Wednesday, December 30, 2015

Chinese Text in XBMC Cannot Display on Mac OS

English is the default language in XBMC.

After you chose Language as Chinese (Traditional), the skin displays strangely. 

Please change Language back to English.
Go to Appearance - Settings, and change Fonts from Skin default to Arial based.

Then the Chinese skin displays.

Then you can install the Add-On, AtMovies Movie Scraper.


Tuesday, December 29, 2015

Use Java Security to read a certificate generated by OpenSSL

The following example uses Java Security to read a certificate that is generated by OpenSSL command and to verify the certificate with the public key that is also generated by OpenSSL command.

Generate a RSA-2048 private kay.
>openssl genrsa -out prv.pem 2048
>openssl rsa -in prv.pem -pubout > pub.pem

Convert public key portino in DER format (so Java can read it)
>openssl rsa -in prv.pem -pubout -outform DER -out pub.der

Convert private key to PKCS#8 format (so Java can read it).
>openssl pkcs8 -topk8 -inform PEM -outform DER -in prv.pem -out prv.der -nocrypt

Generate a CSR signed by prv.pem
>openssl req -new -key prv.pem -out test.csr
password 1234

Generate a certificate, signed by prv.pem, for the CSR.
>openssl x509 -req -days 365 -in test.csr -signkey prv.pem -sha1 -out test.cert
password 1234

Generate another RSA-2048 private kay.
>openssl genrsa -out prv2.pem 2048

Convert public key portion in DER format (so Java can read it)
>openssl rsa -in prv2.pem -pubout -outform DER -out pub2.der

Run the java program to read certificate and to verify it.
D:\Cyber Space\Examples\JavaSecurity

>java ReadCert

The portion Java program,, is as below.

// Read an X.509 certificate from "test.cert".

FileInputStream fis = new FileInputStream ("test.cert");
BufferedInputStream bis = new BufferedInputStream (fis);
CertificateFactory cf = CertificateFactory.getInstance ("X.509");
if (bis.available () == 0) {
    System.exit (0);

// Dump the certificate.
// cert = cf.generateCertificate (bis);
System.out.println (cert.toString());

// Get public key of the certificate.

PublicKey pub = cert.getPublicKey ();
System.out.println ("Get the public key of the certificate with " + pub.getEncoded().length + " bytes.");

// Verify the cert with public key (pub).

System.out.println ("Verify the certificate with the public key.");
try {
    cert.verify (pub);
catch (Exception e) {
    System.out.println ("Exception.");

// Read public key (pub2) from the file (pub.der).

File f = new File ("pub.der");
fis = new FileInputStream (f);
DataInputStream dis = new DataInputStream (fis);
byte [] pubBlob = new byte [(int) f.length()];
System.out.println ("pubBlob.length = " + pubBlob.length);
dis.readFully (pubBlob);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey pub2 = keyFactory.generatePublic(new X509EncodedKeySpec (pubBlob));
System.out.println ("Get the public key, pub2, from the file with " + pub2.getEncoded().length + " bytes.");

// Check if pub and pub2 are same.
// They should be same.

if (pub.equals (pub2)) {
    System.out.println ("pub and pub2 are same.");
} else {
    System.out.println ("pub and pub2 are different.");        

// Read another public key (pub3) from the file (pub2.der).

f = new File ("pub2.der");
fis = new FileInputStream (f);
dis = new DataInputStream (fis);
byte [] pub2Blob = new byte [(int) f.length()];
dis.readFully (pub2Blob);
keyFactory = KeyFactory.getInstance("RSA");
PublicKey pub3 = keyFactory.generatePublic(new X509EncodedKeySpec (pub2Blob));
System.out.println ("Get the public key, pub3, from the file with " + pub3.getEncoded().length + " bytes.");

// Verify the certificate with the public key (pub3).
// The verification should be failed.

System.out.println ("Verify the certificate with the public key, pub3.");
try {
    cert.verify (pub3);
catch (Exception e) {
    System.out.println ("Error. An exception occurs. The result is expected.");


Use Java Security to export/import key pair into/from memory blob

I provide the example program of Java Security to explain how to

  1. export RSA key pair into memory blob.
  2. import RSA key pair from memory blob.
This example helps us to handle certificate or public key, that are generated by OpenSSL tool, in Java environment.

// generate an RSA-2048 key
System.out.println( "\nGenerate RSA-2048 key pair." );
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
KeyPair key = keyGen.generateKeyPair();

// Export key pair into memory blob.
System.out.println( "Export key pair into memory blob." );
PublicKey pub = key.getPublic ();
PrivateKey prv = key.getPrivate ();
byte[] pubBlob = pub.getEncoded();
byte[] prvBlob = prv.getEncoded();
System.out.println ("Public key with " + pubBlob.length + " bytes: " + pubBlob);
System.out.println ("Private key with " + prvBlob.length + " bytes: " + prvBlob);

// Import key pair from memory blob.
System.out.println( "Import key pair from memory blob." );
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey pub2 = keyFactory.generatePublic (
                    new X509EncodedKeySpec(pubBlob));
PrivateKey prv2 = keyFactory.generatePrivate(
                    new PKCS8EncodedKeySpec(prvBlob));
KeyPair key2 = new KeyPair (pub2, prv2);

// Check if the two key pairs are same.
if (pub.equals (pub2) && prv.equals (prv2)) {
    System.out.println ("Both key pairs are same");
} else {
    System.out.println ("Both key pairs are different");


Monday, December 28, 2015

Use Python to enable Bluetooth PAN in Windows

We cannot enable Windows Bluetooth PAN by a program because Windows doesn't public the Bluetooth PAN API that is implemented in bthpanapi.dll. I find a way to enable it by a script method, Python. The idea comes from UI automatic test.

Download and install Python 3.5.1

Install Pillow and PyAutoGUI in Python.
>pip install Pillow
>pip install PyAutoGUI

The Python program to enable Windows Bluetooth PAN is as below.

import os                                            
import pyautogui                                     
os.system ("control printers")                       
while (True):                                        
    Location = pyautogui.locateOnScreen('VIBEZ.png') 
    if (Location != None):                           
pyautogui.rightClick (Location [0], Location [1])    
x = Location [0] + 10                                
y = Location [1] + 83                        (x, y)                               
x += 230                                     (x, y)                               

The code opens "Devices and Printers" of Windows Control Panel.

os.system ("control printers")

The code moves the mouse cursor to the icon of "VIBE Z" and click the right button of the mouse to display menu items.

while (True):                                       
    Location = pyautogui.locateOnScreen('VIBEZ.png')
    if (Location != None):                          
pyautogui.rightClick (Location [0], Location [1])   

The code moves the mouse cursor to the 4th menu item.

x = Location [0] + 10  
y = Location [1] + 83 (x, y) 

The code moves the mouse cursor to the right menu item to enable Bluetooth PAN.

x += 230       (x, y) 


Java Security doesn't support AES-256 in default

The below code in generates an AES-256 key,

KeyGenerator keyGen = KeyGenerator.getInstance("AES");
Key key = keyGen.generateKey();

but the exception happens when running java AesExample.

The reason is the import regulation in some countries. AES is limited to 128 bits in default security policy.

AlgorithmMaximum Keysize
all others128

We can change the security policy by downloading the zip from the site.

Please select "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK/JRE 8" to download the zip file,, if we use JDK 8.

Decompress the ZIP file to get the both jar files.

Copy them to the directory to replace old files.

Now we can use AES-256 in Java environment.

>java AesExample


Tuesday, December 22, 2015

Why Windows CNG doesn't support AES in key storage functions?

The CNG key storage function, NCryptExportKey (), doesn't support BCRYPT_AES_WRAP_KEY_BLOB but the CNG cryptographic primitive function, BCryptExportKey(), supports it. Why Windows CNG doesn't support AES in key storage functions?

I guess that AES is symmetric encryption algorithm. The AES key is shared between two devices. For asymmetric encryption algorithm (e.g., RSA), only public key is shared and private key is kept and hidden in the owned device. The private key must be protected in a secure storage. Therefore Windows CNG provides key storage functions to store private keys of RSA. For AES key, it is not necessary to protect it. Therefore there is not AES in CNG key storage functions.


Sunday, December 20, 2015

Symmetric/Asymmetric Encryption and Hashing

I use the following simple formula to distinguish among symmetric/asymmetric encryption and hashing.

C = Enc (P, K1)
P = Dec (C, K2)

C is cypher text,
P is plain text,
Enc is an encryption algorithm,
Dec is an decryption algorithm,
K1 is a key for encryption.
K2 is a key for decryption.

If K1 == K2, then Enc and Dec are symmetric encryption (e.g., AES).

If K1 != K2, then Enc and Dec are asymmetric encryption (e.g., RSA).

If Enc is an one-way function (there is not a Dec to recover C to P), we can call it hashing (e.g., SHA).

Use MacBook to Install Ubuntu in Gen8 via iLO

I don't have a monitor, a keyboard, and an ODD attached to my Gen8. I only have a SDD. How do I install Ubuntu in it? Fortunately I have MacBook to help it.

1. Connect network cables in Gen8.

Connect a network cable to the iLO connector and another one to the NIC 2 connector in the Gen8. (It is possible to use only one network cable to connect NIC 1 that is shared with iLO.)

2. Put SDD in the Gen8.

I use SDD to be a bootable disk. Because the hard drive tray is not suitable for my 2.5" SDD, I pull out the tray and connect SDD to the SATA port in the room. (The alternative way is connect SDD to the external USB port.)

3. Turn on the Gen8.

4. Check the IP address of the iLO in Gen8.

I open my router's web page to list all IP addresses of connected devices. I find one device is connected by a wire. I suppose it is for iLO.

5. Use Mozilla browser to connect the IP address and download Java plug-in.

Because Safari and Chrome browsers cannot verify the certificate of the iLO, some features are not workable. Therefore I download Mozilla browser to avoid the problem. The Remote Console of iLO must be run by Java in Mac OS. There is not Java in Mozilla in default. I need to download Java from Oracle web site.

6. Get a free license of iLO.

Because HP was separated into two companies, HP and HPE. It is difficult for me to find the free license of iLO. I need it to use Remote Console of iLO.

7. Activate Intelligent Provisioning.

Run Remote Console to display the Java applet.

It displays that the OOD doesn't exist.

Select "Activate" in the step.

8. Create a virtual ODD with a Ubuntu's installation image.

Run iLO Remote Console and click Virtual Drivers to create a virtual ODD from a image of Ubuntu. My image file name is ubuntu-14.04.3-desktop-amd64.iso, that is Ubuntu desktop for 64-bit. I select desktop rather than server because it has GUI in default.

9. Click Power Switch to restart Gen8 to install Ubuntu.

10. Run Ubuntu in iLO Remote Console.