Encryption – How to share information between devices and later decrypt it with a private key

I am developing an app for attentive people when they come across a positive person with Covid-19.
I am very concerned about user privacy. So I have to completely anonymize a user.

What is desired is as follows.

Suppose there are devices A, B, C,

A, B and C should send their own UUID via Bluetooth
If A, B and C are close together, A has B, C UUIDs and B has A, Cs UUID and vice versa.

Suppose A finds out that A is positive for Covid-19.
A uploads its UUID to a central server. B and C also look for UUIDs on the server.
When B, C receives the UUID list of the apps of the infected person B, C checks whether they match a UUID downloaded from the server with the locally stored UUID.

But in my case, I don't want the server to find out A's UUID. But somehow I also have to send A's UUID to other devices. What will be the best approach.

My solution.

All devices generate their own public, private key pairs.
Each app encrypts its UUID with the public key it generates and sends it to the other devices with an encrypted UUID + public key.

As soon as a certain user finds him positive for covid-19, he uploads his private key to the server.
All apps download all private keys from all positive devices. and check whether the apps can decrypt their messages themselves with the private keys.

Will that be possible? or what will be the best approach.

It is stupid to disclose the private key. And it will also be a mess to find a suitable public key that also matches the private key. But this was the only thing I could think of.

Linux – how to connect 3 servers under two private networks

Server2 and Server3 are different IP subnets, so a bridge is (usually) not what you would use there. You want Server1 to act as a router, not a bridge.

It looks as if Server1 already has the IP 10.0.0.1 in the Server2 network and 10.0.1.4 in the Server3 network.

First activate the IP forwarding on Server1:

sysctl -w net.ipv4.ip_forward=1

Next you need routing. If Server1 is already the default gateway for Server2 and Server3, you're done. If this is not the case, you have to set up the routing somehow. Static routes are the easiest:

On Server2:

ip route add 10.0.1.0/24 via 10.0.0.1 dev XXX

On Server3:

ip route add 10.0.0.0/24 via 10.0.1.4 dev YYY

Where XXX and YYY are the corresponding Ethernet interface names on these servers.

SMS – Signal Private Messenger Send many retry messages. How to quit?

I have been using Signal Private Messenger for several years. In a few cases, when I send a text message, Signal gets angry and keeps "Acknowledge" or "Deny". I choose the "Deny" button and the window always opens faster than I can press "Deny". I can't turn the signal off or reset.

I tried to turn off the phone completely and restart it (Android – Samsung Galaxy S7). I tried to reset the phone. I tried to close the Signal app (Signal does not let me close the app while the message boxes are on the screen and appearing so quickly that the phone does not recognize the lock function). When I turn the phone back on, the messages start again. I have received texts back from the recipient that have received more than 100 repeat messages, more are coming.

The only way I've found so far to stop them is to reset the phone and completely remove the Signal Private Messenger app to start over. This removes all previous message strings and people. Is there any other way to reset this app?

centos – How to validate a relay client using client certificates generated by a private certification authority in Postfix

I am expanding a number of single-tenant servers, each with a unique FQDN and its own copy of Postfix. These computers do not have reverse DNS / PTR records and must therefore forward their emails through a central relay server.

When I add the CIDRs for this client server $mynetworks Variable in main.cf Everything works as expected on the relay server and the emails are forwarded and delivered properly. However, to ensure greater security and to easily revoke access to a compromised server, each client server must have a unique client certificate signed by a private certificate authority that is managed on the relay server.

NB: The relay server is an older box, CentOS7 with Postfix v2.6, while the client servers are CentOS8 and Postfix v3.3.

I used the following command list to generate the certification authority on the relay server …

openssl genrsa -des3 -out /etc/ssl/CA/my_ca.key 2048
openssl req -x509 -new -nodes -key /etc/ssl/CA/my_ca.key -sha256 -days 365 -out /etc/ssl/CA/my_ca.pem

If I am not missing anything, this went as expected.

Next I created the first certificate, CSR and signed certificate, for one of my client servers …

openssl genrsa -out /etc/ssl/clients/client1.key 2048
openssl req -new -key /etc/ssl/clients/client1.key -out /etc/ssl/clients/client1.csr
openssl x509 -req -in /etc/ssl/clients/client1.csr -CA /etc/ssl/CA/my_ca.pem -CAkey /etc/ssl/CA/my_ca.key -CAcreateserial -out /etc/ssl/clients/client1.crt -days 365 -sha256

The main.cf on my relay server is as follows:
(Ignore the SASL stuff, that is, for older connections within the private subnet where the client servers are not.)

inet_interfaces = all
inet_protocols = all

myhostname = relayserver.my.domain
mydomain = my.domain
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 10.0.0.0/8, ....

in_flow_delay = 0
unknown_local_recipient_reject_code = 550
local_recipient_maps =
luser_relay = root
alias_maps = hash:/etc/aliases

smtpd_banner = $myhostname ESMTP $mail_name

smtpd_tls_cert_file = /etc/postfix/my.domain.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_CAfile = /etc/ssl/certs/ca-bundle.crt

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
pwcheck_method = saslauthd
mech_list = PLAIN LOGIN
saslauthd_path = /var/run/saslauthd/mux

smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/CA/my_ca.pem
tls_append_default_CA = no
smtpd_relay_restrictions = permit_sasl_authenticated, permit_tls_all_clientcerts

I copied the signed certificate from the relay server on which it was generated and signed with my certification authority to the client server and added the appropriate settings main.cf

...
# Mail Relay
smtp_tls_cert_file = /etc/postfix/client1.crt
smtp_tls_key_file = /etc/postfix/client1.key
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
relayhost = (relayserver.my.domain):587
...

(If you need to see other settings, let me know and I'll deploy them just to remove static.)

With this setup and the proper restart of all services on both computers, the client computer does what it should, connects to the relay server, tries to authenticate, and then receives one sender non-delivery notification.

The following errors are displayed on the relay server side:

postfix/smtpd(23830): connect from client.domain.tld(xx.xx.xx.xx)
postfix/smtpd(23830): certificate verification failed for client.domain.tld(xx.xx.xx.xx): untrusted issuer /C=CA/ST=Here/L=There/O=MyCo/OU=OPS/CN=mydomain.tld/emailAddress=me@mydomain.tld

My understanding was that by hiring the smtp_tls_CAfile with my CAs .pem however, that all client certificates are validated and signed by them should they authenticate themselves. But the specific mistake untrusted issuer doesn't make sense since it shouldn't validate the CA just that it signed the client certificate … am I wrong here?

Any help would be appreciated!

Notifications – apk in user app (installed via adb) and apk in system private app

Same apk, if installed in the system app, have disabled the app setting for notification (APP_NOTIFICATION_SETTINGS)
If it is installed as a normal app or user app, this is not the case via adb.

can anyone point out what i have "clickable" for to enable / disable the notification setting when the app is in the system app?

with app in system app:

Enter the image description here

with app in user app:

Enter the image description here

Generate a public key from a private key with ecc

After this answer: https://bitcoin.stackexchange.com/a/63996/100526
If he wants to generate one public key of the private keyhe used K=k*G. but I can't understand the result.
If we accept ours private key is (according to the answer):

0F479245FB19A38A1954C5C7C0EBAB2F9BDFD96A17563EF28A6A4B1A2A764EF4

and after Secp256k1 G The fact is:

- Compressed form (prefix 02)
02 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798 

 - Uncompressed form (prefix 04)
04 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798
483ADA77 26A3C465 5DA4FBFC 0E1108A8 FD17B448 A6855419 9C47D08F FB10D4B8 

I used this site to calculate the public key: https://www.boxentriq.com/code-breaking/big-number-calculator

I use compressed form and private key::
0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 * * 0F479245FB19A38A1954C5C7C0EBAB2F9BDFD96A17563EF28A6A4B1A2A764EF4

and the result is:

25d355ebb23e6ce0fd5463bf40e6da2ccc4e2e8ce654db6a8a8e5a275f0d2266005569112cfda60d14f9b6d0c0218cc072047a3b2fcf97aee95a437b4bb6cce0

but in this answer the result is:

02E8445082A72F29B75CA48748A914DF60622A609CACFCE8ED0E35804560741D29

what is wrong?

litecoin – old wallet, private key and known public address

Your wallet contains a collection of private keys and should show you the balance of the addresses associated with those keys.

If you have the private key for the public address you mentioned, you can spend the coins. If not, there is no way to recover a private key from a public key. The private key is either known to the wallet file or not. There is no way to resend a payment, etc., to recover a private key that is otherwise unknown.

How can you use openssl to generate a public Bitcoin key from an existing private key?

I know that with one command you can generate like a new key pair.

openssl ecparam -genkey -name secp256k1

And the resulting output contains a New private key with the encrypted public key.

Can openssl only generate the public key directly from an existing private key?

To be very clear, I mean Bitcoin Public Key and not Public Address