[Tutorial] How to generate certificate authority and server certificates using OpenSSL

Introduction

Many people struggle when they first have to generate correct certificates to work with ssl libraries. There are many tools out there and a number of different file formats and things can get confusing quickly. This tutorial will help you generate your own certificate authority and server certificates to be used for your secure server/client.

Generating Certificate Authority

Certificate Authority is a trusted third party that vouches for servers a client is trying to talk to.
We will be setting up our own CA for our application. This can be useful if you are just looking to test your server or your server will not be accessible by the public.

 openssl req -new -x509 -keyout ca-key.pem -out ca-cert.pem -days 365  

Enter appropriate passphrase when prompted.
This will generate two files:
ca-key.pem - certificate authority private key
ca-cert.pem - certificate authority public certificate

Notice that this CA certificate will only be valid for 365 days.

Generating Server Certificate

Now we need to generate server private key and certificate signing request.
Certificate signing request file is later sent to certificate authority to be signed and generate server public certificate. During SSL handshake, the server sends this signed public certificate to the client and the client can verify it with CA public certificate to make sure the server is trustworthy.

 openssl genrsa -aes128 -out server-key.pem 4096




Set appropriate passphrase for server private key when prompted.
This command will generate RSA server private key of size 4096 bits using 128bit AES algorithm.
Generally key size of 2048 or higher is recommended.

 openssl req -new -key server-key.pem -out server.csr

This command will generate server certificate signing request file. This file is later sent to certificate authority (in this case, our own) to be signed to generate signed public certificate for the server.

Signing Server Certificate with our own Certificate Authority

Once server certificate signing request file is generated, we can send it to well known certificate authority like GoDaddy to be signed but usually there is a fee associated with it.
In our case, we will be signing the certificate signing request file with our own certificate authority generated earlier.

 openssl x509 -req -days 365 -in server.csr -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem




This will generate server-cert.pem signed by our own certificate authority and ready to be used!

Removing the Passphrase from Server Private Certificate

Server private key is protected by a passphrase. The private key is to be never shared with anyone else. However if adversary somehow get his or her hands on the private key then this passphrase will protect the file. It is very unlikely that this will happen and also we need to enter the passphrase everytime we run our server and this can get somewhat annoying. Also our cyassl example will fail to load the key with error code NO_PASSWORD if passphrase isn't provided.
As a simple solution, we will simply remove the passphrase from the server private key.

 openssl rsa -in server-key.pem -out server-key-nopass.pem




This command will generate password-free server private key, server-key-nopass.pem.

Generating Java Keystore and Importing CA certificate

In case you are using Java server, you need to generate a keystore where CA certificates are stored.
This can be generated using "keytool" included in Java package.

 keytool -genkey -keyalg RSA -keystore keystore.jks -keysize 4096




This will generate keystore.jks. Now that you have a keystore, we need to import our ca-certificate generated earlier.

 keytool -import -trustcacerts -alias MyCA -file ca-cert.pem -keystore keystore.jks

Testing Generated Certificates

You can install generated certificates using CyaSSL.
Download CyaSSL tutorial code from their website.

 http://www.yassl.com/documentation/ssl-tutorial-2.0.zip

Under finished_src directory, you will notice echoclient and echoserver directories.
We need to copy our own generated certificates to echoclient and echoserver directories.
cp ca-cert.pem /ssl-tutorial-2.0/finished_src/echoclient/.

 cp ca-cert.pem ./ssl-tutorial-2.0/finished_src/echoclient/.

 cp ca-cert.pem ./ssl-tutorial-2.0/finished_src/echoserver/.

 cp server-key-nopass.pem ./ssl-tutorial-2.0/finished_src/echoserver/server-key.pem

 cp server-cert.pem ./ssl-tutorial-2.0/finished_src/echoserver/.

Now compile and run the echoserver and echoclient and see if it works!

Please let me know if there are any mistakes.
I would also appreciate if someone can tell me how to load password-protected server private key.

[Tutorial] How to remove default Samsung Apps from Galaxy S2

Galaxy S2 comes with default samsung apps that are often never used.

If you are neat freaks like me when it comes to files/apps, you will be pleased to know that there is a way to remove default apps easily.

All you need is a root capable browser like Root Explorer.

In this example, I will be using MIUI file explorer which also has root capability.


1. Change the setting of your browser to allow root previlege.

2. Go to /system/app where all default system apps are located and find the file you want to delete.

3. On some browsers, you might need to change the permission of the directory from RO (read-only) to WR (writeable and readable).

4. Delete the file!

It is as simple as that!

Just remember that removing some system apps might break the OS so you have to be careful.


Here is a list of system apps that are safe to remove:

(I found the list from my hard drive. I don't remember where I got it from. If you know where the list is from, please let me know.)

SamsungWidget_WeatherClock.apk

Dlna.apk

LiveWallpapers.apk

SamsungWidget_News.apk

BluetoothOpp.apk

BuddiesNow.apk

TouchWizCalculator.apk

TouchWizCalendar.apk

TwCalendarAppWidget.apk

CalendarProvider.apk

TwWallpaperChooser.apk

Camera.apk

ChocoEUKor.apk

AnalogClock.apk

PressReader.apk

PRUI.apk

lcdtest.apk

SamsungAppsUNAService.apk

ScreenCaptureService.apk

SnsImageCache.apk

Days.apk

Bol.com_version_1.0.3.3.apk

DigitalClock.apk

DownloadProviderUi.apk

DualClock.apk

Email.apk

EmailWidget.apk

FactoryTest.apk

FmRadio.apk

Gallery3D.apk

GameHub.apk

GoogleQuickSearchBox.apk

HelvNeueLT.apk

Protips.apk

HTMLViewer.apk

SamsungIM.apk

IMEITracker.apk

Browser.apk

KiesAir.apk

kieswifi.apk

Kobo.apk

PanningTryActually.apk

Divx.apk

Memo.apk

Mms.apk

Microbesgl.apk

MiniDiary.apk

PostIt.apk

MmsProvisioning.apk

MobilePrint.apk

MobileTrackerEngineTwo.apk

MusicPlayer.apk

MusicHub_U1.apk

MyFiles.apk

GenieWidget.apk

SecretWallpaper1.apk

PhotoRetouching.apk

PicoTts.apk

PolarisOffice.apk

SamsungWidget_ProgramMonitor.apk

ReadersHub.apk

signin.apk

SamsungApps.apk

MMM_Smartphone_1.5.1_final.apk

ApplicationsProvider.apk

SetupWizard.apk

shutdown.apk

Stk.apk

SnsProvider.apk

SnsDisclaimer.apk

SnsAccountFb.apk

SnsAccountLi.apk

SnsAccountMs.apk

SnsAccountTw.apk

SocialHub.apk

SevenEngine.apk

syncmldm.apk

SoundPlayer.apk

SpeechRecorder.apk

Tasks.apk

Term.apk

TrimApp.apk

Kies.apk

UserDictionaryProvider.apk

VideoEditor.apk

VideoPlayer.apk

VoiceToGo.apk

VoiceRecorder.apk

VpnServices.apk

FTS.apk

FTM.apk

SecretWallpaper2.apk

wipereceiver.apk

WlanTest.apk

wssyncmlnps.apk

SamsungWidget_StockClock.apk

Zinio.apk

[Tutorial] Wixel Programmable Wireless Module - Part 1: Setting up the environment

I was commissioned by a private company to create a wireless system over the summer.

I was looking for an RF alternative that can minimize the cost and came across Wixel Programmable Wireless Module.

What I love about this module is that this module contains TI CC2511F32 microcontroller with built-in 2.4 Ghz Radio and 6 analog input pins with 12 bit ADC. It even has built-in USB adaptor which makes it very easy to interface with this device.

This was perfect for my application since I needed to process and transmit <1v analog signal wirelessly.

The only downside in comparison with other RF modules is that this module can cover only about 50 feet/15 meters for wireless communication.

You can get this module either from Pololu directly or from Sparkfun.

Fortunately, my local supplier Creatron carried them so I got it from them.

Setting up the development environment for this module was very easy and took only about 5 minutes following this guide.

You just need to install Driver & Software, and Development Bundle and it worked out of the box!

Wixel Windows Drivers and Software

Wixel Development Bundle for Windows


When you first connect wixel module, you will notice that both red and yellow leds on indicating that there is no program uploaded.

Once you upload the program, you can control these two leds through functions

LED_YELLOW(STATE), LED_RED(STATE)


Wixel Windows Drivers and Software will install a Wixel Configuration Utility that makes it very easy to upload a program and set parameters (blink_period_ms).

You can see that the program automatically detect connected Wixel module with unique serial ID displaced on the left panel.


If we look at the actual source code of this program, we can see that the variable blink_period_ms preceded with "param_" with default value of 500. Notice we can control the Yellow/Red LEDS by calling LED_YELLOW and LED_RED functions.

To be continued ...