Thoughts about code

I recently got a new virtual private server from the German provider Contabo . This article explains how I changed the installed system to use encrypted storage. I also wanted not to store the decryption secret anywhere on the system. Goals: Encrypt the root partition using cryptsetup and LUKS Passing the decryption secret using SSH WARNING: Following this guide might result in complete and irrecoverable data loss! Before proceeding on a live system, make sure to back up all data to be safe! It’s a good idea to test drive this guide using a virtual machine such as qemu or VirtualBox . The starting setup I am currently running Debian 11 on my virtual machine and the rescue image is also based on Debian 11. My system comes with a simple partitioning scheme, where everything is installed on the root partition. Because my use case is simple, this setup suited me well and so I kept it. If you require a more sophisticated scheme, it’s quite easy to create more logical volumes in ...

Recently I have been working on a private project concerning Zookeeper and security. Since version 3.5, Zookeeper supports mTLS, an authentication mechanism that also adds encrypted communication. Two birds with one stone, you might say. In this journey, I experimented with exposing certificates in Java, and I’m going to share what I learned here. Using certificates and keys in Java The scenario I’m going to explore is when I generate some certificates and keys with OpenSSL and I want to use them with a Java application, as explained in my earlier article, Creating a CA for mTLS with OpenSSL . In particular, I start out with these files: ca.pem : my root CA certificate app.pem : the certificate to be used by my Java app, in PEM format app-key.pem : the unencrypted RSA key for the app, as generated by the openssl genrsa command. The files I want to create are: keystore: a file that contains my app certificate and key to use for authentication and encryption; trust store: a ...

In this article I will explain how I created my own certificate authority and issued certificates to use for my Zookeeper setup. Thus, I also go into detail about how to convert certificates to use in a Java application. To give a bit of background, I started working recently on a personal project to deploy Zookeeper on Kubernetes. One feature of Zookeeper that I was interested in is TLS encryption on connections and using mTLS for authentication. I some needed TLS certificates and I decided to roll my own. For an introduction to mTLS, check out this article: https://www.cloudflare.com/learning/access-management/what-is-mutual-tls/ I decided that I’m going to use a single CA for all certificates. The advantage of this setup is that I only have to add a single CA certificate to my container images. The drawback is how to handle certificate revokation, for example if a key is compromised or a certificate is decommissioned. This is out of the scope of this article. Creating a CA I...