S/MIME Signatures on Git

July 24, 2024 - 2 mins read

S/MIME, our old friend, usually used to sign and encrypt emails. Essentially it’s a standard to ensure the authenticity and security of your communications, especially emails. However, it can also be used to sign regular data. You guessed it, we are going to use it to sign Git commits. The difference between PGP signatures and S/MIME signatures is that the latter requires a central organization to ensure the certificate is trustworthy, and thus it’s popular among corporations.

Using OpenSSL to Sign Data (Simple Guide)

July 2, 2024 - 8 mins read

OpenSSL, a tool which accompanies us all the time but often being ignored by everyone. OpenSSL is currently the most powerful tool in the cryptographic industry. With that said, OpenSSL itself is not easy to use and rather complicated and confusing. This guide focus on signing & encrypting data in a simple way, utilizing a pair of Elliptic Curve keys. My OpenSSL version: OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.

How Do I Organize My Storage Today

May 28, 2024 - 9 mins read

data
storage

Wow, it’s been 2 years since I wrote the last storage-related posts (and that was actually my first blog post ever, learn more) So, two years have passed, and it’s time to write another one. Briefly introduction Despite that I started to focus on privacy and security, the cloud storage is still my main storage medium. But don’t panic just yet, I now have decent amount of local storage as well, and thanks to the magic of moden cryptography, any data stored on the cloud is safe and sound.

Vanity GPG Keys

March 24, 2024 - 6 mins read

If you haven’t known what a GPG key is, please close this tutorial. As we all know, GPG keys have their IDs, they are essentially 40 hexadecimal characters that are used to identify your keys. Your ID may look like this. 9684 79A1 AFF9 27E3 7D1A 566B B569 0EEE BB95 2194 // GitHub web-flow signing Usually we just memorize the last 16 characters because it is enough in most cases.

How to Create a Self Signed Certificate Authority

March 16, 2024 - 7 mins read

If you have a lab like me, you will probably need to serve some of your services through Web. And speaking of web, we cannot ignore one critical aspect – Security. The easiest way to secure your websites is to use TLS. However, most easy-to-get certificates for websites are meant for public domains, not for IPs, not to mention internal IPs. Furthermore, you might not feel comfortable exposing your service to your CA.

Why Did I Use OpenBSD for My Remote File Server

February 18, 2024 - 6 mins read

hardcore
bsd

So, many of you may know that I am a long-time Linux user. However, recently many of my friends tried REALLY HARD to convince me to try BSD-based systems. At first glance, my opinion was a solid NO. I mean, one of the most important thing for me is software ecosystem. Of course, Linux (GNU/Linux) absolutely crushed most operating systems in terms of ecosystems. Later, as I was looking for a way to configure my remote file server, I decided to give it a try.

How Do I Take Care of My Cryptographic Keys

February 12, 2024 - 4 mins read

So, as you start to jump down the rabbit hole of cryptography, you will start to face another question: How can I take care of my keys? Well, it’s a long story for everyone, and here’s mine. Asymmetric There are symmetric and asymmetric cryptography, and I will walk you through. OpenPGP Keys If you have followed my blog for a long time, you might know that I have had two YubiKeys and a couple of smartcards.

DIY OpenPGP SmartCard using SmartPGP

February 7, 2024 - 5 mins read

If you have caught up with my blog for a long time, you may know what OpenPGP is. And you probably know what a YubiKey is, which can act as a smartcard. Traditional OpenPGP stores your private key on your computer, generally in ~/.gnupg, which is nowhere near safe. Storing your private keys to a OpenPGP smartcard has following benefits. Safe, only people who physically has access to your smartcard and know your PIN can do operations i.

2023 Final Review

February 7, 2024 - 5 mins read

It’s been another year. The final review has been delayed on my calendar for like two months. But hey better late than never. It’s time to summarize the past year. Unlike last year, I wouldn’t explain which month happened which event, but in general. Study It’s been a year, and this year I have been admitted to the high school which I was looking forward to across all three years in junior high.

Authencating SSH using YubiKey PIV

November 5, 2023 - 4 mins read

If you have ever seen my previous posts, you might know that I have two YubiKeys and a bunch of Linux servers. Passwords are far from secure when comparing them with a pair of keys. Technically not a pair of keys, just because I’m talking about asymmetric keys, so a pair of. But if you decide to switch to Keys instead of Passwords, it’s highly possible that you will run into a trouble when you don’t know how to take care of your keys.