Data Sanitization

I found some interesting materials to the topic of data sanitization:

Magnetic Media - (Peter Gutmann - oldies but interesting):
- note the old drives, low density, MFM/LCC - able to recover complements by osciloscipe reading
- read epilogue - 35-vodoo overwriting scheme not necessary for modern drives, radom data would do the trick

Semiconductors (Peter Gutmann - SRAM, DRAM,EEPROM, FLASH ...)

And recommended tools :D by Peter:

Data remanence
- Feasibility of recovery

Microscopy of HDD data
- micro imaging would take at least weeks on todays high density high volume drives


DoD 5220.22-M NISPOM
8-306. Maintenance - Clearing and Sanitization Matrix
d. Overwrite all addressable locations with a character, its complement, then a random character and verify. THIS METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET INFORMATION.


Degausser for HDD - maybe we could use one for broken drives:

Additional topics:
HPA and DCO protected areas on ATA drives

My personal conclusions:
Working drives:
- even one verified zero overwrite the drive should be good enough for "For Internal Use" data.
- actually this is what "ATA Secure Erase" does
- even one random data overwrite the drive should be good enough for pretty much everything
- I find it highly non-economical to invest so much money and effort to read overwritten data
- DoD 5220.22-M with 3 overwrites - to be on safe side from audit

Broken drives:
- if suffering from badblocks "ATA Enhanced Secure Erase" still might help - although no fancy logs or reports of results
- hammer and drill is your friend :) for completely non-working discs
- I was surprised that HDD degaussers are quite affordable


Using java keytool to import private key into JKS java keystore

I got question how to import the private key to JKS keystore.
According to some resources it is not possible with standard tools.

Answer is to use the -importkeystore option of java keytool. Keytool allows conversion between the different keystore types which are currently known to your java virtual machine.
For example you can import key+certificate from PKCS12 format (extensions .p12 or .pfx in Windows world).

keytool -importkeystore -srckeystore server.p12 -srcstoretype pkcs12 -destkeystore server.jks -deststoretype jks

If you have key and certificate in PEM format you can easily convert it to pkcs12 with openssl
#Join key, certificate and certs of certification authority to one file
cat server_key.pem server_cert.pem server_cacert.pem > server.pem
#Convert to PKCS12
openssl pkcs12 -export -out server.p12 -in server.pem

Relevant links: