Python3, Django, MongoDB(docker)

Steps I did to get Python3, Django and MongoDB working on my Mac.

Environment

Anaconda is installed

Result

Steps taken

Created an env in anaconda called ‘django’

Activate virtual environment in terminal

conda activate Django

Create path for django application  and check django version

mkdir django-apps
cd django-apps/
django-admin --version

Create your app

django-admin startproject testproject

If you want you can test with the standard sqlite3 now with ‘python manage.py runserver’

Install the django – mongo connector

pip install djongo

Change the database in settings.py

vi settings.py

now change

DATABASES = {
   'default' : {
      'ENGINE' : 'djongo',
      'NAME' : 'mydbname',
   }
}

Container MongoDB

docker run -d -p 27017-27019:27017-27019 –name django-mongo -v /Users/myusername/Documents/Data/MongoDB/:/data/db -d mongo

Run the django app

python manage.py runserver

 

Yubikey 4 to sign PDF on macOS

Steps to use the Yubikey 4 on macOS to sign pdf’s in Adobe Reader.

Context

  • Yubikey 4 with certificates already configured

Configure your Yubikey with certificates

  • macOS High Sierra version 10.13.4
  • Adobe Acrobat Reader DC version 2018.011.20058

Download Adobe Reader to open and sign your pdf’s

  • Brew: mac Package management software.

Install brew  if you don’t have it installed yet.

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Steps

PKCS#11 available

  • brew install yubico-piv-tool

After installing the yubico-piv-tool the  /Library/OpenSC/lib/opensc-pkcs-11.so is available.

  • sudo cp -p /Library/OpenSC/lib/opensc-pkcs11.so /usr/local/lib/opensc-pkcs11.so

Later we use the path /usr/local/lib/opensc-pkcs11.so in Adobe Reader. The path /Library/OpenSC/lib/opensc-pkcs11.so doesn’t work in Adobe reader.

Configure Adobe Reader

  • Insert your Yubikey
  • Open random pdf to test
  • Go to Preferences

You have to set the

  • Open Tools>Certificates

  • Add the PKCS#11 module

Attach a module by using the path from one of the first steps: /usr/local/lib/opensc-pkcs11.so

  • Click Digitally Sign and select an area

  • Go to manage ID to set an id as an id to sign.   

Result

Using a PIV and GPG together

Add the line “shared-access” to ~/.gnupg/scdaemon.conf

Got this from a github comment and worked for me.

Resources

  • https://developers.yubico.com/PIV/Guides/
  • https://gpgtools.tenderapp.com/discussions/problems/50028-macgpg2-scdaemon-pcsc-open-failed-sharing-violation-0x8010000b/page/1#comment_42960303
  • https://ruimarinho.gitbooks.io/yubikey-handbook/content/ssh/authenticating-ssh-with-piv-and-pkcs11-client/
  • https://lauri.xn--vsandi-pxa.com/2017/03/yubikey-for-ssh-auth.html

Use for SSH

Slot9A authentication voor SSH

Via piv manager creeer self sign certificate met RSA2048

Dan via terminal ssh public key.

ssh-keygen -D /Library/OpenSC/lib/opensc-pkcs11.so -e

Add the SSH key provided via PKCS#11 to the local ssh-agent:

ssh-add -s /usr/local/lib/opensc-pkcs11.so

use pin for passphrase

 

Yubikey and macOS GPG Suite

First install gpg suite

Download from https://gpgtools.org/

Check signature

  • Open terminal
  • Go to folder with download and type:
$ shasum -a 256 <GPG-Suite-download-filename>

In my case filename: GPG_Suite-2018.3.dmg

This results in an signature:

00a6d0c69dd050acd2df4a34bf8502d4e0de3af9b4f7523a0003af14b60006be  GPG_Suite-2018.3.dmg
  • Compare this with the signature on the website

  • Install the GPG Suite

This will also install the app gpg keychain.

Get gpg key from yubikey

You need a Yubikey with gpg keys on it. How to setup your Yubikey?

  • Open terminal
  • Insert yubikey
  • Typ in terminal:
$ gpg --card-status

You should get the info on the yubikey

  • Get your gpg key id. In my case F6868133B81EF682 :
sec#  rsa4096/F6868133B81EF682
  • Now export your public key:
$ gpg --armor --export <your key id> ~/mypublickey.pub
  • Get your key into the gpg keychain
  • Go to finder and open your public key.

Right click or double click the file. In my case I had to specify gpg keychain as the application to open this file.

In GPG keychain it will now show up with type pub/sec. But in the details overview you can see ‘card: #’. This means the key is on a smartcard.

Click ‘Details’ to check the keys details. There you can see the private key is on a card. ‘Card: #’

Test your Yubikey

  • Go to finder
  • Right click a random file
  • Go to Services and choose encrypt file

  • Now you can choose your key in the dropdown in the list below the box
  • To test ‘sign’ check also the sign checkbox

If you later decrypt the file, it will show you the signature.

  • After click ‘Ok’ it will ask to insert your Yubikey

  • Typ your PIN and the encryption starts

You can open the just created file in finder and ‘decrypt’ to test decryption and signature.