Pages:
Author

Topic: GLBSE's latest updates (an early Christmas present for non-techies) - page 6. (Read 24071 times)

full member
Activity: 133
Merit: 100
is there a problem with the generate new key pair when registering on the web because every time i try it i get a blank pop up with an ok button, and when i click that nothing happens.
member
Activity: 105
Merit: 10
Spreading Bitcoin love
this is what i get back when typing in command line.  yes i used my "name" and "mypass" but want to hide them here:


C:\Users\name>openssl rsa -in .blackmarket3.rsa -out .blackmarket3-non-AES.rsa -passin pass:mypass
'openssl' is not recognized as an internal or external command,
operable program or batch file.

I had this same problem on my Win 7 machine, but got it fixed.

I dug around my HD and found a directory called "OpenSSL-Win32" inside that there is a directory called "bin". I went in there and found the openssl.exe file. I copied my blackmarket3.rsa file into the bin directory and then just used the same command nefario posted "openssl etc etc" and it worked fine.

Solved my problem!

Thanks!
member
Activity: 105
Merit: 10
Spreading Bitcoin love


RSA file decrypt using openssl
Make sure you're in the same directory as your .blackmarket3.rsa file
Code:
openssl rsa -in .blackmarket3.rsa -out .blackmarket3-non-AES.rsa -passin pass:mypass
replace mypass with your password

.blackmarket3-non-AES.rsa contains your private key, copy pasta to the textbox and enter your userid, and hit login.

Your private key is not at any time sent to the server.

Register
The secure way to register is to generate your own public-private RSA keypair using openssl(if it's installed on your system), and then copy/paste them in before hitting register.

See here for more info on how to do that, but forget the -des3 part from that.

The unsecure method is to have our server do this for you and fill in the fields automatically by pressing the Generate new keypair.

It's handy but remember, all that information is sent in plain text over the internet so anyone listening (ECHELON) will have a copy. You're choice.

And don't lose that information, keep your private key safely stored, and don't lose your user id.

You can start trading with the client right now.

Start here

Oh by the way, private key formating is important.
Code:
-----END RSA PRIVATE KEY-----
Should be on a newline.




Non techies die at this point.
Huh?

What? Huh
hero member
Activity: 826
Merit: 1000
Hey Nefario,

Are you actually making changes or are are you just checking the security? If making changes, did you find any vulnerabilities or are you just adding security just in case?

Hey Peter, did a code review trying to find areas that might be exploitable, made a few changes(nothing big AFAICT).
And adding security.

Trying to separate and comparmentalise different areas of functionality, kind of defence in depth.

To be honest I'm not an expert in implementing these things, which is one of the reasons it's taken so long.

The other reasons being that moving onto another machine was more work than planned, I'd not documented the setup process.

Coming along though, glbse.com is now all https. Now need to make the changes to the clients.

Will have the system up for maybe a day before I put any bitcoin in it. Just in case.

I'm also having someone check it over.

Nefario.

Is Doctor Nefario a trusted CA Root Certificate Issuer?  Wink
My browser says the certificate isn't trusted and that the certificate does not match the URL.

But out of curiosity and in all seriousness (on my part, other people may have other reasons), are you going to be getting a different ("trusted") certificate?
hero member
Activity: 602
Merit: 513
GLBSE Support [email protected]
Hey Nefario,

Are you actually making changes or are are you just checking the security? If making changes, did you find any vulnerabilities or are you just adding security just in case?

Hey Peter, did a code review trying to find areas that might be exploitable, made a few changes(nothing big AFAICT).
And adding security.

Trying to separate and comparmentalise different areas of functionality, kind of defence in depth.

To be honest I'm not an expert in implementing these things, which is one of the reasons it's taken so long.

The other reasons being that moving onto another machine was more work than planned, I'd not documented the setup process.

Coming along though, glbse.com is now all https. Now need to make the changes to the clients.

Will have the system up for maybe a day before I put any bitcoin in it. Just in case.

I'm also having someone check it over.

Nefario.
hero member
Activity: 602
Merit: 513
GLBSE Support [email protected]
Yeah, market is down ATM while I beef up security.

Nefario.
member
Activity: 84
Merit: 10
full member
Activity: 308
Merit: 100
Is the server up?
I'm trying to figure out if the server is down or if I have a problem internally.

The official site says thatthe server is down during reparations.
member
Activity: 84
Merit: 10
Is the server up?
I'm trying to figure out if the server is down or if I have a problem internally.
hero member
Activity: 994
Merit: 1000
nice client, couple suggestions:

list all assets on market
search/list asset by ticker
hero member
Activity: 609
Merit: 501
peace
I have used the open ssl (http://www.ghosthack.com/2007/01/openssl-generate-public-private-key.html) and deleted the -des3 part.

I ran the Private only and the Public from Private-
I now have 2 files, private.pem and public.pem

I registered with the copy/paste of these 2 files and noted the generated userid-

I attempted logging in with my userid and paste of my Private.pem

I get the Executing message followed by a FF error pop up as follows:



I have done something wrong? Can it be my FF version? 3.6.17

many thanks!
hero member
Activity: 602
Merit: 513
GLBSE Support [email protected]
I have added subticker symbols to the exchange.
You can now have sub ticker symbols.

For example the ticker mineco can have assets with the ticker symbol mineco.july, and mineco.aug and so on.

The symbols work in a way similar to domain names only backwards. The base symbol is first followed by the sub symbol.

Only the owner of the base ticker symbol can add a sub ticker using that ticker.

Using the register ticker, enter the full ticker to set the name. So if you want an asset with the ticker mineco.sept then enter the full name in.

Nefario.
hero member
Activity: 994
Merit: 501
PredX - AI-Powered Prediction Market
That is not my key (I am in another computer right now)

but it looks more or less like that

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDfnaXDy9v4q8PfV ....
-----END RSA PRIVATE KEY-----



Important to note, it DOES NOT have the "ENCRYPTED" word on it.
hero member
Activity: 602
Merit: 513
GLBSE Support [email protected]
Nefario,

when we logout we get taken back to login window with user id and private key still filled in.  this secure data should disappear.  even when i refresh the screen its still all filled in.

That's your browsers cache, the private key is never sent to the server.

By the way, were working on a way of making this easier, turning it into a saved html page acceisble through a bookmark.


speeder, could you post the first 3 lines from your private key, that include the RSA header and the line just below it please.

Nefario
legendary
Activity: 1764
Merit: 1002
Nefario,

when we logout we get taken back to login window with user id and private key still filled in.  this secure data should disappear.  even when i refresh the screen its still all filled in.
legendary
Activity: 1855
Merit: 1016
I guess so...

Finding the private key here was kinda a hassle (because in WinXP C:\USERS do not exist... specially in portuguese language edition).

To search any file in mountains of files i have, i use locate32 from this site.
http://www.locate32.net/
It is a very small portable program, works faster than windows search.
hero member
Activity: 994
Merit: 501
PredX - AI-Powered Prediction Market
I guess so...

Finding the private key here was kinda a hassle (because in WinXP C:\USERS do not exist... specially in portuguese language edition).
hero member
Activity: 602
Merit: 513
GLBSE Support [email protected]
I am using google chrome always.
Win 7 , 64 bit. I access all features in web client.

I too got after some time can't able to login, it gave error in a windows with text "object [object]"
Since the decrypt key contains un countable characters, even a mistake with clicking space key will change everything.
So, i deleted the file & again decrypt file & this time before opening, i made it READ ONLY & then opened with notepad & everything is smooth so far.

I need to make this easier to use!!!!
legendary
Activity: 1855
Merit: 1016
I am using google chrome always.
Win 7 , 64 bit. I access all features in web client.

I too got after some time can't able to login, it gave error in a windows with text "object [object]"
Since the decrypt key contains un countable characters, even a mistake with clicking space key will change everything.
So, i deleted the file & again decrypt file & this time before opening, i made it READ ONLY & then opened with notepad & everything is smooth so far.
hero member
Activity: 602
Merit: 513
GLBSE Support [email protected]
Yes, I already wrote that... I even checked decrypting with wrong password (it failed) to see if there was a error somewhere, and checked the newlines, and checked the CR/LF issue between DOS and Unix file styles...

It just refuse to work.

my login won't work on my Mac Firefox but will on my Win7 Firefox.

Now that is interesting...


I am using Chrome on WinXP

I wonder if the browsers are sending the CR/LF in a different way according to the OS that they are housed...

For gods sake, why can't something that should be simple, ACTUALLY be simple.

Why are we cursed with...cross platform differences!!!!
Pages:
Jump to: