"; */ ?>

software


22
Apr 08

Creating Public and Private Certificates/Keys

Public and Private Key PairHave you ever tried to communicate with somebody/something through any kind of technology? Most of the time “those” people/systems like privacy, in a way that they like their communication with everybody including you to be private. Hence once you want to communicate with them they give you something called a “public key” ( or “public-key certificate” ) and ask you to give them yours. Usually when you talk to different sources, nobody would guide you through on how to create that “public key” of yours, “they” would just want it, but you would be left alone to figure out how you should generate it.

Hence this little guide will show you one of many ways on how to generate a pair of X.509 public/private keys, and how to access this magic pair to get that “public key”, so it can be given to anyone who needs it.

First, let us throw a couple of sentences on how these keys are used. It is actually very simple – there is “YOU” and “THEY”:

  • YOU: generate a pair of public/private keys (where whatever is encrypted with your public key can only be decrypted with your private key)
  • YOU: hide your private key from everybody
  • YOU: give your public key to anybody who wants to communicate with you
  • THEY: generate a pair of public/private keys
  • THEY: hide their private key from everybody including YOU
  • THEY: give their public key to anybody who wants to communicate with them

Now when YOU and THEY have each others public keys and their own private keys communication may begin:

  • YOU: write your secret message, encrypt it with THEIR public key and send to them
  • THEY: receive your top secret message and using THEIR private key decrypt it
  • THEY: write you an answer, encrypt it with YOUR public key, and send to you
  • YOU: receive their top secret response and using YOUR private key decrypt it

Told you it is very simple!

Now let’s see how to do the magic – how to generate a pair of YOUR public and private keys.

There are number of ways – tools/libraries/code snippets/etc.. I would show you one of the simplest ways how this can be archived using a tool called… any guess? Yes – a “keytool” – make sense, right?

“keytool” is a java tool that has a great manual, and since its java – it’ll work on any OS that has JVM. In order to get/download a keytool, you just have to install Java (JRE) on your system (95% that you already have it installed, hence you can go ahead and use “keytool” without needing to install/download anything else).

Examples here are run on Linux (Ubuntu), but as long as you have Java installed, it does not really matter what OS you have to get the job done.

So, fire up the terminal (Windows’ “cmd”) and let’s generate a pair of public/private keys now:

$ keytool -genkey -alias otherguy -keypass p@ssw0rd -keystore our.keystore
Enter key store password: ksp@ssw0rd
 
You are about to enter information that will be incorporated into
your certificate request.  This information is what is called a
Distinguished Name or DN.  There are quite a few fields but you
can use supplied default values, displayed between brackets, by just
hitting <Enter>, or blank the field by entering the <.> character
before hitting <Enter>.
 
Common Name (hostname, IP, or your name): myname
Organization Name (company) [The Sample Company]: my company
Organizational Unit Name (department, division): department of departments
Locality Name (city, district) [Sydney]: gorodok
State or Province Name (full name) [NSW]: state of new noisy
Country Name (2 letter code) [AU]: zz

As you might figured already, a keystore is a small database, that we just created, that would hold all the keys (private/public) for many systems – right now we only have one pair, but later we can add more keys to the keystore. So let’s look at this keystore that we just generated:

$ ls -l
total 4
-rw-r--r-- 1 user group 1641 2008-04-22 20:46 our.keystore

But now you need to be able to access this “database” to get a public key, so you can share it with others. It is done by exporting this public key – again, very simple:

$ keytool -export -rfc -alias otherguy -file us-to-otherguy.cer -keystore our.keystore
Enter key store password: ksp@ssw0rd

let’s see what files we have now:

$ ls -l
 
total 8
-rw-r--r-- 1 user group 1641 2008-04-22 20:46 our.keystore
-rw-r--r-- 1 user group 1189 2008-04-22 20:48 us-to-otherguy.cer

And here it is (!) your public key certificate – “us-to-otherguy.cer”. Let’s see what’s inside:

$ cat us-to-otherguy.cer
-----BEGIN CERTIFICATE-----
MIIDQjCCAwGgAwIBAAIBATAJBgcqhkjOOAQDMIGGMQ8wDQYDVQQDDAZteW5hbWUxEzARBgNVBAoM
Cm15IGNvbXBhbnkxIjAgBgNVBAsMGWRlcGFydG1lbnQgb2YgZGVwYXJ0bWVudHMxEDAOBgNVBAcM
B2dvcm9kb2sxGzAZBgNVBAgMEnN0YXRlIG9mIG5ldyBub2lzeTELMAkGA1UEBgwCenowHhcNMDgw
NDIzMDA0NjM4WhcNMDgwNzIyMDA0NjM4WjCBhjEPMA0GA1UEAwwGbXluYW1lMRMwEQYDVQQKDApt
eSBjb21wYW55MSIwIAYDVQQLDBlkZXBhcnRtZW50IG9mIGRlcGFydG1lbnRzMRAwDgYDVQQHDAdn
b3JvZG9rMRswGQYDVQQIDBJzdGF0ZSBvZiBuZXcgbm9pc3kxCzAJBgNVBAYMAnp6MIIBuDCCASwG
ByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2N
WPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P2
08UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA
9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL
Zl6Ae1UlZAFMO/7PSSoDgYUAAoGBAPDA5E5GVGzMBw3IWldpyGBs8Dwr7ArYdNRIPH7veELcENhO
7jNdBinJ/JUCcY0XoIhNVXVNkyABpGsBISfGPwgv1meyLcs0DK6ndEDBYGH0Cwoahhtb7EBhcqWQ
kqojyVtPRdNTPd8cyPDjbOOapv65+8Xe0FQoCtJXWiwF8Z17MAkGByqGSM44BAMDMAAwLQIVAJHL
9Syzc8LIEp6uNjVI+f/ox4dhAhQOug96d7B5V/rGytlAJiml9f8Qqg==
-----END CERTIFICATE-----

that is exactly what you send to everybody else to encrypt their secret messages!

The last thing that I want to show you is how to see what’s inside the keytore database:

$ keytool -list -v -keystore our.keystore
Enter key store password: ksp@ssw0rd
Key store type: gkr
Key store provider: GNU-CRYPTO
 
Key store contains 1 entry(ies)
 
Alias name: otherguy
Creation timestamp: Tuesday April 22, 2008 AD - 8:46:38;616 o`clock PM EDT
Entry type: key-entry
Certificate chain length: 1
Certificate[1]:
Owner: CN=myname,O=my company,OU=department of departments,L=gorodok,ST=state of new noisy,C=zz
Issuer: CN=myname,O=my company,OU=department of departments,L=gorodok,ST=state of new noisy,C=zz
Serial number: 1
Valid from: Wednesday April 23, 2008 AD - 1:46:59;989 o`clock AM EDT
until: Tuesday July 22, 2008 AD - 1:46:59;990 o`clock AM EDT
Certificate fingerprints
MD5: BB:35:C0:6B:D0:B2:67:26:BF:AB:AD:5A:87:51:AA:32
SHA-160: 19:67:F9:8B:DF:52:24:4A:61:4D:76:1C:79:2E:4B:5B:8E:A8:AA:E1
 
*******************************************

Here you can see that a public certificate that we exported is ” Valid from: Wednesday April 23, 2008 until: Tuesday July 22, 2008″, hence 90 days. That means it will need to be changed in 90 days, which would also, of course mean you would have to issue a new certificate to all your contacts in 90 days. In order to change this time frame, when generating a keystore, just add a “-validity <number of days>”when generating keys:

$ keytool -genkey -alias otherguy -keypass p@ssw0rd -keystore our.keystore -validity 3600

that would create a pair valid for 3600 days from the current date.

What if somebody wants to share secret with you? Well, now you are ready! :)


9
Mar 08

Get Higher-Resolution YouTube Videos with a URL Hack

YouTube High Resolution URL HackYouTube announced in November that they would be testing out encoding videos at higher resolutions (and with higher-quality audio encoding). Now it appears that a small sampling of uploaded videos can already be seen at their higher resolutions, simply by adding a little tag to the end of the video’s URL. To get a noticeable bump in resolution on some clips, add &fmt=6 to the end of the address line. The trick, according to YouTube watchers, seems to work primarily with newer videos, and bumps the resolution from 320×240 to 448×336. Add &fmt=18 to the end of the URL, and you might get an MP4-encoded version, with better audio and a 480×360 resolution. Update: Now the Better YouTube Firefox extension includes this feature.


original source – “Google Systems
article source – “lifehacker.com


24
Feb 08

Install Maven Plugin for Eclipse

Installing a Maven Plugin for Eclipse can be a bit tricky if you want to get the whole spectrum of features. By default you would go to “Eclipse -> Help -> Software Updates -> Find and Install”, then “Search for new features to install”, then click on “New Remote Site”, and enter the Maven Projects name (e.g. Maven2Plugin) and its home URL there “http://m2eclipse.codehaus.org/“.

Once you install it at first everything would seem quite right. However, if you try “Import” a Maven Project, you will not see such an option in under the “General” menu, since it would be missing.

The reason for that is that “http://m2eclipse.codehaus.org/” brings in an old version of the plugin. (At the moment of writing) It brings in “Maven 2 Plugin 0.0.9”, whereas what you need is 0.0.12.

Hence you read the “Maven Integration for Eclipse” installation guide and point your “New Remote Site” to “http://m2eclipse.codehaus.org/update/” instead of “http://m2eclipse.codehaus.org/“. The one thing to be cautious about is an “update” link will try to also bring “subclipse” and “mylin” projects, hence you will need to “uncheck” them if you do not want to bring them:

Choosing only Maven dependency while installing Maven Plugin for Eclipse

Happy Maving everybody! :)


2
Feb 08

Discover Owners of SVCHOST.EXE

Microsoft Windows (any flavor) is known to be very secretive and dishonest when it comes to telling its user/client/owner what is taking up sooo much system resources, and answer the question “why is my Windows so slow?“.

If you take a closer look at your Windows system you will notice that many CPU cycles and megabytes of RAM belongs to the process with very non-descriptive name “svchost.exe“. You can go to windows task manager by pressing “Ctrl+Alt+Del” and choosing task manager (if it does not come up by itself), or by running “taskmgr” command in your run window “Start -> Run” (more about the second approach in this arcticle “Windows Commands: Think You Know It All !?). So here is an example of a Windows Task Manager:

windows task manager processes

(click on “Processes” tab to get to the same view)

This is a snapshot of a “clean” Windows that has just started with NO custom applications running (well besides “mspaint.exe” to get a snapshot, which is ultra small). And already you can see there are 6(!) “svchost.exe” processes that take up RAM and will take up a lot of CPU when you start your Internet Browser, e-mail client, MS Office, Games, etc…

But if you ask what these “svchost.exe” processes responsible for, who started them, and who is their owner, Windows will say: “You are an average Windows user, we exposed everything you need through window managers, if you are unhappy, well.. tough luck”. And that happens to most of people who use Windows, because most people who are technical enough will use something like Linux or if budget allows people would go for Mac.

So here is a simple howto, for all people who are still on Windows, on identifying and disabling owners of “svchost.exe”.

To see the owners follow these two simple steps:

  • Go to “Start->Run”
  • Type “cmd” and press “Enter”. Black command screen will pop up. (Don’t be afraid of it – it is your friend :) )
  • In this back command prompt (what people call it) type “tasklist /svc” and press “Enter”

You should see something similar to the picture below:

tasklist /svc - Discover owners of svchost.exe

Now you can actually see the “services” that are hidden behind this meaningless name “svchost.exe”. Well, that is one step forward, but now what?

Now you can go to Windows Service manager and read about each service that is using “svchost.exe”. Let’s do together:

  • Go to “Start->Run”
  • Type “services.mcs” and press “Enter”

windows start->run services.mcs

After you press “Enter”, you should see windows services manager:windows services manager

Browsing through the services you can read their description and decide whether or not you want the service to run.

There is another quicker way to enable/disable services, but without their descriptions:

  • Go to “Start->Run”
  • Type “msconfig” and press Enter

windows start->run msconfig

After pressing “Enter”, you should see “System Configuration Utility”:

msconfig -> System Configuration Utility

Click on “services” tab to get the above view. As you can see you can “check/uncheck” desired services to change their state from “Running” to “Stopped”. But if you unfamiliar with a particular service, read its description first in “windows services manager”, or google it, if it is not there.

Keep up a “clean” and fast Windows system, and good luck!


12
Jan 08

Make Internet Explorer Behave Like a Standard-Compliant Browser

Internet Explorer by W3 Standards

If you have ever done web development, especially web design, you know that almost 50% of all development time goes to make CSS work for all the browsers. And, of course, Internet Explorer is the most non-complaint browser out there. Not only that, but it also lacks backward compatibility – so some features that work in IE6, would either break or what they call it “work differently” in IE7 and of course work another way in IE5.

One way around that would be to write a custom Java Script redirector that would determine what browser the client uses and redirected to the correct CSS. Another one, is to write a custom JavaScript that actually implements the functionality of all different browsers and makes sure everything is W3 compliant no matter what browser the client uses.

The problem in a second approach is that usually developers tend to write that JavaScript file only for a limited set of features that their application (web site) uses, and hence their JavaScript files are hardly reusable by others.

However, recently one of my good friends and developers discovered an open source JavaScript library – ie7-js, which is hosted on code.google.com and has an MIT License. This 70Kb library implements all the W3 features, which means it is highly reusable, and it makes web development to be a much much easier task, since developers do not need to worry about cross browser (at least from IE perspective), as this library supports ALL versions of Internet Explorer (5.0, 6.0, 7.0, 8.0 +). Which makes it universal for any web development project.

Enjoy and reuse the cross-browser wisdom!