⛔
NOTA:
Esta resposta foi elaborada para uma postagem removida pelo seu autor. Desta forma, estou usando a área para rascunhos, preservando, de início, a resposta que eu havia preparado.
Resposta
Não faço ideia como começar a documentar um projeto que já foi iniciado sem antes primeiro pensar no que foi estabelecido como resultados parciais (millestones). Penso que, logo na fase de planejamento, já deva existir as linhas gerais que vão reger o projeto de documentação (é praticamente outro projeto), baseando-se em um padrão já existente ou adaptado pela equipe de gerência do projeto.
Estou bastante curioso para saber o fim desta jornada de aprendizado e também aprender como lidou com este desafio.
PS: Infelizmente o autor apagou a postagem antes que eu pudesse enviar o comentário :/. Vou aproveitar a área de comentário para rascunhos :))
Área de rascunhos
Como usar o openssl para criar pares de chave privada/pública para encriptação de documentos usando RSA. Aqui é apenas uma proposta didática. Recomendo ver os vídeos do Akita antes para obter configurações mais adequadas e atuais.
Esta publicação baseou-se na ideia original publicada em https://opensource.com/article/21/4/encryption-decryption-openssl
Console log styles
In console
console.debug("%c DataLayer %c event ","background: blue; color: white;","background: lightgrey; color: black;",a)
In a JavaScript code
try{console.debug(\"%c DataLayer %c \"+a.event+\" \",\"background: blue; color: white;\",\"background: lightgrey; color: black;\",a)}catch(c){}
try{console.debug(\"%c DataLayer %c \"+b.event+\" \",\"background: blue; color: white;\",\"background: lightgrey; color: black;\",b)}catch(c){}
Object.keys(b).forEach(function(a) {
b[a] = b[a] ? b[a] : void 0
});
try {
console.debug("%c DataLayer %c " + b.event + " ", "background: blue; color: white;", "background: lightgrey; color: black;", b)
} catch (c) {}
try {
a.dataLayer = a.dataLayer || [],
a.dataLayer.push(b)
} catch (c) {
console.debug(c)
}
Source: https://www.google.com/chrome/static/js/main.min.js
Openssl
Confira se o openssl está instalado e disponível para o terminal.
user@mach:/dev/shm$ openssl version
OpenSSL 1.1.1 11 Sep 2018
Crie as chaves privadas.
Aqui uma chave de comprimento relativemente curto, 512 bits, foi configurada para simplificar a exibição dos blocos exportados. A passphrase adotada foi "passphrase". Estas duas práticas são apenas para fins didáticos e não recomendadas. Em produção, adote chave mais longa e passphrase mais adequadas.
Alice
user@mach:/tmp/xps/openssl$ openssl genrsa -aes128 -out alice_private.pem 512
Generating RSA private key, 512 bit long modulus (2 primes)
.....+++++++++++++++++++++++++++
........+++++++++++++++++++++++++++
e is 65537 (0x010001)
Enter pass phrase for alice_private.pem:
Verifying - Enter pass phrase for alice_private.pem:
user@mach:/tmp/xps/openssl$ ls -l
total 4
-rw------- 1 user user 576 jan 2 00:10 alice_private.pem
Bob
user@mach:/tmp/xps/openssl$ openssl genrsa -aes128 -out bob_private.pem 512
Generating RSA private key, 512 bit long modulus (2 primes)
.........................+++++++++++++++++++++++++++
..+++++++++++++++++++++++++++
e is 65537 (0x010001)
Enter pass phrase for bob_private.pem:
Verifying - Enter pass phrase for bob_private.pem:
user@mach:/tmp/xps/openssl$ ls -l
total 8
-rw------- 1 user user 576 jan 2 00:10 alice_private.pem
-rw------- 1 user user 576 jan 2 00:11 bob_private.pem
Inpecionar o que contém cada um destes arquivos PEM caso esteja curioso.
user@mach:/tmp/xps/openssl$ more *
::::::::::::::
alice_private.pem
::::::::::::::
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,86014427B73CDAD910C62F9DA7106B72
82G6vtNdvAc6tmYBkLiiRSLEggE/Nl1rYOS1ZAJD1xM0IYvZ8eHqNEIxX7sYmVqV
2RudqNloHZTyRwI2mSkEetoOVnbJZ9qlD9mxfjbXgxnjerp/3/xuk/QBGuhAvbYo
uamODn6D6r9au6d3Tj2o4ytKszh/yoNbTEwE+W76qHutOVCgPs0BZagaFAAWqhrv
xoMGeEjn5WE/Xkon/UIlpu+Jo8rg5moYOO9AV7bgsPfBhyy/xH8JTOfJj06ikwu9
kQFwXlqp5NzXtOZWTmKCWpN7Hua21nK0uzoaRMKCR1jYik7c3Pf8VBp1eSH4nfd4
qnlpuQCw7yaxaIpF6GmpWwR08/oEchVmqW91r1N61gPvUqf+eg0MIH2g95NwPOfr
oMmIuc0ts+OYThlzaUY3wAQdU+P7p2nIwmck+uV5JrM=
-----END RSA PRIVATE KEY-----
::::::::::::::
bob_private.pem
::::::::::::::
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,859A6160E523E98A2165A46BF20BD0BC
OX0bv0ahNzm0YlKYGH0axdKyeUnCCM8mbaVr+y9kJeP9g+lDY86lupy/lL1LwJxU
uhMMZCBRu4zb6sqqwQ+Fr0Ov6+8V7IHw21Uww1wrGT3qdnk5Vmnt70dTSqArwxv/
Zov0ShfZnY2Viet7q4ORSY9bvAfLF28rg+bq2HMowIOcx70lg/O1386WLqHmXvRa
FoKF7dBz/cv6DSjawvH92goPAXFmMeluxQ9jA7ZJXT5KJ5KcqM8kW7ua8vmr2Wg+
oT8AuHPf74YAteYcxU7IAxnUQ3V06zW1aPTJSnL9kL9l7ZQrIVBim8k64GXp5V0N
nPOktmyHH1P6fJf83Cz3XDRZQFGmG7xAPIuoALscJkrvVBgAw7r9nUE/fj+wpdQb
HZeK82UaGoPGqdYKYOkllfuBrYbwuTlSTTJrlKJ7O9A=
-----END RSA PRIVATE KEY-----
Não somente ver o conteúdo mas saber o que contém cada stream base64
user@mach:/tmp/xps/openssl$ openssl rsa -in alice_private.pem -noout -text
Enter pass phrase for alice_private.pem:
RSA Private-Key: (512 bit, 2 primes)
modulus:
00:c7:22:04:af:5b:57:a7:1d:4e:a5:22:96:38:dd:
5f:40:e2:ec:29:4f:65:b1:d2:f3:6f:2f:0b:f7:68:
11:9b:68:7d:3a:ae:2f:5f:b2:81:a6:56:2a:0d:19:
c4:db:e6:45:14:bd:6c:0c:52:1a:47:cc:83:15:16:
4c:98:5c:5e:15
publicExponent: 65537 (0x10001)
privateExponent:
0e:1c:57:00:a6:14:5b:ff:33:a7:77:ff:f5:1f:9a:
b4:5a:60:29:bd:3a:93:93:43:34:c9:bc:ab:57:70:
87:f6:8b:81:7b:53:96:3c:ff:57:73:59:60:b8:3e:
f2:3e:39:d9:e5:37:64:f8:93:24:ef:3e:2d:c4:d3:
d9:39:85:b1
prime1:
00:eb:fe:aa:90:a0:44:58:fc:d1:73:28:ea:55:a0:
64:8c:cb:99:a0:5b:59:59:1e:aa:2a:ec:ea:6c:23:
a0:c7:c7
prime2:
00:d8:03:68:fd:b2:63:7c:de:4a:3c:82:a2:8d:be:
a3:ab:ee:58:6c:89:10:1f:02:a2:b9:57:69:bf:7d:
09:43:43
exponent1:
00:81:21:34:0b:36:e6:af:1a:87:30:d0:2e:88:f3:
de:90:fb:c6:ef:eb:8c:14:2b:a7:49:1d:a1:97:d2:
56:e3:79
exponent2:
07:8a:96:ef:c4:7a:94:b1:6e:06:0e:c9:7e:09:59:
cd:76:d4:bf:75:49:8a:cb:9c:c2:bb:ba:85:64:e8:
1d:e1
coefficient:
11:46:3c:a5:d2:42:37:46:74:85:e5:45:e2:6a:88:
0e:be:80:6c:86:68:55:bf:64:44:cb:3c:1b:02:12:
a8:79
user@mach:/tmp/xps/openssl$ openssl rsa -in bob_private.pem -noout -text
Enter pass phrase for bob_private.pem:
RSA Private-Key: (512 bit, 2 primes)
modulus:
00:ac:70:0d:38:ae:39:32:02:c5:be:a1:14:6a:e0:
ad:c0:ff:e4:e4:2d:f8:92:49:4e:07:9c:84:93:1f:
a5:62:81:cf:84:4f:e2:3f:d6:21:d6:05:3e:3a:d9:
1a:d9:a6:7e:23:4a:a0:d3:99:f7:a9:3c:93:4f:27:
3a:82:db:7c:47
publicExponent: 65537 (0x10001)
privateExponent:
00:aa:00:52:58:96:13:17:45:fa:74:24:d4:3f:46:
40:a6:ec:e1:59:40:25:36:fb:84:2d:26:d6:e1:41:
2a:c8:c0:78:7f:ec:79:0f:84:59:12:17:f3:4f:43:
b9:6f:06:97:31:3f:97:74:84:1a:b0:18:38:bd:bb:
32:8e:4c:70:e1
prime1:
00:e0:c7:31:ee:28:5e:82:2d:20:dc:42:ed:b0:4c:
55:f6:95:b8:8d:6e:55:39:eb:c2:e0:f2:ae:48:cb:
89:1f:71
prime2:
00:c4:63:b3:e6:e9:dc:6d:4d:7f:1f:b0:37:4c:08:
49:d8:2e:0f:2e:bc:f5:06:80:2e:50:24:a1:3a:fe:
99:eb:37
exponent1:
79:54:2c:28:60:53:fb:32:3e:cd:85:b6:e4:f5:9f:
65:15:95:e3:89:8d:a9:51:10:04:fa:19:87:23:8e:
25:91
exponent2:
48:2e:bd:38:ea:4b:f2:80:c1:70:cc:3c:06:de:25:
06:28:27:bc:6e:07:41:54:6b:b1:59:45:49:81:ba:
e1:11
coefficient:
00:d2:27:07:a0:d9:43:43:4f:1d:28:6d:83:82:7d:
0e:75:56:ae:11:0a:80:75:ef:a2:d7:e4:73:1e:85:
f8:b1:08
Exporte as chaves públicas
user@mach:/tmp/xps/openssl$ openssl rsa -in alice_private.pem -pubout > alice_public.pem
Enter pass phrase for alice_private.pem:
writing RSA key
user@mach:/tmp/xps/openssl$ openssl rsa -in bob_private.pem -pubout > bob_public.pem
Enter pass phrase for bob_private.pem:
writing RSA key
Inspecione o conteúdo dos arquivos gerados
user@mach:/tmp/xps/openssl$ more alice_public.pem bob_public.pem
::::::::::::::
alice_public.pem
::::::::::::::
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMciBK9bV6cdTqUiljjdX0Di7ClPZbHS
828vC/doEZtofTquL1+ygaZWKg0ZxNvmRRS9bAxSGkfMgxUWTJhcXhUCAwEAAQ==
-----END PUBLIC KEY-----
::::::::::::::
bob_public.pem
::::::::::::::
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKxwDTiuOTICxb6hFGrgrcD/5OQt+JJJ
TgechJMfpWKBz4RP4j/WIdYFPjrZGtmmfiNKoNOZ96k8k08nOoLbfEcCAwEAAQ==
-----END PUBLIC KEY-----
e o que realmente significam
user@mach:/tmp/xps/openssl$ openssl rsa -in alice_public.pem -pubin -text -noout
RSA Public-Key: (512 bit)
Modulus:
00:c7:22:04:af:5b:57:a7:1d:4e:a5:22:96:38:dd:
5f:40:e2:ec:29:4f:65:b1:d2:f3:6f:2f:0b:f7:68:
11:9b:68:7d:3a:ae:2f:5f:b2:81:a6:56:2a:0d:19:
c4:db:e6:45:14:bd:6c:0c:52:1a:47:cc:83:15:16:
4c:98:5c:5e:15
Exponent: 65537 (0x10001)
user@mach:/tmp/xps/openssl$ openssl rsa -in bob_public.pem -pubin -text -noout
RSA Public-Key: (512 bit)
Modulus:
00:ac:70:0d:38:ae:39:32:02:c5:be:a1:14:6a:e0:
ad:c0:ff:e4:e4:2d:f8:92:49:4e:07:9c:84:93:1f:
a5:62:81:cf:84:4f:e2:3f:d6:21:d6:05:3e:3a:d9:
1a:d9:a6:7e:23:4a:a0:d3:99:f7:a9:3c:93:4f:27:
3a:82:db:7c:47
Exponent: 65537 (0x10001)
Experimente encriptar um conteúdo
user@mach:/tmp/xps/openssl$ echo "vim or emacs ?" > top_secret.txt
user@mach:/tmp/xps/openssl$ cat top_secret.txt
vim or emacs ?
user@mach:/tmp/xps/openssl$ openssl rsautl -encrypt -inkey bob_public.pem -pubin -in top_secret.txt -out top_secret.enc
Eis todos arquivos criados até então
user@mach:/tmp/xps/openssl$ l
total 24
187 4 -rw------- 1 1000 1000 1000 ? 576 2024-05-02 00:10:32.481689632 -0300 alice_private.pem
82 4 -rw------- 1 1000 1000 1000 ? 576 2024-05-02 00:11:17.925688818 -0300 bob_private.pem
662 4 -rw-rw-r-- 1 1000 1000 1000 ? 182 2024-05-02 00:12:19.245687720 -0300 alice_public.pem
89 4 -rw-rw-r-- 1 1000 1000 1000 ? 182 2024-05-02 00:12:31.581687499 -0300 bob_public.pem
709 4 -rw-rw-r-- 1 1000 1000 1000 ? 15 2024-05-02 00:13:09.301686823 -0300 top_secret.txt
135 4 -rw-rw-r-- 1 1000 1000 1000 ? 64 2024-05-02 00:13:26.185686521 -0300 top_secret.enc
O arquivo encriptado está em formato binário
user@mach:/tmp/xps/openssl$ cat top_secret.enc
q=��(]��J{t���χ�l@��䍞2�k�6�H����¡"��5��
TZ
Sendo mais útil utilizar um hex dumper
user@mach:/tmp/xps/openssl$ hexdump -Cv top_secret.enc
00000000 71 13 3d fd ab 28 04 5d e1 e7 4a 7b 74 c8 f4 bc |q.=..(.]..J{t...|
00000010 cf 87 f5 6c 40 9c 85 e4 8d 9e 32 a0 6b 83 36 ed |[email protected].|
00000020 48 8e e2 f7 b4 c2 a1 22 60 08 a1 1f f1 07 35 8b |H......"`.....5.|
00000030 8a 0a e9 ff d9 bc 9b 88 f1 b8 ac 1c 82 0d 54 5a |..............TZ|
00000040
Experimente decriptar o conteúdo
user@mach:/tmp/xps/openssl$ openssl rsautl -decrypt -inkey bob_private.pem -in top_secret.enc > top_secret_dec.txt
Enter pass phrase for bob_private.pem:
Mais um arquivo foi criado
user@mach:/tmp/xps/openssl$ ls -l
total 28
-rw------- 1 user user 576 jan 2 00:10 alice_private.pem
-rw-rw-r-- 1 user user 182 jan 2 00:12 alice_public.pem
-rw------- 1 user user 576 jan 2 00:11 bob_private.pem
-rw-rw-r-- 1 user user 182 jan 2 00:12 bob_public.pem
-rw-rw-r-- 1 user user 15 jan 2 00:14 top_secret_dec.txt
-rw-rw-r-- 1 user user 64 jan 2 00:13 top_secret.enc
-rw-rw-r-- 1 user user 15 jan 2 00:13 top_secret.txt
E, comparando seus conteúdos, ambos são identicos
user@mach:/tmp/xps/openssl$ diff top_secret.txt top_secret_dec.txt
Realizar os mesmos experimentos com a chave de alice
user@mach:/tmp/xps/openssl$ echo "nano for life" > reply_secret.txt
user@mach:/tmp/xps/openssl$ openssl rsautl -encrypt -inkey alice_public.pem -pubin -in reply_secret.txt -out reply_secret.enc
user@mach:/tmp/xps/openssl$ ls -l
total 36
-rw------- 1 user user 576 jan 2 00:10 alice_private.pem
-rw-rw-r-- 1 user user 182 jan 2 00:12 alice_public.pem
-rw------- 1 user user 576 jan 2 00:11 bob_private.pem
-rw-rw-r-- 1 user user 182 jan 2 00:12 bob_public.pem
-rw-rw-r-- 1 user user 64 jan 2 00:15 reply_secret.enc
-rw-rw-r-- 1 user user 14 jan 2 00:15 reply_secret.txt
-rw-rw-r-- 1 user user 15 jan 2 00:14 top_secret_dec.txt
-rw-rw-r-- 1 user user 64 jan 2 00:13 top_secret.enc
-rw-rw-r-- 1 user user 15 jan 2 00:13 top_secret.txt
user@mach:/tmp/xps/openssl$ more reply_secret.enc
h�:�,ZU���w�i������BW]�>��>��k%�
o��o��*� ����`�\�>��030�I
user@mach:/tmp/xps/openssl$ hexdump -Cv reply_secret.enc
00000000 68 f3 3a c3 2c 02 5a 19 55 f9 80 d9 77 93 69 9f |h.:.,.Z.U...w.i.|
00000010 d5 c1 88 11 84 d4 42 57 01 5d d3 3e eb f6 3e 17 |......BW.].>..>.|
00000020 87 80 6b 25 e5 0a 6f 82 ce 6f 8a f7 2a 99 20 b6 |..k%..o..o..*. .|
00000030 93 b6 a7 60 1a ea 5c fd 3e cc f8 30 33 30 98 49 |...`..\.>..030.I|
00000040
user@mach:/tmp/xps/openssl$ openssl rsautl -decrypt -inkey alice_private.pem -in reply_secret.enc > reply_secret_dec.txt
Enter pass phrase for alice_private.pem:
user@mach:/tmp/xps/openssl$ diff reply_secret.txt reply_secret_dec.txt
user@mach:/tmp/xps/openssl$ ls -l
total 52
-rw------- 1 user user 576 jan 2 00:10 alice_private.pem
-rw-rw-r-- 1 user user 182 jan 2 00:12 alice_public.pem
-rw------- 1 user user 576 jan 2 00:11 bob_private.pem
-rw-rw-r-- 1 user user 182 jan 2 00:12 bob_public.pem
-rw-rw-r-- 1 user user 9242 jan 2 01:03 receipt.txt
-rw-rw-r-- 1 user user 14 jan 2 00:16 reply_secret_dec.txt
-rw-rw-r-- 1 user user 64 jan 2 00:15 reply_secret.enc
-rw-rw-r-- 1 user user 14 jan 2 00:15 reply_secret.txt
-rw-rw-r-- 1 user user 15 jan 2 00:14 top_secret_dec.txt
-rw-rw-r-- 1 user user 64 jan 2 00:13 top_secret.enc
-rw-rw-r-- 1 user user 15 jan 2 00:13 top_secret.txt