public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] {OT} Can I retrieve my SSL key?
@ 2011-08-18  1:23 Grant
  2011-08-18  1:27 ` Michael Mol
  2011-08-18 10:09 ` Andrea Conti
  0 siblings, 2 replies; 10+ messages in thread
From: Grant @ 2011-08-18  1:23 UTC (permalink / raw
  To: Gentoo mailing list

I just accidentally overwrote my SSL certificate key.  Is there any
way to retrieve it?  Possibly some sort of export since I haven't
restarted apache2 yet?

- Grant



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] {OT} Can I retrieve my SSL key?
  2011-08-18  1:23 [gentoo-user] {OT} Can I retrieve my SSL key? Grant
@ 2011-08-18  1:27 ` Michael Mol
  2011-08-18  1:37   ` Grant
  2011-08-18 10:09 ` Andrea Conti
  1 sibling, 1 reply; 10+ messages in thread
From: Michael Mol @ 2011-08-18  1:27 UTC (permalink / raw
  To: gentoo-user

On Wed, Aug 17, 2011 at 9:23 PM, Grant <emailgrant@gmail.com> wrote:
> I just accidentally overwrote my SSL certificate key.  Is there any
> way to retrieve it?  Possibly some sort of export since I haven't
> restarted apache2 yet?

What, exactly, did you do that caused the overwrite?


-- 
:wq



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] {OT} Can I retrieve my SSL key?
  2011-08-18  1:27 ` Michael Mol
@ 2011-08-18  1:37   ` Grant
  2011-08-18  1:45     ` Francisco Blas Izquierdo Riera (klondike)
  0 siblings, 1 reply; 10+ messages in thread
From: Grant @ 2011-08-18  1:37 UTC (permalink / raw
  To: gentoo-user

>> I just accidentally overwrote my SSL certificate key.  Is there any
>> way to retrieve it?  Possibly some sort of export since I haven't
>> restarted apache2 yet?
>
> What, exactly, did you do that caused the overwrite?

I generated a new key but used the wrong filename so it overwrote a
key that has an associated certificate.

- Grant



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] {OT} Can I retrieve my SSL key?
  2011-08-18  1:37   ` Grant
@ 2011-08-18  1:45     ` Francisco Blas Izquierdo Riera (klondike)
  2011-08-18  1:59       ` Grant
                         ` (2 more replies)
  0 siblings, 3 replies; 10+ messages in thread
From: Francisco Blas Izquierdo Riera (klondike) @ 2011-08-18  1:45 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 529 bytes --]

El 18/08/11 03:37, Grant escribió:
>>> I just accidentally overwrote my SSL certificate key.  Is there any
>>> way to retrieve it?  Possibly some sort of export since I haven't
>>> restarted apache2 yet?
>> What, exactly, did you do that caused the overwrite?
> I generated a new key but used the wrong filename so it overwrote a
> key that has an associated certificate.
Hopefully you can still ext3undelete it Worst case you have to parse the
whole disk looking for a pattern with a custom C program (AHH the pain!)


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] {OT} Can I retrieve my SSL key?
  2011-08-18  1:45     ` Francisco Blas Izquierdo Riera (klondike)
@ 2011-08-18  1:59       ` Grant
  2011-08-18  2:24       ` Michael Mol
  2011-08-18  8:36       ` Neil Bothwick
  2 siblings, 0 replies; 10+ messages in thread
From: Grant @ 2011-08-18  1:59 UTC (permalink / raw
  To: gentoo-user

>>>> I just accidentally overwrote my SSL certificate key.  Is there any
>>>> way to retrieve it?  Possibly some sort of export since I haven't
>>>> restarted apache2 yet?
>>> What, exactly, did you do that caused the overwrite?
>> I generated a new key but used the wrong filename so it overwrote a
>> key that has an associated certificate.
> Hopefully you can still ext3undelete it Worst case you have to parse the
> whole disk looking for a pattern with a custom C program (AHH the pain!)

Got it.  I'll contact the certificate issuer to see if there's
anything I can do.

- Grant



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] {OT} Can I retrieve my SSL key?
  2011-08-18  1:45     ` Francisco Blas Izquierdo Riera (klondike)
  2011-08-18  1:59       ` Grant
@ 2011-08-18  2:24       ` Michael Mol
  2011-08-18  7:18         ` Matthew Finkel
  2011-08-18  8:36       ` Neil Bothwick
  2 siblings, 1 reply; 10+ messages in thread
From: Michael Mol @ 2011-08-18  2:24 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 744 bytes --]

On Wed, Aug 17, 2011 at 9:45 PM, Francisco Blas Izquierdo Riera (klondike) <
klondike@gentoo.org> wrote:

> El 18/08/11 03:37, Grant escribió:
> >>> I just accidentally overwrote my SSL certificate key.  Is there any
> >>> way to retrieve it?  Possibly some sort of export since I haven't
> >>> restarted apache2 yet?
> >> What, exactly, did you do that caused the overwrite?
> > I generated a new key but used the wrong filename so it overwrote a
> > key that has an associated certificate.
> Hopefully you can still ext3undelete it Worst case you have to parse the
> whole disk looking for a pattern with a custom C program (AHH the pain!)
>
> There are file carver tools I've not had any luck with them, though.


-- 
:wq

[-- Attachment #2: Type: text/html, Size: 1108 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] {OT} Can I retrieve my SSL key?
  2011-08-18  2:24       ` Michael Mol
@ 2011-08-18  7:18         ` Matthew Finkel
  0 siblings, 0 replies; 10+ messages in thread
From: Matthew Finkel @ 2011-08-18  7:18 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 1446 bytes --]

On Wed, Aug 17, 2011 at 10:24 PM, Michael Mol <mikemol@gmail.com> wrote:

> On Wed, Aug 17, 2011 at 9:45 PM, Francisco Blas Izquierdo Riera (klondike)
> <klondike@gentoo.org> wrote:
>
>> El 18/08/11 03:37, Grant escribió:
>> >>> I just accidentally overwrote my SSL certificate key.  Is there any
>> >>> way to retrieve it?  Possibly some sort of export since I haven't
>> >>> restarted apache2 yet?
>> >> What, exactly, did you do that caused the overwrite?
>> > I generated a new key but used the wrong filename so it overwrote a
>> > key that has an associated certificate.
>> Hopefully you can still ext3undelete it Worst case you have to parse the
>> whole disk looking for a pattern with a custom C program (AHH the pain!)
>>
>> There are file carver tools I've not had any luck with them, though.
>
>
> --
> :wq
>


As Francisco mentioned, depending on the filesystem you're using, there may
exist an 'undelete' tool which came with the util package. If not, then
assuming you have at least a few gigs of free space on your drive/partition
the chances that the file was /actually/ overwritten are quite slim, so the
cert is most likely still there. Any decent "data recovery" program should
be able to find it (and just about every single other file you've ever
deleted). I wish I could recommend one, but I thankfully have not needed one
recently (hopefully this won't jinx it :) ).

Good Luck!

- Matt

[-- Attachment #2: Type: text/html, Size: 2177 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] {OT} Can I retrieve my SSL key?
  2011-08-18  1:45     ` Francisco Blas Izquierdo Riera (klondike)
  2011-08-18  1:59       ` Grant
  2011-08-18  2:24       ` Michael Mol
@ 2011-08-18  8:36       ` Neil Bothwick
  2011-08-18  9:41         ` Adam Carter
  2 siblings, 1 reply; 10+ messages in thread
From: Neil Bothwick @ 2011-08-18  8:36 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 653 bytes --]

On Thu, 18 Aug 2011 03:45:11 +0200, Francisco Blas Izquierdo Riera
(klondike) wrote:

> > I generated a new key but used the wrong filename so it overwrote a
> > key that has an associated certificate.  
> Hopefully you can still ext3undelete it Worst case you have to parse the
> whole disk looking for a pattern with a custom C program (AHH the pain!)

photorec, from the testdisk package, will retrieve all files from a
filesystem, deleted or otherwise. However it doesn't retrieve the names
so finding the right one will be fun :-O Grep will help immensely.


-- 
Neil Bothwick

FINE: Tax for doing wrong. Tax: fine for doing fine.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] {OT} Can I retrieve my SSL key?
  2011-08-18  8:36       ` Neil Bothwick
@ 2011-08-18  9:41         ` Adam Carter
  0 siblings, 0 replies; 10+ messages in thread
From: Adam Carter @ 2011-08-18  9:41 UTC (permalink / raw
  To: gentoo-user

> photorec, from the testdisk package, will retrieve all files from a
> filesystem, deleted or otherwise. However it doesn't retrieve the names
> so finding the right one will be fun :-O Grep will help immensely.

This implies that the new file data is not written over to the top of
the old file - is that typically the case? Is it file system
dependent?

Is the file overwrite something like;
- write new file data to spare blocks
- move filename (hardlink) to point to the new block location



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [gentoo-user] {OT} Can I retrieve my SSL key?
  2011-08-18  1:23 [gentoo-user] {OT} Can I retrieve my SSL key? Grant
  2011-08-18  1:27 ` Michael Mol
@ 2011-08-18 10:09 ` Andrea Conti
  1 sibling, 0 replies; 10+ messages in thread
From: Andrea Conti @ 2011-08-18 10:09 UTC (permalink / raw
  To: gentoo-user

On 18/08/11 03.23, Grant wrote:
> I just accidentally overwrote my SSL certificate key.  Is there any
> way to retrieve it?  Possibly some sort of export since I haven't
> restarted apache2 yet?

If apache keeps the certificate file open after reading it (I doubt
that's the case, but if you have lsof installed you should check just to
make sure) and you didn't restart it, you could try this method:

http://computer-forensics.sans.org/blog/2009/01/27/recovering-open-but-unlinked-file-data

Otherwise, assuming you're on ext2/ext3, ext3undel works quite well,
*provided that you stop any writes to the affected volume ASAP*, e.g. by
remounting it read-only.

If the data hasn't been overwritten, carving tools should work too, as
the ASCII-armor of the certificate provides an easily recognizable
pattern and the file is almost certainly small enough to fit within a
single FS block.

andrea




^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2011-08-18 10:12 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-08-18  1:23 [gentoo-user] {OT} Can I retrieve my SSL key? Grant
2011-08-18  1:27 ` Michael Mol
2011-08-18  1:37   ` Grant
2011-08-18  1:45     ` Francisco Blas Izquierdo Riera (klondike)
2011-08-18  1:59       ` Grant
2011-08-18  2:24       ` Michael Mol
2011-08-18  7:18         ` Matthew Finkel
2011-08-18  8:36       ` Neil Bothwick
2011-08-18  9:41         ` Adam Carter
2011-08-18 10:09 ` Andrea Conti

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox