Uploading keys with Symantec PGP SDK

Symantec offers the SDK used for building their PGP product line for internal use for existing customers. The SDK is written in C++, so I’ve decided to put a short example to demonstrate how to upload a key to to keyserver.pgp.com

Here is a simple routine for this purpose:

 

EXPORT_FN PGPError WINAPI Upload(const char* server_url, const char* public_key)
{
PGPError rv;

CInitSDK init_sdk(0);
CInitNetworkLib init_network_lib(kPGPFlags_ForceLocalExecution | kPGPFlags_SuppressCacheThread);
CInitKeyServer init_key_server;

CContext context;
rv = PGPNewContext(kPGPsdkAPIVersion, &context);
CHECK_RETURN(0 == rv, rv, "Cannot create PGP context");

CFileSpec fs;
rv = PGPNewFileSpecFromFullPath(context, public_key, &fs);
CHECK_RETURN(0 == rv, rv, "Cannot create local file spec for ", public_key);

CKeyDB key_db;
rv = PGPImport(context, &key_db, PGPOInputFile(context, fs), PGPOLastOption(context));
CHECK_RETURN(0 == rv, rv, "Cannot create public keydb for ", public_key);

CKeySet key_set;
rv = PGPNewKeySet(key_db, &key_set);
CHECK_RETURN(0 == rv, rv, "Cannot create key set for ", public_key);

PGPUInt32 count = 0;
rv = PGPCountKeys(key_set, &count);
CHECK_RETURN(0 == rv, rv, "Cannot get key count for ", public_key);
CHECK_RETURN(0 != count, rv, "File contains no keys ", public_key);

CKeyServer key_server;
rv = PGPNewKeyServer(context, kPGPKeyServerClass_PGP, &key_server,
PGPONetHostName(context, server_url, 389),
PGPOKeyServerProtocol(context, kPGPKeyServerProtocol_LDAP),
PGPOKeyServerAccessType(context, kPGPKeyServerAccessType_Normal),
PGPOLastOption(context));
CHECK_RETURN(0 == rv, rv, "Cannot create key server for ", server_url);

rv = PGPSetKeyServerEventHandler (key_server, OnEvent, nullptr);
CHECK_RETURN(0 == rv, rv, "Cannot set server callback");

rv = PGPKeyServerOpen(key_server, nullptr);
CHECK_RETURN(0 == rv, rv, "Cannot open keyserver ", server_url);

CKeySet fail;
rv = PGPUploadToKeyServer(key_server, key_set, &fail);
CHECK_RETURN(0 == rv, rv, "Cannot upload to keyserver ", server_url);

rv = PGPCountKeys(fail, &count);
CHECK_RETURN(0 == rv, rv, "Cannot get key count for failed uploaded keys");
CHECK_RETURN(0 == count, -1, "No keys were uploaded");

return rv;
}

Drop me a line if you want me to send you the source of the Windows DLL that I’ve made for this purpose.

UTL_FILE skip new line correction

Working on a contract project where sensitive data had to be PGP encrypted inside an Oracle database and stored outside the database I met a strange obstacle that lost me half a day to resolve. The PL/SQL package UTL_FILE was producing extra new lines in addition to those in the pgp file.

A sample ASCII armored OpenPGP encrypted message looks like this:

-----BEGIN PGP MESSAGE-----
Version: Didisoft OpenPGP Library for Java 3.1

hQEOA/64kyVg6gZbEAP+O5i+HIggYSNhWxvWJwaBJkbBU1XWc/bQcLpaWQ5js5rU
wUJBcmVbKR7bz+aqCAoB6mlQjYxau6LWB4kOJRkQ7pId7fe/GanXsNBfXjOCeAuX
kGf6Zy4KItez5Ki3piKnku/XpCVjSrbmAWPYt+FNq5kuiZ95rJ+lBzxs2Vzem2oD
/3RMIfIQsmEoAfyNgIFiq1pM51AH+TL9YUHoV/oFNID4O2lyL2bbAk4v2V/w3nGj
7S5G4VOYU4q1GkPAvc0cAwA/WBGWXsIYaPOwvOzXVKmgr99lUn/T6m0KCvsVQWdG
IsPGt7IhwraSp3OR6IOtBTSrnk0gbnw6cmD3qLH3y9P3yT+tVwTcUjIhDuP460Ht
4+cuzGLvjBnKRjIn6emL5yQhOONTXGPpUiIRxgQjOO1fZaMP2O1K1LP6Ea3A6JJA
vDU=
=h9Gd
-----END PGP MESSAGE-----

Unfortunately UTL_FILE adds extra new line characters ant it becomes like this:

-----BEGIN PGP MESSAGE-----

Version: Didisoft OpenPGP Library for Java 3.1

hQEOA/64kyVg6gZbEAP+O5i+HIggYSNhWxvWJwaBJkbBU1XWc/bQcLpaWQ5js5rU

wUJBcmVbKR7bz+aqCAoB6mlQjYxau6LWB4kOJRkQ7pId7fe/GanXsNBfXjOCeAuX

I was really frustrated and read everywhere on the Internet, on Ask Tom everyone is complaining that UTL_FILE.PUT_LINE doesn’t add new lines, but nothing for my case. At last I found a man who has resolved it. The problem is that when we open a file with mode ‘w‘ it is in text mode, where this additional new lines are added. So in order to write a pgp message as is we shall use ‘wb’ for binary mode

l_file := UTL_FILE.fopen(folder,file_name,'wb'); -- very important to use binary mode

What a day!

Warcraft The super beginning

After leaving the 3D cinema and the Warcraft movie I was still in some kind of story.

Later at home I read the Wiki article for the film and was amazed at the low rating in USA and extremely frustrated by the opinion of the review aggregator Rotten Tomatoes. Probably those reviews were also made by americanos. I’ve tried to compare the movie with anything similar, but frankly in vain. Nor Star Wars The force awakening nor the Lord of The Rings could compare with it. This is is really something amazing must to be seen.

I will be waiting the next episode…

Create a Chm help file for your PowerShell cmldets

Developing PowerShell cmdlets with C# is fun. But if we want to share our tools with others we need eventually some kind of documentation (Yeah, I know that they can look into the source code, I’ve heard this thousand times).

PowerShell man page

The first step of documenting our Cmdlets is to write the proper comments in our source code. For example to document the command class we shall type something like:

/// <summary>
/// <para type="synopsis">
/// Creates a new DH/DSS asymmeric cipher
/// </para>
/// <para type="description">
/// Creates a new DH/DSS asymmeric cipher
/// </para>
/// <para type="link" uri="https://www.xxx.com/">Online Tutorial</para>
/// </summary>
/// <example>
/// <code>New-KeyDhDss -Length 2048 -Name "Richard Koosh" -Password "my key pass" -Output c:\my.key</code>
/// </example>
[Cmdlet(System.Management.Automation.VerbsCommon.New,
"KeyDhDss")]

The next step is to produce an XML Help file that shall be named OurDll.dll-Help.xml and reside in the same folder as the Cmdlets dll. To produce such Help file we can use the XmlDoc2CmdletDoc tool kindly provided by RedGate.

Now we can see the manual page for our Cmldets in the power shell console by typing

Get-Help New-KeyEcc

CHM help file

But what if we would also like to have a CHM help file? The only tool that I’ve found was the Compile-Help.ps1 script. Unfortunately it is very hard coded and needs extra work to customize the result .chm file. But if you spe an hour you will manage to make it suitable for your needs.

Thomb Rider and my daily work

Looking at the screencasts of The rise of Thomb Rider I’m impressed to an extent that I have the feeling that I’m watching a real movie. rise-of-the-tomb-raider-community-challenge

This is really amazing work, and the guys who did the game are some kind of computer gods. On the contrary on my day to day work I’e always had to do casual CRUD apps, from old Borland Delphi sixteen years ago, through VB6/VB.NET and Java EJB/Spring/Hibernate spagethi like things – the same old song with a new voice.

This is really sad and makes me think that there is something wrong with the whole thing. You see – people fly to Mars and me (you) still dig rocks in the mine.

Silver support plan for Google Cloud Platform

I was struck in a custom situation using the Google Cloud Platform APIs and as a poor man my support level was Bronze (free of course). I had no other choice than ordering the expensive Silver support plan where a human being would answer me in a timely fashion, instead of the bots that I think are hooked on the Bronze plan support forums.

Anyway, $150 bucks are a lot of money to me, but I had to part with them.

The support representative who was answering via email was polite, but of course didn’t gave me the needed technical answer as expected. My problem was bridged between Google Cloud Platform and Chrome and although both origin from the same company they always wash hands when Google Chrome is involved (I have tried this year ago asking Adwords support by showing them the problem in Chrome appearing after clicking my add). But being smart enough I figured out between the lines the solution.

Today I was happily surprised when I was that instead of paying $150 I spent only $15 – for the three days when the Silver Support plan was active (after “inventing” the solution I switched back to Bronze of course – remember: the poor man mindset:)

SHA-256 required for authenticode signatures in 2016

As of 1st of January 2016 Microsoft requires SHA256withRSA digital signatures for executable files running on Windows 7, Windows 8 and Windows 10. Code signing certificates bought before year 2015 support only SHA1withRSA and you need a more recent code signing certificate in order your application to be allowed by the Windows Smart Screen filter.

More information here: http://zabkat.com/blog/code-signing-sha1-armageddon.htm

Microsoft advisory on TechNet: https://technet.microsoft.com/en-us/library/security/2880823.aspx

What happened to Java

I remember the early days of Java in the year of 1996. It was an overwhelming success.

Having a C like syntax but without the worry for memory management it was like a fresh air. Almost every big software tool vendor jumped on the Java bandwagon with tools. There were dozen IDEs : IBM with VisualAge, Kawa, Symantec with VisualCafe, Borland with JBuilder. Even Microsoft had their IDE – Visual J++ (part of Visual Studio).

Starting with client side programming (Java applets) soon the language was adopted for embedded programming (cell phones were shipping with a stripped Java virtual machine) and then for server applications.

The EJB specification for server side Java programming was born just a year after. A lot of Enterprise application servers were born from this demand for Java technology: Resin, WebLogic, WebSphere, Sybase Enterprise app server, just to name a few.

After the Dot-com bubble things calmed down for a while. Some of the leading Java tool vendors discontinued their products. Open source tools were born, eating from their market as well. I remember basing one small app for students curriculum upload on Tomcat 3.1 and servlets. I think that there was some bug in Tomcat which led to restart of the whole computer (Windows 2000 server machine) on each few uploads – a very bad lesson for me.

A lot of years has passed since then. The owner company of Java no longer exists. A lot of the Java tool vendors also no longer exist having the same faith of being accused by larger companies. Java is no longer a hype, it’s a mainstream language used in a lot of applications with billions of code lines, that have to be supported.

A some type of rebirth was given to the language by Google by making Java the primary language for Android applications. This is like having a second life, probably Google managers thought about the millions Java programmers and how easy will be for them to switch to mobile phone development knowing already the language syntax.

But anyway Java at its current state is dominated by open source tools. Only rich companies afford to buy commercial IDEs, application servers or software libraries, but they are minority.

What’s the future of the language? No one can predict, but Java is here to stay at least for the next 15-20 years.

JShell comming after PowerShell

There was a time when Java was fresh and bleeding edge technology (I was sixteen at that time:). Time has passed and after a few year Microsoft made a similar language running on a virtual machine called .NET. Microsoft started by copying the good features of Java, but avoiding the bad things (like JAR hell, e.g.)

Ironically today almost 20 year later, Oracle as the new owner of Java is trying to catch up with .NET by cloning features from it. The fresh example is JShell which is a close match to PowerShell.

Only the future will tell how widespread will it become.