography. It begins with an introduction to cryptography and encryption techniques like substitution ciphers. It then covers symmetric encryption in more detail, explaining block ciphers like DES and AES, as well as modes of operation like ECB, CBC, and OFB. It provides an example Java implementation of AES encryption and decryption. It also briefly covers stream ciphers like RC4 and the concept of steganography.
This document discusses creating REST APIs with Express, Node.js, and MySQL. It provides an overview of Express and its advantages. It then demonstrates how to set up a Node.js and MySQL environment, create an Express server, and implement API routes to GET, POST, DELETE, and PUT data from a MySQL database table. Code examples are provided to retrieve all todos, a single todo by ID, search todos by keyword, add a new todo, delete a todo, and update an existing todo.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
2. Table of Contents
Overview
How to use or install
RSA/DSA/ECDSA public key cryptography
Cryptographic Hash (SHA1/SHA2/MD5/RIPEMD160)
Message Authentication Code (HmacSHA1/SHA2/MD5)
short ASN.1 introduction
ASN1HEX: simple ASN.1 parser
X509: simple X.509 certi cate parser
generate and encode ASN.1
JSON Web Key/Signature/Token (JWK/JWS/JWT)
Tools, Demos, Tutorials and API Docs
3. Overview
The "jsrsasign" ( ) is a open source
free cryptograhic library implemented by pure JavaScript. It supports a
lot of features such as following:
strong RSA/DSA/ECDSA key utility
RSA/DSA/ECDSA digital signature
message authentication code(MAC)
hash (MD5,RIPEMD,SHA1,SHA2)
simple ASN.1 parser
ASN.1 object generator
X.509 certi cate and CRL
PKCS#1/5/8 private/public key
PKCS#10/CSR
CMS SignedData
RFC 3161 TimeStamp
CAdES long term signature
JWS (JSON Web Signatures)
JWT (JSON Web Token)
JWK (JSON Web Key)
string utility
https://kjur.github.io/jsrsasign/
4. Overview (cont'd)
well-documented
"jsrsasign" has rich and so that you can learn
easily.
many samples and tools
"jsrsasign" provides many samples and tools.
easy installation
"jsrsasign" can be easily installed by "git clone", bower and npm.
There is no dependency to other package or module.
works on most of browsers and Node.js
"jsrsasign" doesn't require any special feature of JavaScript on the
browser such like W3C Web Crypto or Promise. This works on most
of browsers and Node.js as if old one.
MIT license
"jsrsasign" is licensed under "MIT License" which is short and
permissive for developers convenience.
API reference tutorial
6. How to use or install
For bower:
For Node.js:
O course, you can use git:
Or to use it in your web page, add following in your HTML:
% bower install jsrsasign
% npm install -g jsrsasign (for global installation)
% git clone https://github.com/kjur/jsrsasign.git
<script src="https://kjur.github.io/jsrsasign/jsrsasign-
latest-all-min.js"></script>
8. KEYUTIL class: Features
supports RSA/DSA/ECC algorithm
generateKeypair() for RSA/ECC
getKey(): key loader
PKCS#1/5 plain/encryptped private/public PEM/HEX key
PKCS#8 plain/encryptped private/public PEM/HEX key
X.509 PEM certi cate
public/private RFC 7517 JSON Web Key (JWK)
getPEM() to get plain/encrypted private/public PKCS#1/5/8 PEM
getJWKFromKey() to get RFC 7517 JSON Web Key (JWK)
9. KEYUTIL.generateKeypair()
generateKeypair method can be used to generate RSA/ECC key pair.
// RSA
keypair = KEYUTIL.generateKeypair("RSA", 2048);
// ECC
keypair = KEYUTIL.generateKeypair("EC", "secp256r1");
//
// private key object: keypair.prvKeyObj
// public key object: keypair.pubKeyObj
10. KEYUTIL.getKey()
getKey method can load a lot of format of public and private key such
as PKCS#1/5/8 or JWK very easily.
// PKCS#8 public key
pub = KEYUTIL.getKey("-----BEGIN PUBLIC KEY...");
// public key from X.509 certi cate
pub = KEYUTIL.getKey("-----BEGIN CERTIFICATE...");
// PKCS#8 encrypted private with password
prv = KEYUTIL.getKey("-----BEGIN ENCRYPTED PRIVATE KEY...", "pass");
11. sign data
sign a data with your private key using Signature object as like Java JCE.
// load private key
prv = KEYUTIL.getKey("-----BEGIN ENCRYPTED PRIVATE KEY...", "pass");
// generate Signature object
sig = new KJUR.crypto.Signature({"alg": "SHA256withRSA"});
// set private key for sign
sig.init(prv);
// update data
sig.updateString("aaa");
// calclate signature
sigHex = sig.sign();
12. verify signature
sign a data with your private key using Signature object as like Java JCE.
// load public key
pub = KEYUTIL.getKey("-----BEGIN CERTIFICATE...");
// generate Signature object
sig = new KJUR.crypto.Signature({"alg": "SHA256withRSA"});
// set private key for sign
sig.init(pub);
// update data
sig.updateString("aaa");
// verify signature
isValid = sig.verify(sigValueHex);
14. calculate hash by
MessageDigest class
calculate hash using MessageDigest class just like Java JCE
// generate MessageDigest object for SHA384
md = new KJUR.crypto.MessageDigest({alg: "sha384"});
// append data for hash
md.updateString("aaa");
// calculate hash nally
mdHex = md.digest();
// or use Util class in short. These three will get the same result.
mdHex = KJUR.crypto.Util.sha384("aaa");
mdHex = KJUR.crypto.Util.hashString("aaa","sha384");
mdHex = KJUR.crypto.Util.hashHex("616161","sha384");
16. calculate Mac by Mac class
calculate message authentication code by Mac class just like Java JCE
// generate Mac class
mac = new KJUR.crypto.Mac({alg: "HmacSHA256", pass: "pass"});
// append data for Mac
mac.updateString('aaa');
// get Mac value
macHex = md.doFinal();
pass parameter supports some value formats like this:
hexadecimal {hex: "616161"}
UTF-8 {utf8: "東京"}
Base64 {b64: "Mi02/+...a=="}
Base64URL {b64u: "Mi02_-...a"}
18. short ASN.1 introduction
ASN.1 is a binary encording of structured data consists of a data type
tag(T), byte length(L) and value(V).
ASN.1 encoding is used in network protocol or format such like X.509
certi cate, private/public key formats, S/MIME data, digital time stamp,
Radius.
FEATURE1: variable length data exceeds int or long.
FEATURE2: structured data is also available.
23. ASN1HEX for decendant
element
To refer a decendant element of nested structured ASN.1, use "nthList"
which represent indexes for each nested layer. This is very useful to
specify a deep nested element such like subject name of X.509
certi cate.
getDecendantHexTLVByNthList(s,0,[0,0]) → "020104"
getDecendantHexLByNthList(s,0,[0,0]) → "01"
getDecendantHexVByNthList(s,0,[0,0]) → "04"
getDecendantIndexByNthList(s,0,[0,0]) → 8
←
25. X509 class
Basic fields and extensions can be get by X509 class.
x = new X509();
x.readCertPEM(sCertPEM);
hex = X.509.pemToHex(sCertPEM);
// get subject
subject = x.getSubjectString(); // return like "/C=US/O=OTEST"
// get subjectAltName
san = X.509.getExtSubjectAltName(hex);
// return like ["example.com", "example.org"]
There are a lot of methods to get elds and extensions.
Please see in detail.manual
27. generate and encode ASN.1 (cont'd)
Classes for ASN.1 primitives and structured types, as well as X.509
certi cate, CRL, CSR, CMS signed data, digital time stamp and CAdES are
de ned in jsrsasign.
i1 = new KJUR.asn1.DERInteger({int: 234});
s1 = new KJUR.asn1.DERUTF8String({str: 'Tokyo'}});
seq = new KJUR.asn1.DERSequence({array: [i1, s1]});
hex = seq.getEncodedHex();
Please see in detail.
It's very similar to BoucyCastle or IAIK Java ASN.1 classes.
However, there is much more easy way...
manual
28. generate and encode ASN.1 using
newObject
It's very easy to generate complicated ASN.1 object by
ASN1Util.newObject
var hex = new KJUR.asn1.ASN1Util.newObject(
{seq: [ // SEQUENCE
{int: 234}, // INTEGER
{utf8str: 'Tokyo'} // UTF8String
]}
).getEncodedHex();
29. get PEM of X.509 certificate by
X509Util.newCertPEM
It's very easy to generate PEM of X.509 certi cate by
.
pem = new KJUR.asn1.x509.X509Util.newCertPEM({
serial: {int: 4},
sigalg: {name: 'SHA256withECDSA', paramempty: true},
issuer: {str: '/C=US/O=CA1'},
notbefore: {str: '130504235959Z'}, notafter: {str: '140504235959Z'},
subject: {str: '/C=US/O=T1'},
sbjpubkey: "-----BEGIN PUBLIC KEY...",
ext: [
{basicConstraints: {cA: true, critical: true}},
{keyUsage: {bin: '11'}},
],
cakey: ["-----BEGIN PRIVATE KEY...", "pass"]
});
X509Util.newCertPEM
30. get PEM of PKCS#10/CSRT by
CSRUtil.newCSRPEM
It's very easy to generate PEM of CSR(certi cate signing request) by
.
kp = KEYUTIL.generateKeypair("RSA", 2048);
pem = new KJUR.asn1.csr.CSRUtil.newCSRPEM({
subject: {str: '/C=US/O=Test/CN=example.com'},
sbjpubkey: kp.pubKeyObj,
sigalg: "SHA256withRSA",
sbjprvkey: kp.prvKeyObj
});
CSRUtil.newCSRPEM
32. JWK (JSON Web Key)
jsrsasign can load and export RFC 7517 JSON Web Key (JWK).
// load JWK
jwkPub = {kty: "EC", crv: "P-256", x: "f830J3..." ...};
keyObj = KEYUTIL.getKey(jwkPub);
// export to JWK
kp = KEYUTIL.generateKeypair("RSA", 2048);
jwkPrv = KEYUTIL.getJWKFromKey(kp.prvKeyObj);
jwkPub = KEYUTIL.getJWKFromKey(kp.pubKeyObj);
33. JWS (JSON Web Signatures)
jsrsasign can sign and verify RFC 7515 JSON Web Signatures (JWS).
// sign JWS
header = {alg: "HS256"};
payload = {fruit: "orange"};
jws = KJUR.jws.JWS.sign("HS256", header, payload, {utf8: "secret"});
// eyJhbGciOiJIUzI1NiJ9.eyJmcnVpdCI6Im9yYW5nZSJ9.
// qbIF5WMbXYMFMh_UXjL2CGts5KPVU7yF7AbOdoyoPZI
// verify JWS
isValid = KJUR.jws.JWS.verify(jws, {utf8: "secret"}, ["HS256"]);
This result can also be veri ed at .jwt.io
38. Tools and demos
jsrsasign provides a lot of tools which use
jsrsasign as example.
Please see the as for onliene
tools.
Also see as for Node tools.
As for demonstrations, please see
.
this list
list
this list