I found some interesting materials to the topic of data sanitization:
Magnetic Media - (Peter Gutmann - oldies but interesting):
- note the old drives, low density, MFM/LCC - able to recover complements by osciloscipe reading
- read epilogue - 35-vodoo overwriting scheme not necessary for modern drives, radom data would do the trick
Semiconductors (Peter Gutmann - SRAM, DRAM,EEPROM, FLASH ...)
And recommended tools :D by Peter:
Data remanence
- Feasibility of recovery
Microscopy of HDD data
- micro imaging would take at least weeks on todays high density high volume drives
-------------
DoD 5220.22-M NISPOM
8-306. Maintenance - Clearing and Sanitization Matrix
d. Overwrite all addressable locations with a character, its complement, then a random character and verify. THIS METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET INFORMATION.
AR380-19
Degausser for HDD - maybe we could use one for broken drives:
http://www.mediaduplicationsystems.com/Degausser_Hard_Drive_Degaussers_s/103.htm
http://www.datalinksales.com/detail/Model%201100.html/1100%20degauss%20wand
Additional topics:
HPA and DCO protected areas on ATA drives
-------------
My personal conclusions:
Working drives:
- even one verified zero overwrite the drive should be good enough for "For Internal Use" data.
- actually this is what "ATA Secure Erase" does
- even one random data overwrite the drive should be good enough for pretty much everything
- I find it highly non-economical to invest so much money and effort to read overwritten data
- DoD 5220.22-M with 3 overwrites - to be on safe side from audit
Broken drives:
- if suffering from badblocks "ATA Enhanced Secure Erase" still might help - although no fancy logs or reports of results
- hammer and drill is your friend :) for completely non-working discs
- I was surprised that HDD degaussers are quite affordable
2011-03-25
2011-03-02
Using java keytool to import private key into JKS java keystore
I got question how to import the private key to JKS keystore.
According to some resources it is not possible with standard tools.
Answer is to use the -importkeystore option of java keytool. Keytool allows conversion between the different keystore types which are currently known to your java virtual machine.
For example you can import key+certificate from PKCS12 format (extensions .p12 or .pfx in Windows world).
If you have key and certificate in PEM format you can easily convert it to pkcs12 with openssl
Relevant links:
http://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html
http://www.herongyang.com/crypto/Key_Formats_PKCS8_PKCS12_4.html
http://mindprod.com/jgloss/keytoolexe.html#EXPORTING
http://www.agentbob.info/agentbob/79-AB.html
According to some resources it is not possible with standard tools.
Answer is to use the -importkeystore option of java keytool. Keytool allows conversion between the different keystore types which are currently known to your java virtual machine.
For example you can import key+certificate from PKCS12 format (extensions .p12 or .pfx in Windows world).
keytool -importkeystore -srckeystore server.p12 -srcstoretype pkcs12 -destkeystore server.jks -deststoretype jks
If you have key and certificate in PEM format you can easily convert it to pkcs12 with openssl
#Join key, certificate and certs of certification authority to one file
cat server_key.pem server_cert.pem server_cacert.pem > server.pem
#Convert to PKCS12
openssl pkcs12 -export -out server.p12 -in server.pemRelevant links:
http://download.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html
http://www.herongyang.com/crypto/Key_Formats_PKCS8_PKCS12_4.html
http://mindprod.com/jgloss/keytoolexe.html#EXPORTING
http://www.agentbob.info/agentbob/79-AB.html