Monday, November 28, 2022

Create a JRE cacerts file from the Mozilla CA data

The JRE (Java Runtime Environment)  uses the file cacerts as trust base for the HTTPS connections to a server. You can substitute this trust base by the Mozilla CA, used e.g. in Firefox.

Monday, September 26, 2016

Create/Verify a Timestamp Request with OpenSSL

With the help of OpenSSL and curl you can easily create and verify SHA-1 based timestamps.

In this sample I will use the FreeTSA (https://freetsa.org/index_en.php) timestamp provider.

TSA Certificate: https://freetsa.org/files/tsa.crt
Key modulus (sha256): 899ba3d9f777e2a74bdd34302bc06cb3f7a46ac1f565ee128f79fd5dab99d68b

CA Certificate: https://freetsa.org/files/cacert.pem
Key modulus (sha256): a4b1a0a81aef68be1cc985d0f83bd6539cfe84174587f900e15ffe3f65433056

Download the certificate files:
  • wget http://freetsa.org/files/tsa.crt
  • wget http://freetsa.org/files/cacert.pem

Create timestamp request data

openssl ts -query -data data.txt -cert -sha1 -no_nonce \
    -config openssl_ts.cnf -out data.txt.ts_req

The file openssl_ts.cnf is an empty file.

Send the timestamp request and store the response


curl -s -S -H 'Content-Type: application/timestamp-query' \
    --data-binary @data.txt.ts_req http://freetsa.org/tsr \
    -o data.txt.ts_res


Verify the data with the timestamp response

openssl ts -verify -config openssl_ts.cnf \
    -in data.txt.ts_res -data data.txt \
    -CAfile cacert.pem
 

You should see the following message from OpenSSL

Verification: OK


View the timestap request data on the timestamping providing site

The hash value will be stored at the timestamp provider side. If you want to view the stored data, you need the SHA-1 hash value of your document

openssl dgst -sha1 data.txt | sed -e 's/^.*= //'

aa9e3512f38bafce78040651b54085c69b540d5d

Now you can request the stored data

curl -X POST \
    --data "hash=aa9e3512f38bafce78040651b54085c69b540d5d" \
    http://freetsa.org/grep.php

Time stamp: Sep 26 10:55:17 2016 GMT - Hash Algorithm: sha1 - aa9e3512f38bafce78040651b54085c69b540d5d



Tuesday, October 22, 2013

Monday, June 24, 2013

Oracle Database Instant Client Installation

Oracle Database Instant Client Installation

The Oracle Instant Client software is an easy to use alternative to a full blown Oracle Client installation. Especially if you are mainly interested in the Oracle sqlplus tool.

1. Create an oracle account (if not already available)

# groupadd oracle
# useradd -c "Oracle Instant Client" -d /home/oracle \
          -g oracle -m -s /bin/bash oracle
# password oracle


2. Login as user oracle and unpack the Oracle Instant Client software:

$ unzip instantclient-basiclite-linux.x64-11.2.0.3.0.zip
$ unzip  instantclient-sqlplus-linux.x64-11.2.0.3.0.zip


3. Set the Oracle Instant Client environment

ORACLE_BASE=/home/oracle                    ; export ORACLE_BASE
ORACLE_HOSTNAME=`uname -n`                  ; export ORACLE_HOSTNAME
ORACLE_HOME=$ORACLE_BASE/instantclient_11_2 ; export ORACLE_HOME
ORACLE_SID=dbsecdocs                        ; export ORACLE_SID
TWO_TASK=$ORACLE_SID                        ; export TWO_TASK
TNS_ADMIN=$ORACLE_HOME                      ; export TNS_ADMIN
#
PATH=$ORACLE_HOME:$PATH                       ; export PATH
LD_LIBRARY_PATH=$ORACLE_HOME:$LD_LIBRARY_PATH ; export LD_LIBRARY_PATH

Saturday, August 25, 2012

Simple usage example for class java.lang.ProcessBuilder under Windows (XP, Vista, ...)

It's easy to execute shell scripts under Windows with the help of the ProcessBuilder class: