windows registry – office activation with kms fails (ERROR CODE: 0x80070005)

I tried to activate my office with a persnoak working kms of mine.

c:Program FilesMicrosoft OfficeOffice16>cscript ospp.vbs /act
Microsoft (R) Windows Script Host Version 5.812
Copyright (C) Microsoft Corporation. All rights reserved.

---Processing--------------------------
---------------------------------------
Installed product key detected - attempting to activate the following product:
SKU ID: 85dd8b5f-eaa4-4af3-a628-cce9e77c9a03
LICENSE NAME: Office 19, Office19ProPlus2019VL_KMS_Client_AE edition
LICENSE DESCRIPTION: Office 19, VOLUME_KMSCLIENT channel
Last 5 characters of installed product key: 6MWKP
ERROR CODE: 0x80070005
ERROR DESCRIPTION: Run the following: cscript ospp.vbs /ddescr:0x80070005
NOTICE: A KB article has been detected for activation failure: 0x80070005
FOR MORE INFORMATION PLEASE VISIT: https://support.microsoft.com/kb/2870357#Error0x80070005
---------------------------------------
---------------------------------------
---Exiting-----------------------------

I checked in the web and I tried to change the key’s permission in safe mode:

ComputerHKEY_USERSS-1-5-20

I tried to enable network service full control and checked the option to change all the subkeys.
and I get the error that registry editor cannot set security in the key selected , or some of its subkeys.

does anyone have a clue how to solve this issue? the office activation fails.

KMS Key Exposure

I’ve found some KMS key exposed in some code and am wondering what exactly the severity would be.

What could an attacker achieve by having this key?

Can a KMS manage an Asymmetric Keypair on another platform?

Can a KMS manage an Asymmetric Keypair on another platform?
i.e. the keypair has expired its effective crypto period and needs to be replaced by a new key pair.
And if so how is this done?

encryption – AWS KMS Data Key Rotation

I am using AWS KMS as a vault for my encryption key. Now what I am doing is that I am creating one data key, encrypt it using Customer Managed CMKs.

Now on every request, I just call AWS KMS Service to decrypt the data key and from the data key, I encrypt/decrypt the data.

I am using this to encrypt/decrypt the database fields for PII.
For encryption/decryption, using AES-256.
Now how would data key rotation works? Suppose I have 1 million emails which I have encrypted using DataKeyA. Now key rotation happens and new data key is DataKeyB. Now how do previous emails will decrypt. Or do I have to re-encrypt those prev 1 million email with DataKeyB?

Is it even necessary to rotate the data key? Or rotating master key every year is sufficient.

Windows App – KMS / 2038 & Digital Activation Suite and Online 8.1 | NulledTeam UnderGround

Size of the file: 2.1 MB

This tool includes 4 different activation methods. Activations KMS Inject, Digital, KMS 2038 and online. During the creation of this script, the script of abbodi1406 is referenced. Thank you so much. Some security programs report infected files, which is false positive because of KMS emulation.

NOTE: The Windivert and Digital Activation methods do not contain viruses.
If you use these tools, delete any other KMS solution and temporarily disable Audiovisual Security Protection.

$ OEM $ Activation About:
3 methods are also compatible with $ OEM $ activation.
To pre-activate the system during installation, copy the $ OEM $ folder to the "sources" folder of the installation media (iso / usb).
The $ OEM $ activation method also activates the KMS task scheduling system during installation. (numeric activation method and KMS2038 except)

SUPPORTED MICROSOFT PRODUCTS:
* Windows 7 (VL) / 8 / 8.1 / 10
* Windows Server 2008 R2 / 2012/2012 R2 / 2016/2019
* Office 2010/2013/2016/2019 (VL)

MICROSOFT PRODUCTS NON SUPPORTS:
* Office Retail (Volume License Certificates Supported When They Are Installed)
* Windows 7 (Starter, HomeBasic, HomePremium, Ultimate)
* Windows 10 (Cloud S, unique professional language)
* Windows Server (Server Foundation, Storage Server, Home Server 2011)

What's up:
– "Trusted Installer" rights preventing unattended settings from running in all CMD script files have been removed.
– All files and folders required in the KMS Suite menu are compressed to TXT format. (Https://github.com/aveyo/compressed2txt)

HOME PAGE

Download from UploadGig

Download from RapidgatorDownload from Nitroflare

A flawless stay

windows – KMS activation for a machine rarely present on the site

We are an employee who is about to change roles. They move to another state and we accommodate them by allowing them to switch to a remote position. After the change, the employee will return to the site only a few times a year, with a duration of up to 8 months between visits.

We would like to allow the employee to continue using his attached laptop at a current domain for the rest of his life. However, this laptop has been configured with Windows Enterprise. I do not have a MAK key for Enterprise Edition in the Volume Licensing Service Center (only Professional, although we have a license for Enterprise) and we do not provide VPN or similar access to allow activation of KMS remotely.

Other employees with similar roles (there are only two at the present time) have been set up by manually installing Professional Edition on their laptops when they were first hired, rather than in the same place. Provisioning via our WIM image, so we can use MAK keys. The new ride puts an existing employee in transition without having the opportunity to rebuild the machine.

How to ensure the satisfaction of Windows during the remaining three years of life of this laptop?

Encryption – Can not create a KMS encrypted PVC in the cloud in GCP: googleapi: Error 400: Invalid resource usage

I am trying to configure CMEK in my cluster according to the details mentioned here:
https://cloud.google.com/kubernetes-engine/docs/how-to/dynamic-provisioning-cmek#dynamically_provision_an_encrypted

I deployed the Compute Engine persistent disk disk CSI driver on my cluster by following the steps outlined in:
https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver/blob/master/docs/kubernetes/development.md

I then created the key / key ring and storage class below:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: csi-gce-pd
provisioner: pd.csi.storage.gke.io
parameters:
  type: pd-standard
  disk-encryption-kms-key: "projects/xx/locations/us-central1/keyRings/xx/cryptoKeys/xx

Below, YAML for PVC:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: encrypt-pvc
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: csi-gce-pd
  resources:
    requests:
      storage: 5Gi

However, when I apply PVC YAML, it fails with the error below and the status of PVC will be pending:

Name:          encrypted-pvc
Namespace:     gce-pd-csi-driver
StorageClass:  csi-gce-pd
Status:        Pending
Volume:
Labels:        
Annotations:   kubectl.kubernetes.io/last-applied-configuration:
                 {"apiVersion":"v1","kind":"PersistentVolumeClaim","metadata":{"annotations":{"volume.beta.kubernetes.io/storage-class":"csi-gce-pd"},"nam...
               volume.beta.kubernetes.io/storage-class: csi-gce-pd
               volume.beta.kubernetes.io/storage-provisioner: pd.csi.storage.gke.io
Finalizers:    (kubernetes.io/pvc-protection)
Capacity:
Access Modes:
VolumeMode:    Filesystem
Mounted By:    
Events:
  Type     Reason                Age               From                                                                                Message
  ----     ------                ----              ----                                                                                -------
  Normal   Provisioning          4s (x3 over 15s)  pd.csi.storage.gke.io_csi-gce-pd-controller-0_5c51fedd-8092-4c71-aca9-5a13b566bb8a  External provisioner is provisioning volume for claim "gce-pd-csi-driver/encrypted-pvc"
  Normal   ExternalProvisioning  2s (x2 over 15s)  persistentvolume-controller                                                         waiting for a volume to be created, either by external provisioner "pd.csi.storage.gke.io" or manually created by system administrator
  Warning  ProvisioningFailed    0s (x3 over 11s)  pd.csi.storage.gke.io_csi-gce-pd-controller-0_5c51fedd-8092-4c71-aca9-5a13b566bb8a  failed to provision volume with StorageClass "csi-gce-pd": rpc error: code = Internal desc = CreateVolume failed to create single zonal disk "pvc-1524bf19-f6f1-11e9-a706-4201ac100007": failed to insert zonal disk: unkown Insert disk error: googleapi: Error 400: Invalid resource usage: 'Cloud KMS error when using key projects/acn-devopsgcp/locations/us-central1/keyRings/testkeyring1/cryptoKeys/testkey1: Permission 'cloudkms.cryptoKeyVersions.useToEncrypt' denied on resource 'projects/acn-devopsgcp/locations/us-central1/keyRings/testkeyring1/cryptoKeys/testkey1' (or it may not exist).'., invalidResourceUsage

I have assigned the roles below to the service account and the KMS key resource identifier is also correct.
Cloud KMS CryptoKey Encrypter / Decrypter
KMS encryption CryptoKey Encrypter
Cloud KMS CryptoKey Decrypter

Kubectl version:

Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:18:23Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"14+", GitVersion:"v1.14.7-gke.10", GitCommit:"8cea5f8ae165065f0d35e5de5dfa2f73617f02d1", GitTreeState:"clean", BuildDate:"2019-10-05T00:08:10Z", GoVersion:"go1.12.9b4", Compiler:"gc", Platform:"linux/amd64"}

Public aws: kms: the decryption chain can be a security problem?

I have this string "password": "{{aws: kms: decrypt: (text encoded in base64)" "}} public on my github!

Can this be a security problem?

If yes / no can any one explain to me please?

KMS / 2038 and digital activation suite and online v7.6 | NulledTeam UnderGround

KMS / 2038 and digital activation suite and online v7.6 | Size of the file: 2.2 MBA flawless stay

This tool includes 4 different activation methods. Activations KMS Inject, Digital, KMS 2038 and online. During the creation of this script, the abbodi1406s script is referenced. Thank you so much. Some security programs report infected files, which is false positive because of KMS emulation.

NOTE: The Windivert and Digital Activation methods do not contain viruses.
If you use these tools, delete any other KMS solution and temporarily disable Audiovisual Security Protection.

$ OEM $ Activation About:
3 methods are also compatible with $ OEM $ activation.
To pre-activate the system during installation, copy the $ OEM $ folder to the "sources" folder of the installation media (iso / usb).
The $ OEM $ activation method also activates the KMS task scheduling system during installation. (numeric activation method and KMS2038 except)

SUPPORTED MICROSOFT PRODUCTS:
* Windows 7 (VL) / 8 / 8.1 / 10
* Windows Server 2008 R2 / 2012/2012 R2 / 2016/2019
* Office 2010/2013/2016/2019 (VL)

MICROSOFT PRODUCTS NON SUPPORTS:
* Office Retail (Volume License Certificates Supported When They Are Installed)
* Windows 7 (Starter, HomeBasic, HomePremium, Ultimate)
* Windows 10 (Cloud S, unique professional language)
* Windows Server (Server Foundation, Storage Server, Home Server 2011)

What's up:
– Added digital activation support for IoEnterprise.
– Some improvements have been made to cmd scripts in all methods.

Home page

Encryption – What is Cloud KMS? What is his purpose / advantage of KMS? How it works? How can I use it? (AWS KMS, KMS GCP, Azure Key Vault)

What is the purpose / benefit of KMS?

  1. The KMS prevents the leakage of decryption keys, similar to an HSM, but HSMs are expensive and difficult to use. KMSs are inexpensive and easy to use because they have API endpoints.
  2. KMS shifts the problem of access control to encrypted data from a decryption key management problem (where granular access to impossible access and the ability to revoke it) is replaced by a identity and access management problem (where ACLs can be used to easily manage access, grant granular access, etc. and revoke access.)
  3. Increased auditability and control of access to encrypted data.

Give me a concrete example of a problem that KMS solves and has the advantage of using KMS:

KMS allows you to securely store encrypted secrets in git, so as to avoid leakage of decryption keys. You can control access to encrypted secrets at a specific level and revoke access without having to modify encrypted files.

What is Cloud KMS? How it works?

KMS is an encryption technique that corrects symmetric, asymmetric and HSM encryption faults. This is the basis of future encryption techniques such as encryption anchors.

Abrupt evolution of cryptography

  1. Symmetric encryption keys:
    • The long password is used for both encryption and decryption.
  2. Pairs of public-private key of asymmetric encryption:
    • The public key encrypts the data, the private key decrypts the encrypted data with the public key.
  3. HSM (hardware security modules):
    • Make sure the private key is not disclosed.
    • HSMs are expensive.
    • HSMs are not user friendly or automation.
  4. KMS Cloud (Key Management Services):
    • KMS is a trusted service that encrypts and decrypts data on behalf of customers. It essentially allows a user or machine to encrypt and decrypt data using their identity rather than encryption / decryption keys. (A client authenticates with a KMS, which verifies its identity against an ACL .If it has decryption rights, it can send encrypted data in a request to the KMS, which then decrypt them on behalf of the client and send the decrypted data to the client through a secure TLS tunnel.)
    • KMS are cheap.
    • KMS are exposed via the REST API, which makes them easy to use and automate.
    • KMS are extremely secure, they allow to spend a decade without leaving a key decryption.
    • The invention of the KMS encryption technique introduced 3 deadly features:
      1. When responding to a known violation:
        Before KMS decryption keys are disclosed: You can not revoke a decryption key, which means that you need to rotate multiple decryption keys, re-encrypt all data with the new keys, and try your best to purge the keys. old encrypted data. While doing all of this, you will have to struggle with management to get permission to cause downtime for multiple production systems, minimize downtime, and even if everything is well done, you may not be able to completely purge old encrypted data, as in the case of git history, and backups.
        After KMS, the identity information that has been disclosed is disclosed: the identity information can be revoked, it is useless. The nightmare of re-encrypting the data and purging the old encrypted data disappears. You must always rotate the secrets (identification information as opposed to decryption key), but the act of rotation becomes economical enough to be automated and planned as a preventative.
      2. The management of encrypted data goes from an impossible task involving distributed decryption keys to a trivial task of managing a centralized access control list. It is now possible to easily revoke, edit and assign granular access to encrypted data; and, as a bonus, since the KMS Cloud, IAM, and SSO federations integrate, you can leverage pre-existing user identities.
      3. Cryptographic anchoring techniques become possible:
        • Network Access Control Lists can be applied to the KMS so that data can only be decrypted in your environment.
        • KMS decryption rates can be monitored for a baseline. When an abnormal rate occurs, alerts and a rate limit can be triggered.
    • KMS decryption keys can be secured by an HSM.
    • The leakage possibilities of the decryption keys are practically nil because the clients do not interact directly with the decryption keys.
    • Cloud computing providers can afford to hire the best security professionals and implement the costly business processes necessary to keep key systems as secure as possible. Thus, the possibilities of leakage of the main keys are also almost zero.

How to use KMS?

  • Mozilla SOPS is a tool that encapsulates / summarizes the KMS, it is ideal for securely storing encrypted secrets in git.
  • Helm Secrets Plugin encapsulates Mozilla SOPS to allow you to securely store encrypted Kubernetes yubls in git, and then, when to apply them, the secret values ​​are decrypted transparently at the last minute, just before they happen. pass into a TLS tunnel encrypted directly on kube-apiserver, then Kubernetes can use KMS to encrypt Kubernetes secrets again, so that they are encrypted in a database etcd.
  • You can use it with any tool, independent of the cloud, click here to learn more.