[gentoo-user] {OT} Can I retrieve my SSL key?

[gentoo-user] {OT} Can I retrieve my SSL key?

[Grant]

I just accidentally overwrote my SSL certificate key.  Is there any
way to retrieve it?  Possibly some sort of export since I haven't
restarted apache2 yet?

- Grant

Re: [gentoo-user] {OT} Can I retrieve my SSL key?

[Michael Mol]

On Wed, Aug 17, 2011 at 9:23 PM, Grant <emailgrant@gmail.com> wrote:
> I just accidentally overwrote my SSL certificate key.  Is there any
> way to retrieve it?  Possibly some sort of export since I haven't
> restarted apache2 yet?

What, exactly, did you do that caused the overwrite?


-- 
:wq

Re: [gentoo-user] {OT} Can I retrieve my SSL key?

[Grant]

>> I just accidentally overwrote my SSL certificate key.  Is there any
>> way to retrieve it?  Possibly some sort of export since I haven't
>> restarted apache2 yet?
>
> What, exactly, did you do that caused the overwrite?

I generated a new key but used the wrong filename so it overwrote a
key that has an associated certificate.

- Grant

Re: [gentoo-user] {OT} Can I retrieve my SSL key?

[Francisco Blas Izquierdo Riera (klondike)]

[-- Attachment #1: Type: text/plain, Size: 529 bytes --]

El 18/08/11 03:37, Grant escribió:
>>> I just accidentally overwrote my SSL certificate key.  Is there any
>>> way to retrieve it?  Possibly some sort of export since I haven't
>>> restarted apache2 yet?
>> What, exactly, did you do that caused the overwrite?
> I generated a new key but used the wrong filename so it overwrote a
> key that has an associated certificate.
Hopefully you can still ext3undelete it Worst case you have to parse the
whole disk looking for a pattern with a custom C program (AHH the pain!)


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]

Re: [gentoo-user] {OT} Can I retrieve my SSL key?

[Grant]

>>>> I just accidentally overwrote my SSL certificate key.  Is there any
>>>> way to retrieve it?  Possibly some sort of export since I haven't
>>>> restarted apache2 yet?
>>> What, exactly, did you do that caused the overwrite?
>> I generated a new key but used the wrong filename so it overwrote a
>> key that has an associated certificate.
> Hopefully you can still ext3undelete it Worst case you have to parse the
> whole disk looking for a pattern with a custom C program (AHH the pain!)

Got it.  I'll contact the certificate issuer to see if there's
anything I can do.

- Grant

Re: [gentoo-user] {OT} Can I retrieve my SSL key?

[Michael Mol]

[-- Attachment #1: Type: text/plain, Size: 744 bytes --]

On Wed, Aug 17, 2011 at 9:45 PM, Francisco Blas Izquierdo Riera (klondike) <
klondike@gentoo.org> wrote:

> El 18/08/11 03:37, Grant escribió:
> >>> I just accidentally overwrote my SSL certificate key.  Is there any
> >>> way to retrieve it?  Possibly some sort of export since I haven't
> >>> restarted apache2 yet?
> >> What, exactly, did you do that caused the overwrite?
> > I generated a new key but used the wrong filename so it overwrote a
> > key that has an associated certificate.
> Hopefully you can still ext3undelete it Worst case you have to parse the
> whole disk looking for a pattern with a custom C program (AHH the pain!)
>
> There are file carver tools I've not had any luck with them, though.


-- 
:wq

[-- Attachment #2: Type: text/html, Size: 1108 bytes --]

Re: [gentoo-user] {OT} Can I retrieve my SSL key?

[Matthew Finkel]

[-- Attachment #1: Type: text/plain, Size: 1446 bytes --]

On Wed, Aug 17, 2011 at 10:24 PM, Michael Mol <mikemol@gmail.com> wrote:

> On Wed, Aug 17, 2011 at 9:45 PM, Francisco Blas Izquierdo Riera (klondike)
> <klondike@gentoo.org> wrote:
>
>> El 18/08/11 03:37, Grant escribió:
>> >>> I just accidentally overwrote my SSL certificate key.  Is there any
>> >>> way to retrieve it?  Possibly some sort of export since I haven't
>> >>> restarted apache2 yet?
>> >> What, exactly, did you do that caused the overwrite?
>> > I generated a new key but used the wrong filename so it overwrote a
>> > key that has an associated certificate.
>> Hopefully you can still ext3undelete it Worst case you have to parse the
>> whole disk looking for a pattern with a custom C program (AHH the pain!)
>>
>> There are file carver tools I've not had any luck with them, though.
>
>
> --
> :wq
>


As Francisco mentioned, depending on the filesystem you're using, there may
exist an 'undelete' tool which came with the util package. If not, then
assuming you have at least a few gigs of free space on your drive/partition
the chances that the file was /actually/ overwritten are quite slim, so the
cert is most likely still there. Any decent "data recovery" program should
be able to find it (and just about every single other file you've ever
deleted). I wish I could recommend one, but I thankfully have not needed one
recently (hopefully this won't jinx it :) ).

Good Luck!

- Matt

[-- Attachment #2: Type: text/html, Size: 2177 bytes --]

Re: [gentoo-user] {OT} Can I retrieve my SSL key?

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 653 bytes --]

On Thu, 18 Aug 2011 03:45:11 +0200, Francisco Blas Izquierdo Riera
(klondike) wrote:

> > I generated a new key but used the wrong filename so it overwrote a
> > key that has an associated certificate.  
> Hopefully you can still ext3undelete it Worst case you have to parse the
> whole disk looking for a pattern with a custom C program (AHH the pain!)

photorec, from the testdisk package, will retrieve all files from a
filesystem, deleted or otherwise. However it doesn't retrieve the names
so finding the right one will be fun :-O Grep will help immensely.


-- 
Neil Bothwick

FINE: Tax for doing wrong. Tax: fine for doing fine.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] {OT} Can I retrieve my SSL key?

[Adam Carter]

> photorec, from the testdisk package, will retrieve all files from a
> filesystem, deleted or otherwise. However it doesn't retrieve the names
> so finding the right one will be fun :-O Grep will help immensely.

This implies that the new file data is not written over to the top of
the old file - is that typically the case? Is it file system
dependent?

Is the file overwrite something like;
- write new file data to spare blocks
- move filename (hardlink) to point to the new block location

Re: [gentoo-user] {OT} Can I retrieve my SSL key?

[Andrea Conti]

On 18/08/11 03.23, Grant wrote:
> I just accidentally overwrote my SSL certificate key.  Is there any
> way to retrieve it?  Possibly some sort of export since I haven't
> restarted apache2 yet?

If apache keeps the certificate file open after reading it (I doubt
that's the case, but if you have lsof installed you should check just to
make sure) and you didn't restart it, you could try this method:

http://computer-forensics.sans.org/blog/2009/01/27/recovering-open-but-unlinked-file-data

Otherwise, assuming you're on ext2/ext3, ext3undel works quite well,
*provided that you stop any writes to the affected volume ASAP*, e.g. by
remounting it read-only.

If the data hasn't been overwritten, carving tools should work too, as
the ASCII-armor of the certificate provides an easily recognizable
pattern and the file is almost certainly small enough to fit within a
single FS block.

andrea