{"id":16469,"date":"2021-03-12T15:37:42","date_gmt":"2021-03-12T14:37:42","guid":{"rendered":"http:\/\/blog.wenzlaff.de\/?p=16469"},"modified":"2021-05-20T16:05:24","modified_gmt":"2021-05-20T14:05:24","slug":"sicherheitsprovider","status":"publish","type":"post","link":"http:\/\/blog.wenzlaff.de\/?p=16469","title":{"rendered":"TWProviders 1.0 – mal was anderes als HAFNIUM – Installierte Sicherheitsprovider anzeigen"},"content":{"rendered":"

Hier ein neues Java-Programm TWProviders 1.0, das alle Sicherheitsprovider auf dem System (Raspberry Pi, Mac, Windows…) anzeigt. Mal so „just for fun“ programmiert, mal was anderes als Exchange-L\u00fccken<\/a> HAFNIUM<\/a> – BSI ruft „IT-Bedrohungslage rot“. Es muss Java auf dem System installiert sein. Einfach das PrintProvider.class.zip (884 Byte)<\/a> laden und das ZIP auspacken. Dann in dem Verzeichnis starten mit<\/p>\n

java PrintProvider<\/strong><\/p>\n

Also das Programm laden, auspacken und starten:<\/p>\n

\r\nwget http:\/\/blog.wenzlaff.de\/wp-content\/uploads\/2021\/03\/PrintProvider.class.zip\r\nunzip PrintProvider.class.zip\r\njava PrintProvider\r\n<\/pre>\n
Das sind z.B. die 12 von einem Raspberry Pi 4:<\/p>\n
\r\n\r\njava PrintProvider\r\nTWProviders 1.0 from www.wenzlaff.info prints all 12 Security Provider:\r\nSUN (DSA key\/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; PKCS12, JKS & DKS keystores; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration)\r\nSun RSA signature provider\r\nSun Elliptic Curve provider (EC, ECDSA, ECDH)\r\nSun JSSE provider(PKCS12, SunX509\/PKIX key\/trust factories, SSLv3\/TLSv1\/TLSv1.1\/TLSv1.2\/TLSv1.3\/DTLSv1.0\/DTLSv1.2)\r\nSunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC, ChaCha20)\r\nSun (Kerberos v5, SPNEGO)\r\nSun SASL provider(implements client mechanisms for: DIGEST-MD5, EXTERNAL, PLAIN, CRAM-MD5, NTLM; server mechanisms for: DIGEST-MD5, CRAM-MD5, NTLM)\r\nXMLDSig (DOM XMLSignatureFactory; DOM KeyInfoFactory; C14N 1.0, C14N 1.1, Exclusive C14N, Base64, Enveloped, XPath, XPath2, XSLT TransformServices)\r\nSun PC\/SC provider\r\nJdkLDAP Provider (implements LDAP CertStore)\r\nJDK SASL provider(implements client and server mechanisms for GSSAPI)\r\nUnconfigured and unusable PKCS11 provider\r\n\r\n<\/pre>\n
Mit diesm Programm kann nun auch leicht in einem Script oder in der Konsole nach Providern oder so gesucht werden, z.B. mit grep<\/p>\n
java PrintProvider | grep Secure<\/strong><\/p>\n
Ergebnis:
\nSUN (DSA key\/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom<\/strong>; X.509 certificates; PKCS12, JKS & DKS keystores; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration)<\/p>\n
Sollte kein Java vorhanden sein, kommt es zu dieser Fehlermeldung. <\/p>\n
java PrintProvider\r\n-bash: java: command not found<\/pre>\n
SignaturPrintProvider.class.zip.sig<\/a>.<\/p>\n
-----BEGIN PGP SIGNATURE-----\r\n\r\niQIcBAABCAAGBQJgS3VCAAoJEI3I005Cfw2OYtYP\/3HY+Sd0AXTaOXQBuaO2j\/An\r\nbWwlHwnxM0K+ups3mZJqVVFx9Zc\/ckKchNRZJmNGjBKxW3l0OMS1piVq9IJoAQZf\r\nepoLfRFWGW82zjTSFO3KU4S0lVfvIfwT9KipOQ8kv5x+o\/Ov+sRPa+k8iUxUfg\/d\r\nrQ4HlHbGEmrbqBhrH2MsBKGu73fuYpJuImj\/rxAoqkHlAMZGIOVKIWtUxEAE622U\r\ndQ6vIyNuZGKF\/h9eTSUkDq6HXg5GvQM98VVB5WPz8NiwRVl\/42o0d2DdxJ3KnFGN\r\nhivb1inJM3v01cd+56mKVece2Db\/Vn6BDbqenuuZMqfNJUU31T2rdd7r1sCEY73A\r\n0Ji1oJkMJMKJ3acAr9ZGeZkvJh1KqqzNDkpqXeHMd+ausf498i+exgGAL8Prw2hL\r\n8RWLD\/lR8fLp8PxuaulSS1tpnw9dbL\/ubV919LAOhxMz4KTJbrNCFsCZRCbT2Phg\r\nlqt1jIBBCrzXqX\/ItWQo+k2jnMqvN7+3ivDgm3WBU9HXSwzVoqFPCSS7LXaoS34U\r\nnW9UrqcT+w0Z8VGmlrPjtXrwuUB77qP+mRXRPseQkaDGmP3OO7djIDDVyqLP+cSV\r\n3WtFIOwQrahJFFGCx2YB5053VayC8KcRCm9ezbEoYOHmXSXZ\/R0t77LEEkjgjtt5\r\niAL2ffI3BK4o\/KIfln7\/\r\n=2hLs\r\n-----END PGP SIGNATURE-----<\/pre>\n","protected":false},"excerpt":{"rendered":"
Hier ein neues Java-Programm TWProviders 1.0, das alle Sicherheitsprovider auf dem System (Raspberry Pi, Mac, Windows…) anzeigt. Mal so „just for fun“ programmiert, mal was anderes als Exchange-L\u00fccken HAFNIUM – BSI ruft „IT-Bedrohungslage rot“. Es muss Java auf dem System installiert sein. Einfach das PrintProvider.class.zip (884 Byte) laden und das ZIP auspacken. Dann in dem … <\/p>\n
\u201eTWProviders 1.0 – mal was anderes als HAFNIUM – Installierte Sicherheitsprovider anzeigen\u201c <\/span>weiterlesen<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","footnotes":""},"categories":[220,4606,5,3897,79,1319,7],"tags":[4644,4700,4714,4699,4712,4705,4692,4709,4697,4703,4694,4662,4715,4713,4707,4688,4704,4693,4691,4690,4711,4710,4702,4708,4701,4706,4696,4689,4695,4698,4716,4717,4718],"class_list":["post-16469","post","type-post","status-publish","format-standard","hentry","category-anleitung","category-crypto","category-java","category-java-programmierung","category-programmierung","category-sicherheit-2","category-tools","tag-aes","tag-arcfour","tag-base64","tag-blowfish","tag-c14n-1-1","tag-chacha20-sun-kerberos-v5","tag-collection-certstores","tag-cram-md5","tag-des","tag-diffie-hellman","tag-ecdh-sun-jsse-providerpkcs12","tag-ecdsa","tag-enveloped","tag-exclusive-c14n","tag-external","tag-hafnium","tag-hmac","tag-javapolicy-policy-javaloginconfig-configuration-sun-rsa-signature-provider-sun-elliptic-curve-provider-ec","tag-jks-dks-keystores-pkix-certpathvalidator-pkix-certpathbuilder-ldap","tag-md5-digests-securerandom-x-509-certificates-pkcs12","tag-ntlm-xmldsig-dom-xmlsignaturefactory-dom-keyinfofactory-c14n-1-0","tag-ntlm-server-mechanisms-for-digest-md5","tag-pbe","tag-plain","tag-rc2","tag-spnego-sun-sasl-providerimplements-client-mechanisms-for-digest-md5","tag-sslv3tlsv1tlsv1-1tlsv1-2tlsv1-3dtlsv1-0dtlsv1-2-sunjce-provider-implements-rsa","tag-sun-dsa-keyparameter-generation-dsa-signing-sha-1","tag-sunx509pkix-keytrust-factories","tag-triple-des","tag-xpath","tag-xpath2","tag-xslt-transformservices-sun-pcsc-provider-jdkldap-provider-implements-ldap-certstore-jdk-sasl-providerimplements-client-and-server-mechanisms-for-gssapi-unconfigured-and-unusable-pkcs11-provider"],"_links":{"self":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/posts\/16469","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16469"}],"version-history":[{"count":0,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=\/wp\/v2\/posts\/16469\/revisions"}],"wp:attachment":[{"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16469"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16469"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.wenzlaff.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16469"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}