## key management – How does a Certificate get associated to the private key pair?

I am new to SSL certs and trying to understanding once the certificate is imported into the Certificate Store (in Windows), how does the certificate get associated with the private key pair? Is that by creating a pfx that would contain the certificate and private key and import that pfx into Certificate Store? We intent to use the TPM to store the private key (but not using it to generate the keypair). How do we tell the certificate store where the associated private key is to a certificate?

## cryptography – Why public key systems involve private keys

Public key cryptography means that the entire communication between both parties is public, including the setup. Contrast this with the case of two parties $$A,B$$ meeting in secret, agreeing on some keyword, and using this keyword to encrypt future communications.

Clearly, if $$A,B$$ decide on the encrpyption scheme in public, something has to be kept private (otherwise you could decipher the messages just like the parties involved). This is the private key, so the flow is something along the following lines: $$A$$ and $$B$$ publicly discuss and share some information with each other and the world, then they do something in private and send each other encrypted messages. Witnesses to the public exchange alone can’t recover what is being said.

The child version of such scheme which I like is the following. Suppose $$A$$ and $$B$$ want to agree on some secret color, only known to them, however the entire exchange must be public. Under the assumption that mixing colors is easy, but given a mixture recovering its components is hard, then they could do the following: $$A$$ and $$B$$ each choose a secret (private key) color denoted by $$a,b$$. Then $$A$$ sends $$B$$ the color $$c$$ (public key), and the mixture $$(a,c)$$. $$B$$ now creates the mixture $$(b,c)$$ and sends it to $$A$$, and also mixes $$(a,b,c)$$ and keeps this compound to himself. Finally, $$A$$ adds $$a$$ to $$(b,c)$$ and is now also in the possession of the secret mixture $$(a,b,c)$$, known to $$A,B$$ but unknown to anyone who solely witnessed the interaction between them.

## How can I add one OPENGL page to another when ENTER key is pressed?

I created one GLUT project which has my project’s introduction page. When I pressed ENTER key, it should redirect to my front page of project which I created as another project.

Recently, I’ve been getting this in the log and its creating chaos when not addressed. I totally understand the error, but what are the typical sources of this showing up in the cluster. I’ve been running previous versions without any issues and this has started popping up after upgrade to 8.x. Has anyone dealt with that? My cluster is behind roundrobin loadlabancer and I’m thinking of changing that, but in my opinion the cluster should be able to take care of this. Can this be tweaked with some configs ?

THD: 152232, mode: local, state: exec, conflict: certifying, seqno: -1
SQL: INSERT INTO `session` (`data`, `id`, `expire`) VALUES (‘__flash|a:0:18;’, ‘dasd’, 1621267611) ON DUPLICATE KEY UPDATE `data`=VALUES(`data`), `expire`=VALUES(`expire`)

## recover private key – is there a way to find the wallet that my address goes to ?//

I two years ago had a cash out from a casino and i went to myapp store and downloaded what I was coinbase wallet which it was the cold storage wallet that really has no ties beside a wallet connect to coinbase I later figured out. I was brand new to btc and knew nothing about 12 words that i was to immediately write down. I did make an account at wallet.coinbase.com/kristymoser2018 is what I thought was it. I later on saw the money come into my wallet from the casino and at that point it shut my phone down and erased eveything.. when I came back online I found out that I no longer had an account at wallet under the credentials I thought were right

I guess what I am asking is there any other way to figure out where the wallet is cause it still has the money in it and is there any program I can use that may help me figure out where it is and if my private key is in cloud storage?

I have tried to recreate the same scenarfio and have never been ABLE TO understand this

## ssh -Q key not listing all key types?

I am having some problems with understanding which types of host keys my SSH daemon actually provides or supports (stock debian buster, sshd 7.9.p1). From the manual (`man sshd_config`):

`````` HostKeyAlgorithms
Specifies the host key algorithms that the server offers.  The default for this option is:

ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-ed25519-cert-v01@openssh.com,
rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
ssh-rsa-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa

The list of available key types may also be obtained using "ssh -Q key".
``````

``````root@odysseus /var/log # ssh -Q key
ssh-ed25519
ssh-ed25519-cert-v01@openssh.com
ssh-rsa
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-rsa-cert-v01@openssh.com
ssh-dss-cert-v01@openssh.com
ecdsa-sha2-nistp256-cert-v01@openssh.com
ecdsa-sha2-nistp384-cert-v01@openssh.com
ecdsa-sha2-nistp521-cert-v01@openssh.com
``````

I’ve got two questions:

1. As an example, the man page states that `rsa-sha2-256` is part of the default for `HostKeyAlgorithms`. But this string does not appear in the output of `ssh -Q key`.

How does this fit together? How can something be a default which even doesn’t exist?

The above example implies that `ssh-rsa` might be insecure, because it doesn’t have `sha2` in its name, and thus might be `sha1` or even `md5` based (of course, my host keys are actually created by `ssh-keygen` with sha2-256 fingerprint, so that actually can’t be a problem, but I’d like to understand those key type names nevertheless).

2. What does the string `-cert-v01@openssh.com` in some of the algorithm type names mean? Are these the types for certificate-based authentication?

## private key – Can Bitcoin be recovered from a child key alone?

I have a question regarding BIP-32 and keys.

Imagine a scenario in which a user creates a new Bitcoin wallet with a seed phrase. He then generates a new address and sends 1 BTC to this address.

Under the covers, my understanding is that a master private/public key will be created from the seed phrase. Then, a child key is created under the parent key for the address.

Now, suppose this user completely loses their seed phrase / master keys, BUT they somehow have a copy of the child key pair that contains their Bitcoin.

Is it possible to recover their Bitcoin from that child key alone? If so, what is the process? Are individual child keys just the same as normal (non BIP-32) key/pairs?

Thanks!

## Is it ok and safe to import master public key from electrum wallet into bluewallet to be a watch-only wallet?

I want to use my iPhone (Blue wallet) to be the watch-only wallet for my offline wallet generated on electrum. So that I can generate unsigned transaction on the bluewallet and send it back to my offline wallet to be signed on electrum. And then send the signed transaction back to bluewallet to be broadcasted.

Is it safe to do so? Is there any better way to do it so I don’t have to send the unsigned and signed transaction back and forth?

## adb – How to decrypt /sdcard | Keymaster HAL 4 | Unexpected value for crypto key location

-Update:

Looked into TWRP log, and it seems like it has key problems:

``````I:Setting up '/data' as data/media emulated storage.
I:mount -o bind '/data/media' '/sdcard' process ended with RC=0
I:mount -o bind '/data/media/0' '/sdcard' process ended with RC=0
I:File Based Encryption is present
e4crypt_initialize_global_de
Determining wrapped-key support for /data
fbe.data.wrappedkey = true
Wrapped key supported on /data
calling retrieveAndInstallKey
Key exists, using: /data/unencrypted/key
Using Keymaster HAL: 4 from QTI for encryption.  Security level: TRUSTED_ENVIRONMENT, HAL: android.hardware.keymaster@4.0::IKeymasterDevice/default
begin failed, code -62
Upgrading key in memory only: /data/unencrypted/key
e4crypt_initialize_global_de returned fail
``````

And this is after I wanted to decrypt it:

``````I:Command 'decrypt *********' received
I:Set page: 'singleaction_page'
I:operation_start: 'TWRP CLI Command'
Attempting to decrypt data partition or user data via command line.
E:Unexpected value for crypto key location
E:Error getting crypt footer and key
E:Could not get footer
Failed to decrypt data.
I:Done reading ORS command from command line
I:operation_end - status=0
``````

Checked the location at `/data/unencrypted/key` and the files are there for sure.

Currently I’m on the same ROM as the one that on I could access my internal storage, but the issue could be that I went FDE -> FBE -> FDE as it’s mentioned in the comments.

Keymaster error codes are respectively:

INVALID_ARGUMENT = -38

How to fix the keys is the answer I might looking for.

Long story short, I screwed up, and now I have an encrypted storage (with my files that I want back) but TWRP and the OS thinks it is not.

It goes like this:

• The Magisk v22.0 update screwed up my phone, which stuck in a
bootloop.
• After countless tries with Magisk (updating, uninstalling.
dirty flash the ROM.
• Due to an HDD failure in my PC, I did not have any storage to back up
my internal storage from the phone.
• Because I wanted to update the ROM anyways (from MIUI 11 to 12) I
decided to flash the newer one. That was the first mistake. This
made the bootloop worse, and now it stuck in fastboot mode, no
recovery. After many sleepless nights I found out that not every
USB-C cable is equal, and I couldn’t reach my phone via fastboot
because of the cable itself.
• Due to an HDD failure in my PC, I did not have any storage to back up
my internal storage from the phone.
• So now I was able to flash an original fastboot ROM which still gave
me bootloop, but after wiping (not formatting, so the /sdcard fs
doesn’t gets erased) Data and Cache in TWRP.
• Then reflashed the fastboot ROM, and somehow it worked. When It
booted up, I had to type in my screenlock pin again, and after setup
all my files were available.
• Now that the phone worked again, I wanted to finish what I started,
to update to latest EU (recovery) ROM. This was the second mistake.
It did not work (because it required formatting data, which I did not
wanted to, and just wiped it), and came bootloop again.
• So I went back to the fastboot ROM again, which fixed the phone
again.
• But this time, it thinks the internal storage is not encrypted.

Now I can’t access the internal storage. Even the camera app says that first I need an SD Card to take photos.

It’s clearly still encrypted because when I browse it in TWRP, the structure and files are there, but the names are like “74t7Z1,dnvgIIexr1QAfhD”.

The problem being neither the OS, nor TWRP knows the storage is encrypted, so it doesn’t even tries to decrypt it, and there are no options to do it.

Tried to set encryption in the running OS, but it gave me the same results: even tho TWRP asks for decryption key, and says it successfully decrypted, the storage is still a mess like it’s in encrypted state.

Is there any way to manually force some flag, so I can access my files again?
I have the encryption key, I just need some way to decrypt the storage. I think of something like an ADB command to flag the partition as encrypted, so TWRP and OS would try to decrypt it.