The eSigner fraud: ssl.com charging my credit card arbitrarily with hundreds of dollars

Background More than anything, this is a reminder to self why I must use a temporary credit card number when I’ll renew my EV Code Signing certificate I purchased from ssl.com, a few years from writing this (if they’ll still exist by then). I need it for Microsoft’s Attestation signing of drivers for Windows, as [...]

Windows trusting many more Root Authorities than certmgr shows

This baffled me for a while: I used certmgr to see if a Windows 10 machine had a root certificate that was needed to certify a certain digital signature, and it wasn’t listed. But then the signature was validated. And not only that, the root certificate was suddenly present in certmgr. Huh? Here’s a quick [...]

Attestation signing of Windows device driver: An unofficial guide

Introduction This is my best effort to summarize the steps to attestation signing for Windows drivers (see Microsoft’s main page on this). I’m mostly a Linux guy with no connections inside Microsoft, so everything written below is based upon public sources, trial and (a lot of) error, some reverse engineering, and speculations. This couldn’t be [...]

Generation of a certificate request from an existing P12 certificate

The goal The envisioned work flow for certificate generation is that the end user requests a certificate from a CA by first generating a public / private key pair, and then sending a request for having the public key certified by the CA. This way, the CA is never exposed to the private key. This [...]

Crypto jots on ASN.1 and Microsoft’s .cat files

Intro Crypto is not my expertise. This is a pile of jots I wrote down as I tried to figure out what the Microsoft catalogue file is all about. Not-so-surprising spoiler: It appears to be organized and elegant at first glance, but the more you look into it, it’s a mess. Of the kind that’s [...]

A sledge hammer introduction to X.509 certificates

Introduction First and foremost: Crypto is not my expertise. This is a note to future self for the next time I’ll need to deal with similar topics. This post summarizes my understanding as I prepared worked on a timestamp server, and it shows the certificates used by it. For how to check a connection with [...]

This post is intentionally left blank

This post has been terminally removed. It’s pointless to ask me for a copy of it.

This post is intentionally left blank

This post has been terminally removed. It’s pointless to ask me for a copy of it.

fetchmail, openssl and a sudden failure to authenticate certificates

Since around the beginning of December 2017, fetchmail stopped retrieving mails form Gmail servers silently, without issuing any kind of error message. Only when starting fetchmail in the foreground, I got fetchmail: Server certificate verification error: unable to get local issuer certificate fetchmail: This means that the root signing certificate (issued for /C=US/O=Google Trust Services/CN=Google [...]

Password-less SSH remote login demystified

This is documented everywhere, and still, I always find myself messing around with this. So once and for all: The files In any user’s .ssh/ directory, there should be (among others) two files: id_rsa and id_rsa.pub. Or maybe with dsa instead of rsa. Doesn’t matter too much. These are the keys that are used when [...]