How to generate fingerprint from public ssh key in php? - php

I have an application that needs pub ssh key and fingerprint, how can I generate fingerprint from only Public SSH Key?
I just want my users paste their ssh key and I generate fingerprint in php function and show it to theme.
thanks

Related

secure place for saving private keys in cpanel

i am createing a math learning app with unity and php for backend
i am using paseto for my application authentication, i geted paseto private key from SealingSecret::generate() method
and i save it in .pem file in none-public place
(but this .pem file is hand maded and content equal private key)
know is that enough secure to save private key?
this is a code that i get .pem file:
file_get_contents("/home/adadshenas/.private/.key/paseto/key/private_key.pem")

Storing persistent variable in either nginx or php

I have an API key that needs to be called from a particular file and as I do not want to store the API key in a source code, I've decided to encrypt the API key using PBKDF2 and decrypting the file once with my password to retrieve my API key whenever I start or restart my server.
However, I could not find a way to store the API key as a persistent variable where I only have to activate the PHP file that retrieves the API key once. Having tried include, require_once and global in php. I also could not use any files or database to store the API key retrieved as this would make what I did pointless.
Is there any way to store the API key as a variable where I am able to call it with let's say my API.php whenever the users need to use the API on my website without using any databases and files?
I am also using nginx as my server.
Thanks!

SSO SAML2.0 implementation in PHP

So I am setting up an SSO implementation FROM my website TO another site. I understand how to build the requests and sign them and all of that stuff. What I am having trouble understanding is the certificates. Who gets what certificate, to be specific. I know how to generate them, but I am not sure if I send over the certificate to the website I am signing into or if they have to generate the certificate and keystore and send us the certificate. There is a little confusion in this part of the process for me that I could use a little help in clarifying.
Since I am accessing their site, it would seem to me that they should generate the certificate and send it to us, and keep the keystore on their machine for the handshake. If I have to generate both, where is the keystore typically kept? We have a couple implementations of this on our site, but the developer that wrote them no longer works here and there is little to no documentation left behind. Also, is the certificate a self-signed certificate that can be used in production? I believe it is, but just want to be sure. Any help in clarification would be greatly appreciated.
It's public key infrastructure (PKI) so you each get the other's public key certificate. It's normally done using the SAML2 metadata profile so you can have their public key certificate.
Looks like you're an IdP if they want the attributes encrypted you need to use their public key to do that. You sign your SAMLResponse to them with your private key and they validate it with your public key. So you each generate your own keys and keep them secret as they are secret keys for signing. You exchange public keys.
You need a certificate for your login endpoint but the other party don't need to see this. They only need your public key certificate for use with the XML exchange and you need their certificate to validate the signature on the SAMLResponse (if you're an SP).
The certificate for working with the SAML XML is normally 10 year self signed.

Access iOS Certificate in Keychain Programatically using PHP

We have a web app that creates iOS apps from a CMS. It builds the Xcode project and we need to be able to archive and export it using PHP. We are able to do this fine from terminal, but using shell_exec in PHP it doesn't work.
Code Sign error: No code signing identities found: No valid signing identities (i.e. certificate and private key pair) matching the team ID “XXXXXXXXX”
We think this is because PHP isn't running as the correct user account to have permission to access the certificates in the keychain. We can set the _www user to run as in particular group, but does anybody know which user it should run as?
I understand opening up access to the _www user is a huge security flaw, but it's for an isolated system unconnected to the outside world.
And why not copy the certificate in the _www user ?

Authenticating a php app running on a Compute Engine instance to access GCS

I created a Google Compute Engine (GCE) instance with service account enabled for cloud storage. I have a php app running on that instance which needs to transfer uploaded files to a specific bucket I have in Google Cloud Storage.
The client ID credentials were created with the application type as "Service Account". After that, a json file was automatically generated and downloaded to my pc. The file contains the following:
{
"private_key_id": "111111111111111111111111111111111",
"private_key": "111111111111111111111111111111111",
"client_email": "111111111111111111111111111111111",
"client_id": "111111111111111111111111111111111",
"type": "service_account"
}
I replaced the actual values with 1s. What I am trying to find out is how to use the above json key file to authenticate my php app for accessing google cloud storage ?
The example provided at this link
https://github.com/google/google-api-php-client/blob/master/examples/service-account.php
utilizes a key file of a different format (key.p12). Any hints on how to use the json key file that was generated above instead ?
Is there any specific reason why you prefer to use JSON key instead of the P12 key?
If not, when you create the client ID credentials you should be able to download the P12 key.
Please visit https://developers.google.com/storage/docs/authentication#about-the-client-ID to see how the section related to that client ID looks like, there you can download that key clicking on "Generate new P12 key".

Categories