小心市面上所有的免费VPN,实在要用也买一个老牌儿正规收费的吧。
你以为他们靠什么赚钱呢?当你的设备通过vpn连接外网的时候,你的所有数据包都会通过他的服务器,那么他就可以有一万种方法截取你的数据。通俗一点,你的帐号/密码对于他们来说就是透明的。
什么?你访问的都是https网站?那么你确认你所有网站的帐号/密码都是单独的一套吗,还是说你就一套帐号/密码用于所有的网站。
当你所有流量都从他那里过的时候,这些事情简直太容易了,还是当心点吧童鞋们,不要去贪这些小便宜。
那收费vpn不也一样可以抓取我的数据吗?当然可以,所以才建议你用老牌儿。
最好没事儿咱就别翻墙了,GFW也不是那么糟(当然,当然的当然,不能访问google是非常非常不爽的一件事情,特别是xxx那么垃圾的时候),如果实在有需求,那就是自己搭一个。
时常有人问我为什么最喜欢的城市是重庆,
我想也许是因为这座城市从未停止给我感动。
谢谢你重庆,谢谢你在11.11用你的所有LED屏祝福我们的人民解放军空军生日快乐。
其实我也不记得,但谢谢你没有忘记。
The container world community is totally a mess!
Could you please stop fucking each other and spiral down and meet in the middle? Make some compromise please!
上周日去COSCon2016分享Docker的镜像签名技术,看起来并没有引起同学们的兴趣 o.o
some sometimes.
– 05:23:22 🕔
在学校的一个中午,老师在选值周生,老师选完十五个之后,因为不知道选谁,想一会儿后,决定选张书豪时,我冯传可,上完厕所走进教室的那一刻,老师刚刚念了张字后,就马上朝我转头来:“冯传可,”我一愣,马上搞清楚壮况,就鞠了一躬,说:“谢谢大家,选我,我一定好好干。”
最近有不少人问我如何用openssl命令行来进行签名,验证签名,以及其它一些openssl的命令。
其实我对openssl也不太了解,倒是对rsa了解得比较多一些,像rsa背后的欧拉公式以及证明啊什么的,呵呵呵。
写一个小脚本,里面包含了加密/解密,签名/验证签名等一些例子,仅供参考。
#!/bin/bash
set -e
set -x
# Generate 1024 bits rsa private key and output to file "test.key".
# This private key was encrypted by AES256 with the password "hkp".
openssl genrsa -aes256 -passout pass:hkp   -out test.key 1024
# Generate public key from the private key file "test.key" and output it to public key file "test.pub"
# Since the private key has been encrypted, so we need to pass in the password to decrypt it.
openssl rsa -passin pass:hkp -in test.key -pubout -out test.pub
# Encrypt the plain message from "plain.txt" and output to cipher file "cipher.txt" with public key.
# NB., if encrypt with public key, the option "-pubin" should be provided,
# if encrypt with private key, the password should be provided if needed.
#
# As per the manual of openssl,
# -encrypt encrypt with public key
# -decrypt decrypt with private key
# So even we use private key file "test.key" to encrypt the message, openssl only use the public part of "test.key"
openssl rsautl -encrypt -pubin -inkey test.pub -in plain.txt -out cipher.txt
openssl rsautl -encrypt -passin pass:hkp -inkey test.key -in plain.txt -out cipher_by_private_key_file.txt
# Decrypt the cipher message from "cipher.txt" and output the decrypted message into "decrypt.txt" with private key.
# Since the private key has been encrypted, so we need to pass in the password to decrypt it.
openssl rsautl -decrypt -inkey test.key -passin pass:hkp -in cipher.txt -out decrypt.txt
openssl rsautl -decrypt -inkey test.key -passin pass:hkp -in cipher_by_private_key_file.txt -out decrypt_also_by_private_key_file.txt
# Sign the digest of message with sha256 as the digest algorithm and output the signature to "plain.sig"
openssl dgst -sign test.key -passin pass:hkp -sha256 -out plain.sig plain.txt
# Verify the signature with the public key from public key file "test.pub",
# Please be note that, the signature is of the digest of the message from file "plain.txt".
openssl dgst -verify test.pub -sha256 -signature plain.sig plain.txt
# Since the public key can be retrieved from private key file,
# so openssl also support verify signature via private key file.
openssl dgst -prverify test.key -passin pass:hkp -sha256 -signature plain.sig plain.txt