Resetting User's password in Bitnami Gitlab using command line

Just for my own record or for someone that needed it :

First create a backup of your stack just in case :

sudo /opt/bitnami/ctlscript.sh stop

cd /opt

sudo cp -a bitnami bitnami_backup

sudo /opt/bitnami/ctlscript.sh start

After that just run the following to reset the user's password :

cd /opt/bitnami/apps/gitlab/htdocs

echo 'u=User.find_by_id(1); u.username="NEW_USERNAME"; u.save!;' | RAILS_ENV=production /opt/bitnami/ruby/bin/ruby /opt/bitnami/apps/gitlab/htdocs/bin/rails c

echo 'u=User.find_by_id(1); u.password="NEW_PASSWORD"; u.save!;' | RAILS_ENV=production /opt/bitnami/ruby/bin/ruby /opt/bitnami/apps/gitlab/htdocs/bin/rails c

Updating Bitnami Redmine

Recently just went through upgrading Bitnami Redmine (1.0.2 to 3.3.2). Following are the steps for my own record, and hopefully might be helpful for others as well. :

Information 

• installation directory is /opt/bitnami.
•  main folders that you can find inside 'apps/redmine' are the following:

• conf: folder that includes the apache configuration files for redmine

• htdocs: this folder includes the redmine files (Gemfile and Rakefile files, redmine configuration files, plugins folder, gems, etc).

• The location of the redmine configuration files (database configuration, email settings, etc) is the 'apps/redmine/htdocs/config' folder.

Upgrading Process

1. Backup existing redmine DB

mysqldump -u root -p bitnami_redmine > /home/bitnami/wordpress_backup.sql

2. Copy the database backup to the new Bitnami version server. using "WinSCP"

3. Stop all services and restart MySQL service

sudo /opt/bitnami/ctlscript.sh stop

sudo /opt/bitnami/ctlscript.sh start mysql

3a. if you found that u unable to login to the root account, youmay need to carry out the following steps to reset the MySQL root's password:

• Create a file in /home/bitnami/mysql-init with the content shown below (replace NEW_PASSWORD with the password you wish to use):

•  UPDATE mysql.user SET Password=PASSWORD('NEW_PASSWORD') WHERE User='root';
   FLUSH PRIVILEGES;

• If you are using MySQL 5.7 only, use the following content instead of that shown above:

•  UPDATE mysql.user SET authentication_string=PASSWORD('NEW_PASSWORD') WHERE User='root';
   FLUSH PRIVILEGES;

• Stop the MySQL server:

• sudo /opt/bitnami/ctlscript.sh stop mysql

• Start MySQL with the following command:

• sudo /opt/bitnami/mysql/bin/mysqld_safe --pid-file=/opt/bitnami/mysql/data/mysqld.pid --datadir=/opt/bitnami/mysql/data --init-file=/home/bitnami/mysql-init 2> /dev/null &

• Restart the MySQL Server 

• sudo /opt/bitnami/ctlscript.sh restart mysql

• Remove the Script

• rm /home/bitnami/mysql-init
  

4. Login to MySQL and rebuild the DB

 mysql -u root -p 

mysql> drop database bitnami_redmine;

mysql> create database bitnami_redmine;

mysql> grant all privileges on bitnami_redmine.* to 'bitnami_redmine'@'localhost' identified by 'DATABASE_PASSWORD';

mysql -u root -p bitnami_redmine < backup.sql

5. Edit the Redmine configuration file to update the database user password (the same that you set previously) "/opt/bitnami/apps/redmine/htdocs/config/database.yml"

6. Migrate the database to the latest version:

cd /opt/bitnami/apps/redmine/htdocs 

ruby bin/rake db:migrate RAILS_ENV=production

7. Copy the ""/opt/bitnami/apps/redmine/htdocs/files" folder from the old installation to the new one. 

8. Copy the folders from "vendor/plugins" directory into new installation directory, in "plugins" folder.

9. Check the plugins also support this new version and run the following command

ruby bin/rake redmine:plugins RAILS_ENV="production"

10. clean the cache and the sessions, then you are free to restart the services :

ruby bin/rake tmp:cache:clear

ruby bin/rake tmp:sessions:clear

 sudo /opt/bitnami/ctlscript.sh restart

Setup gitolite in D-Link DIR-620 router running openwrt

It's been some while that i flash my D-Link DIR-620 router with openwrt, but never have additional feature except tried to setup a torrent with it. Just tried to setup a gitolite server with it and hope that someone else will find it useful for following information:

1. Setup USB Storage. In this case i am using a 8gb USB thumb drive using the following command (i have formated my usb drive into ext4 format):

1. opkg install kmod-usb-storage block-mount kmod-fs-ext4

2. Setup gitolite in the router using the following step :

• Install necessary components

• opkg install git perl perlbase-essential perlbase-getopt perlbase-findbin perlbase-cwd perlbase-config perlbase-file perlbase-data perlbase-bytes perlbase-xsloader openssh-keygen perlbase-hostname perlbase-fcntl perlbase-io perlbase-symbol perlbase-selectsaver perlbase-errno perlbase-base

• Backup authorized_keys file if exist

• cp -p /etc/dropbear/authorized_keys /etc/dropbear/authorized_keys_backup

• Create directory under mnt and mount usb drive

• mkdir /mnt/usb

• mount /dev/[sda2]/mnt/usb

• Move root to usb and create link

• cd /

• mv root /mnt/usb

• ln -s /mnt/usb/root root

• Download gitolite 

• cd /root

• git clone git://github.com/sitaramc/gitolite

• Install a link to gitolite executable into /usr/bin

• gitolite/install -ln /usr/bin

• create gitolite logfile directory

• mkdir /root/.gitolite
  mkdir /root/.gitolite/logs

• Copy your ssh public key to root, you may use puttykeygen tools to get the single line public key and paste to a new file via vi command

• vi yourname.pub

• Setup gitolite

• gitolite setup -pk yourname.pub

• now you can remove the public key file and create a link to /root/.ssh/authorized_keys in /etc/dropbear/authorized_keys

• rm yourname.pub

• rm /etc/dropbear/authorized_keys
  ln -s /root/.ssh/authorized_keys /etc/dropbear/authorized_keys

• now you can admistrate your gitolite by cloning the gitolite-admin repo

• git clone root@OpenWRTBox:gitolite-admin

Alternative Solution for Homily Charting Tool Bug

I just notice that this doesn't happen to me alone, that after you inserted some text into the Homily Charting Tools and Save it, the chart will turn out like following:

Therefore, i would like to share out a small tool to help me resolve the problem. Just follow the following instructions :

1. download the following file (fix.exe) and save it in your "Homily Software folder\xg1\lne", for example "C:\Program Files\Homily Software\xg1\lne"

Down fix tools here. password : 4e94

2. You may want to create a shortcut for the file fix.exe in your desktop.

3. That's it, every time you have this kind of black candles, just double click at fix.exe in your desktop.

4. Wolah... the chart can be display correctly now as following :

And again, it's provided FREE and use it at your own risk.

* Warning!!! Before running the tools, you might want to backup the files in Your Homily Folder. I will not be responsible for anything going wrong.

Backup Favorites List from HLeBroking

1. Click on [start]  button, select on [run] , key in [regedit]  and click on  [ok]
button. 

2. Double click on  [HKEY_CURRENT_USER]

3. Double click on [Software],[Excel Force], [Cyber Stock for 2.5]

4. Select on [Favorites for(user ID)] and the Favourite Group would be 
displayed on the right     column.  

5. Click to [File] on the menu bar. Select [Export]. Save the file name as 
“My_Favourite.reg” on desktop. 

(Remarks: Please refer (step 1) to (step 5) for back up the stock counters 
on local PC. IF the stock counters missing on “My Favourite” (ecTrade), 
www.hlebroking.com), please proceed to the (step 6). 

6. Click [File] to on the menu bar. Select [Import]. Look for the 
“My_Favourite.reg” on desktop and click to [Open]. 

7. All the stock counters would be restored to the original location.

Installing Print Screen feature to my china made pad (Homily WinPad)

just got my new Homily Winpad and figure out it doesn't have google play with it and unable to do a print screen. Therefore, i would like to share on how i add a print screen feature to my China made Homily WinPad.

1. Using the WinPad (Android) browser, download the following file
      http://bit.ly/1YV3pM0

2. Install the app accordingly

3. Configure the app so that it start automatically every time you start you WinPad in Android.

4. you can capture any screen from android using the combination following combination keys:
[Power]+[Volume Down] for 2 seconds.

Sample screen captured / print screen. Nice and Sharp.

It's FREE so, enjoy everyone and happy new year.

Playing around with Arduino UNO R3 clone from China

Recently, I've been looking and reading articles about Arduino UNO R3. Search from Aliexpress awhile, and i decided to buy a cheap Arduino UNO R3 clone to play around with. After waited for 2 weeks plus, i finally get the board which look similar to this with the word "UNO" only, instead of "DCcEle DCcduino UNO":

First of all, setting up the environment :
1. Download and install the USB-Serial Driver. Saw from the chip surface, mine is using a "WCH CH340G", therefore, need to download the drive and setup separately :

Driver for Arduino Clone with WCH CH340G

2. Setup and configure Arduino IDE

• Run into problem while running the Zip version of the IDE at first. Now, it run well after configured the "sketchpath" in "preferences.txt" located in the "lib" folder

After everything is set, and when i plug in the board, all i found is that i can compiled and verified my "Hello World" sketch successfully, but, the upload is unsuccessful. After a few digging, finally found the solution for it :

• Luckily, i have a friend with a working UNO R3. Therefore i am using his Arduino UNO R3 as ISP.
• First i open the example sketch "ArduinoISP" provided inside the IDE.
• Upload the sketch into my friend's working board.
• I connect my board as following :

• Select "Arduino as ISP" as programmer
• Select the serial port for the working Arduino
• Press "Burn Bootloader"

Magic Happen... it seem like my cheap Arduino UNO R3 i bought from Aliexpress is not loaded with bootloader. And now, it's work flawlessly.

.

View your Android Screen remotely in you PC without additional devices.

This is one of the way i found out to view screen of my Android device in my Windows PC wireless-ly and FREE-ly without any additional device. I found that it's useful when i am presenting some android app and feature during the presentation. and further more it's FREE and only with few lines of command. And here is it :

1. download and extract a java app from the following URL :
    http://droid-at-screen.ribomation.com/download/
2. To run the app, you need to have java run time configured which i am going to discuss here.
3. Run the java app above and connect your android device via a USB cable. you should be able to see your android screen in your pc. However to make it run wireless, follow the following steps.
4. You need to find out what the ip address that's assigned to your android device. Under your command prompt, run "./adb shell" follow by "netcfg" and quite the adb shell by issueing "exit"
5. Then issue the command "adb tcpip 5555"
6. follow by "adb connect [device ip]:5555"
7. There you are, you are now able to disconnect the USB and start to view your android device screen without wire.

Hope you enjoy this FREE thing.

My footprint for making video

Recently due to some reason, i have been needed to make so video, some of the resources i found below are very much useful when creating a very impressive video. However, too bad, not all of it are FREE. Just for the records, there it is :

For getting some looping sound :
http://www.freesfx.co.uk/sfx/loop
http://www.audioblocks.com/
http://www.flashkit.com/loops/Ambient/Soundscapes
http://www.last.fm/

For getting some nice photo and video to embedded into your video :
http://www.shutterstock.com/video
http://www.revostock.com/Stock-Video/
http://www.dreamstime.com/technology-stock-video-footage-vcat103/pg1/
http://www.gratisography.com/
http://www.istockphoto.com/footage

Android Debugging Without Wire / Using WIFI

Recently i have involved in developing android app. Debugging using a device with USB connection has been a disaster for me as i have a loosen USB cable. Therefore have do some finding and here the solution to debug android app without using the USB Cable :

1.First connect your device via USB and make sure debugging is working fine. 

2.Second you need to find out what the ip address that's assigned to your android device. Under your command prompt, run "./adb shell" follow by "netcfg" and quite the adb shell by issueing "exit"

3. Then issue the command "adb tcpip 5555"

4. follow by "adb connect [device ip]:5555"

5. There you are, you are now able to disconnect the USB and start to debugging with wire.

To switch back when done , issue the following :

"adb -s [device ip]:5555 usb"

Useful FREE graphic tools for android development

Involved in some android app development recently. To make an app interesting, no doubt the image and graphics play a very important. As i am not a full time mobile app developer, nor a graphics designer, i prefer to search for some FREE tools that available to make my life easier while developing mobile application. Following are some of the FREE tool that i come across. Feel free to comment and recommend other tools that you find it useful.

Fotoflexer
Online-Image-Editor
Edit Photo For Free

And again, like always it's FREE... :>

Some OpenSSL Command for my own references maybe it's for you too

General OpenSSL Commands

These commands allow you to generate CSRs, Certificates, Private Keys and do other miscellaneous tasks.

• Generate a new private key and Certificate Signing Request

  openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

• Generate a self-signed certificate (see How to Create and Install an Apache Self Signed Certificate for more info)

  openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

• Generate a certificate signing request (CSR) for an existing private key

  openssl req -out CSR.csr -key privateKey.key -new

• Generate a certificate signing request based on an existing certificate

  openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

• Remove a passphrase from a private key

  openssl rsa -in privateKey.pem -out newPrivateKey.pem

Checking Using OpenSSL

If you need to check the information within a Certificate, CSR or Private Key, use these commands. You can also check CSRs and check certificates using our online tools.

• Check a Certificate Signing Request (CSR)

  openssl req -text -noout -verify -in CSR.csr

• Check a private key

  openssl rsa -in privateKey.key -check

• Check a certificate

  openssl x509 -in certificate.crt -text -noout

• Check a PKCS#12 file (.pfx or .p12)

  openssl pkcs12 -info -in keyStore.p12

Debugging Using OpenSSL

If you are receiving an error that the private doesn't match the certificate or that a certificate that you installed to a site is not trusted, try one of these commands. If you are trying to verify that an SSL certificate is installed correctly, be sure to check out the SSL Checker.

• Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key

  openssl x509 -noout -modulus -in certificate.crt | openssl md5
  openssl rsa -noout -modulus -in privateKey.key | openssl md5
  openssl req -noout -modulus -in CSR.csr | openssl md5

• Check an SSL connection. All the certificates (including Intermediates) should be displayed

  openssl s_client -connect www.paypal.com:443

Converting Using OpenSSL

These commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers or software. For example, you can convert a normal PEM file that would work with Apache to a PFX (PKCS#12) file and use it with Tomcat or IIS. Use our SSL Converter to convert certificates without messing with OpenSSL.

• Convert a DER file (.crt .cer .der) to PEM

  openssl x509 -inform der -in certificate.cer -out certificate.pem

• Convert a PEM file to DER

  openssl x509 -outform der -in certificate.pem -out certificate.der

• Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

  openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

  You can add -nocerts to only output the private key or add -nokeys to only output the certificates.
• Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

  openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

flappybird source code tutorial

Flappy bird become very famous nowadays. And there are rumors saying that the developer of the game if earning USD50,000 a days for the in app ads. Downloaded it, play few rounds, and i have a feeling that developing such a games shall be pretty easy. Therefore, after some search, finally got a very nice tutorial on how to create flappy bird (clone). Source code and tutorial are provided some more. And like usual, it FREE!!! Follow the link below :

FlappyBird (Clone) Source Code and Tutorial

Are your site blacklisted?

Most of the people involve in Internet Marketing or writing blog know how important is it to get listed or indexed by search engine. Search engine traffic can be an important source of traffic. However, sometimes, due to some issue, you found that it hard to get traffic from this kind of resource. First thing you need to check, is whether you site has been blacklisted. Following are some of the FREE tools for you to check if your site has been blacklisted. Check it out, it's again FREE :

BalckListAlert.org

MX Tool Box

Whats My IP - Blacklist Checking

Blacklisting Monitoring

PKI Related Standards

Involve in some PKI related project recently and found a interesting resources to get all the PKI related Standards. For my own record purpose, and to help out those that needed, following are the link :

http://www.oasis-pki.org/resources/techstandards/#majorrfcs

In case the above site is not accessiable, following are some of the details:

PKI Technical Standards What follows is a comprehensive set of lists of applicable PKI standards. Notes: Standards tend to migrate from one body to another, as they mature and become ratified and adopted by steadily bigger groups. Over time this can lead to redundant standards documents. For instance, most of the RSA Laboratories' PKCS series have been adopted by the IETF now; such standards can appear more than once in the lists below. A nearly complete compendium of information security standards was produced by APEC and is available from the Federal PKI Steering Committe website: APEC Standards Handbook. Important PKI Standards Organisations The Major PKI Related RFCs Other PKI Related RFCs Other Cryptography Related RFCs Other Security and Crypto Standards ANSI Financial Industry PKI Standards ANSI Financial Industry PKI Standards IN DEVELOPMENT ISO PKI Standards PKCS Series Smartcard Standards & Guidelines European Electronic Signature Standards PKI Based Protocols Alternative, Novel, Developmental and Historical Public Key Management Systems Important PKI Standards Organisations PKIX - the public key working group of the IETF IETF Security Area RSA PKCS - Standards Series IEEE Standards for Public Key Cryptography European Telecommunications Standards Institute IPSEC - (IETF) S/MIME Mail Security (IETF) - See also Internet Mail Consortium S/MIME site Transport Layer Security (TLS) - (IETF) NIST PKI Program - i.e. the National Institute of Standards and Technology. NIST Federal PKI Technical Working Group NIST PKI Program Document registers ANSI X9 - Financial Industry Standards Internet Mail Consortium Open Specification for Pretty Good Privacy The Major PKI Related RFCs The chair of the IETF's PKIX Working Group once named these as the most important of their RFCs to do with public key security. All other PKI related RFCs are listed further below. RFC3820 - Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile RFC2560 - X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP RFC2527 - Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. Superseded by RFC 3647. RFC3647 - Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. Supersedes RFC 2527. RFC2511 - Internet X.509 Certificate Request Message Format RFC2797 - Certificate Management Messages over CMS RFC3039 - Internet X.509 Public Key Infrastructure Qualified Certificates Profile RFC3161 - Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) RFC3281 - An Internet Attribute Certificate Profile for Authorization Other PKI related RFCs RFC2510 - Internet X.509 Public Key Infrastructure Certificate Management Protocols RFC2585 - Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP RFC2587 - Internet X.509 Public Key Infrastructure LDAPv2 Schema Other Cryptography Related RFCs RFC3779 - X.509 Extensions for IP Addresses and AS Identifiers BCP0086 - Determining Strengths For Public Keys Used For Exchanging Symmetric Keys RFC3739 - Internet X.509 Public Key Infrastructure: Qualified Certificates Profile RFC3709 - Internet X.509 Public Key Infrastructure: Logotypes in X.509 Certificates RFC3647 - Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework RFC3628 - Policy Requirements for Time-Stamping Authorities (TSAs) RFC3447 - Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 RFC3379 - Delegated Path Validation and Delegated Path Discovery Protocol Requirements RFC3280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile RFC3279 - Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile RFC3278 - Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS) RFC3029 - Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols RFC2986 - PKCS #10: Certification Request Syntax Specification Version 1.7 RFC2985 - PKCS #9: Selected Object Classes and Attribute Types Version 2.0 RFC2898 - PKCS #5: Password-Based Cryptography Specification Version 2.0 RFC2847 - LIPKEY - A Low Infrastructure Public Key Mechanism Using SPKM RFC2693 - SPKI Certificate Theory RFC2692 - SPKI Requirements RFC2559 - Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2 RFC2528 - Internet X.509 Public Key Infrastructure Representation of Key Exchange Algorithm (KEA) Keys in Internet X.509 Certificates RFC2510 - Internet X.509 Public Key Infrastructure Certificate Management Protocols RFC2459 - Internet X.509 Public Key Infrastructure Certificate and CRL Profile RFC2437 - PKCS #1: RSA Cryptography Specifications Version 2.0 RFC2314 - PKCS #10: Certification Request Syntax Version 1.5 RFC2313 - PKCS #1: RSA Encryption Version 1.5 RFC2025 - The Simple Public-Key GSS-API Mechanism (SPKM) RFC1824 - The Exponential Security System TESS: An Identity-Based Cryptographic Protocol for Authenticated Key-Exchange (E.I.S.S.-Report 1995/4) Other Security and Crypto Standards Federal Information Processing Standards Publications - (FIPS PUBS) FIPS PUB 140-2 - Security Requirements for Cryptographic Modules. Note that this page includes links to the standard as well as its Annexes, plus testing requirements and lists of current validated products. Special Publication 800-29 - A Comparison of the Security Requirements in Cryptographic Modules in FIPS 140-1 and FIPS 140-2 FIPS PUB 140-1 - Security Requirements for Cryptographic Modules (now superseded by FIPS 140-2) ISO/IEC 15408:2000 - Common Criteria; see also Dutch Common Criteria site ANSI Financial Industry PKI Standards X9.30 Part 1:1997 - Public Key Cryptography Using Irreversible Algorithm: Digital Signature Algorithm (DSA) X9.30 Part 2:1997 - Public Key Cryptography Using Irreversible Algorithms for the Financial Services Industry, Part 2: The Secure Hash Algorithm X9.31:1998 - Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA) X9.42:2003 - Public Key Cryptography for Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography X9.55:1997 - Certificate Extensions for Multi-Domain Operations X9.57:1997 - Public Key Cryptography For the Financial Services Industry: Certificate Management X9.62:1998 - Public Key Cryptography: The Elliptic Curve Digital Signature Algorithm (ECDSA) X9.63:2001 - Key Agreement and Key Management Using Elliptic Curve-Based Cryptography X9.68 Part 2:2001 - Digital Certificates for High Transaction Volume Financial Systems X9.69:1998 - Framework for Key Management Extensions X9.73:2003 - Cryptographic Message Syntax X9.79:2001 - PKI Practices and Policy Framework for the Financial Services Industry. Important standard upon which WebTrust for CAs was developed. ANSI Financial Industry PKI Standards IN DEVELOPMENT X9.77:200X - Public Key Infrastructure Protocols Withdrawn X9.79 Part 2:200X - Protection Profiles for Certificate Issuing and Management Systems. Committee Voting X9.88:200X - Long Term Non-Repudiation Using Digital SignaturesWithdrawn X9.89-200X - Management Protocols for Short CertificatesWithdrawn ISO PKI Standards ISO/CD 11568 - Financial services -- Key management (retail) Parts 1, 3, 4 and 5 ISO 13491-1:1998 - Banking -- Secure cryptographic devices (retail) -- Part 1: Concepts, requirements and evaluation methods ISO 15782-1:2003 - Banking -- Certificate management for financial services -- Part 1: Public key certificates ISO 15782-2:2001 - Banking -- Certificate management -- Part 2: Certificate extensions ISO/TS 17090-1:2002 - Health informatics -- Public key infrastructure -- Parts 1-3: Framework and overview, Certificate profile, and Policy management of certification authority ISO/CD 21188 - Public key infrastructure for financial services -- Practices and policy framework PKCS Series The PKCS series of cryptographic standards is managed by RSA Security Inc. The PKCS standards have moved beyond being proprietary and have equivalent standing in most of the PKI community as IETF or IEEE standards. PKCS #1 - RSA Cryptography Standard PKCS #3 - Diffie-Hellman Key Agreement Standard PKCS #5 - Password-Based Cryptography Standard PKCS #6 - Extended-Certificate Syntax Standard PKCS #7 - Cryptographic Message Syntax Standard PKCS #8 - Private-Key Information Syntax Standard PKCS #9 - Selected Attribute Types PKCS #10 - Certification Request Syntax Standard PKCS #11 - Cryptographic Token Interface Standard PKCS #12 - Personal Information Exchange Syntax Standard PKCS #13 - Elliptic Curve Cryptography Standard PKCS #15 - Cryptographic Token Information Format Standard Smartcard Standards & Guidelines ISO 7810 and ISO 7816 - Peak international physical, mechanical and electronic standards for plastic cards with embedded chips. PC/SC - Smart card reader architecture specification for PCs. See also specs NIST Smartcards standards and research - Home page for the National Institute of Standards and Technology smartcard related activities ISO 14443 - defines RFID proximity smart card standard (two types with different modulation specs) US Government Smart Card Handbook - by the US General Services Administration European Electronic Signature Standards A comprehensive list of relevant standards including certificate profiles is available at ETSI. See also ETSI FAQ. TS 101 862 v.1.3.1 - Qualified Certificate Profile, based on RFC 3679 X.509 Public Key Infrastructure Qualified Certificates Profile TS 101 903 v.1.2.2 - XML Advanced Electronic Signatures (XAdES); specifies the XML format for Advanced Electronic Signatures satisfying the requirements defined in the European Directive for Electronic Signatures. PKI Based Protocols IPSEC - A comprehensive list of IPSEC related RFCs and Internet Drafts is available at the Working Group Home Page: IPSEC Charter. See also Advanced Engineering Resources above. SSL - SSL v3.0 Specification. See also Advanced Engineering Resources above. TLS - RFC 2246 the TLS Protocol Version 1.0. See also Advanced Engineering Resources above. S/MIME - A comprehensive list of S/MIME related RFCs and Internet Drafts is available at the Working Group Home Page: S/MIME Home. Further links to related e-mail fundamentals (such as MIME, IMAP and POP) are collected at Web docs. See also Advanced Engineering Resources above. Alternative, Novel, Developmental and Historical Public Key Management Systems PGP - Pretty Good Privacy The latest technical developments on PGP standards are at Open PGP. For information about products, see commercial PGP and for PGP shareware, see free PGP. OpenPGP Message Format - All information needed to develop interoperable applications based on the OpenPGP format. It is not a step-by-step cookbook for writing an application. It describes only the format and methods needed to read, check, generate, and write conforming packets crossing any network. It does not deal with storage and implementation questions. It does, however, discuss implementation issues necessary to avoid security flaws. RFC 3156 - MIME Security with OpenPGP. This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol PEM - Privacy Enhanced Email RFC 1424 - Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services (Standard). This document describes three types of service in support of Internet Privacy-Enhanced Mail (PEM) [RFC 1421-1424]: key certification, certificate- revocation list (CRL) storage, and CRL retrieval. Such services are among those required of an RFC 1422 certification authority. RFC 1423 - Privacy Enhancement for Internet Electronic Mail (PEM): Part III: Algorithms, Modes, and Identifiers. This document provides definitions, formats, references, and citations for cryptographic algorithms, usage modes, and associated identifiers and parameters used in support of Privacy Enhanced Mail (PEM) in the Internet community. RFC 1422 - Privacy Enhancement for Internet Electronic Mail (PEM): Part II: Certificate-Based Key Management. This document defines a supporting key management architecture and infrastructure, based on public-key certificate techniques, to provide keying information to message originators and recipients. RFC 1424 provides additional specifications for services in conjunction with the key management infrastructure described herein. RFC 1421 - Privacy Enhancement for Internet Electronic Mail (PEM): Part I: Message Encryption and Authentication Procedures. This document defines message encryption and authentication procedures, in order to provide privacy-enhanced mail (PEM) services for electronic mail transfer in the Internet. Simple PKI See SPKI Charter. "The IETF Simple Public Key Infrastructure [SPKI] Working Group is tasked with producing a certificate structure and operating procedure to meet the needs of the Internet community for trust management in as easy, simple and extensible a way as possible." Note that the last update to the SPKI Goals and Milestones was in 1997, and the latest RFC dates from 1999. RFC 2692 - SPKI Requirements. The SPKI Working Group first established a list of things one might want to do with certificates (attached at the end of this document), and then summarized that list of desires into requirements. This document presents that summary of requirements. RFC 2693 - SPKI Certificate Theory. This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested.

For My Own Record - EJBCA LiveCD Information

Been researching on EJBCA recently. Following are some of the information for my own references :

password for tomcat.jks : serverpwd
password for truststore.jks : changeit
password for superadmin : foo123
password for login jboss : foo123

Packet Analysis on 3G usb dongle dial-up

Recently come across a idea which i need to capture and analyst the Network Packet via a 3G usb dongle. After the some finding, the following website provided a workable way that run in Windows XP 32bit :

http://desowin.org/usbpcap/tour.html

For those who want to do similar things, do check it out.