Clouds blog

Category: English

  • Avast residues

    Avast is a really nice antivirus program with friendly user interface and easy setup.

    While it works efficiently, it amazed me that it has a really harsh internet firewall that you don’t even know it works. It occurred to me many times that it had something to do with playing lan games using old Hamachi. We could see the server hosted on the pc behind avast, but we could not connect to it. It would just start connecting forever and never coming to a point. Uninstallation of Avast resolved the problem immediately so we knew something was up wit hit. Later it showed up that even disabling only the firewall part worked well.

    The new story that amazed me was also related to avast. The program itself was uninstalled, but a service remained running in the background. Even after many computer restarts. The user could connect everywhere outside but nobody could connect to him. We tried with TeamViewer – no go (
    Error Code: WaitForConnectFailed ), Remote deskotp – didnt work (stalled at initializing … ), RealVNC didn’t work. Any connection to the user pc was failing. We noticed the problem because the user could not connect to an OpenVPN server, probably because the server wasn’t able to make a connection to the user. Firewall were disabled at all.

    Then I notice an avast service running in task manager and it came to my mind that it shouldn’t be there as Avast was previously uninstalled. The avast process could not be killed as the administrator didn’t have enough rights (right! clear as the sky on a rainy day). Fortunately Avast provides the right tool with clear instructions on how to remove it. The process is described at http://www.avast.com/uninstall-utility and easy to follow if you know what safe mode is.

    After removal everything started working normally again.

  • Use iText 4.1.6 to signing a PDF file with C#

    Here is an C# example of signing a PDF file with certificate in file using the latest free MPL & GPL version of iText. It can be downloaded from here (source) or here(DLL) or via NuGet package manager in Visual Studio.

    After importing iText in the project you have access to the following functions.

    The code for PDF processing goes like this:

     var _certificate = new X509Certificate2(@"C:\cert.pfx", "iLikeMyCertPass" , X509KeyStorageFlags.Exportable);

var certParser = new Org.BouncyCastle.X509.X509CertificateParser();
var chain = new Org.BouncyCastle.X509.X509Certificate[]
    {
      certParser.ReadCertificate(_certificate.RawData)
    };
AsymmetricKeyParameter bouncyCastlePrivateKey = DotNetUtilities.GetKeyPair(_certificate.PrivateKey).Private;


var reader = new PdfReader(@"C:\test.pdf");
var writer = new FileStream(@"C:\test-signed.pdf"), FileMode.Create, FileAccess.Write);

PdfStamper st = PdfStamper.CreateSignature(reader, writer, '\0');

PdfSignatureAppearance sap = st.SignatureAppearance;

sap.Layer2Font = new Font(Font.UNDEFINED, 4);
sap.Reason = "I can sign it!";
sap.Location = "At home";

sap.SetVisibleSignature(new Rectangle(0, 0, 120, 35), reader.NumberOfPages, "Signature");
sap.Render = PdfSignatureAppearance.SignatureRender.Description;
sap.SetCrypto(bouncyCastlePrivateKey, chain, null, PdfName.ADOBE_PPKLITE);
sap.Acro6Layers = true;
//if I uncomment the following line the status of file is UNKNOWN in Acrobat reader
//sap.CertificationLevel = PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED;

reader.Appendable = true;

var dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_DETACHED);
dic.Reason = sap.Reason;
dic.Contact = sap.Contact;
dic.Location = sap.Location;
dic.Date = new PdfDate(sap.SignDate);
sap.CryptoDictionary = dic;

int contentEstimated = 15000; //you can modify this you have loads of contents in signature

var exc = new Hashtable();
exc[PdfName.CONTENTS] = contentEstimated*2 + 2;
sap.PreClose(exc);

PdfPKCS7 sgn = new PdfPKCS7(bouncyCastlePrivateKey, chain, null, "SHA-1", false);
IDigest messageDigest = DigestUtilities.GetDigest("SHA-1");
Stream data = sap.RangeStream;
byte[] buf = new byte[contentEstimated];
int n;
while ((n = data.Read(buf, 0, buf.Length)) > 0)
{
    messageDigest.BlockUpdate(buf, 0, n);
}
byte[] hash = new byte[messageDigest.GetDigestSize()];
messageDigest.DoFinal(hash, 0);
DateTime cal = DateTime.Now;

byte[] sh = sgn.GetAuthenticatedAttributeBytes(hash, cal, null);
sgn.Update(sh, 0, sh.Length);

byte[] encodedSig = sgn.GetEncodedPKCS7(hash, cal, null, null);
if (contentEstimated + 2 < encodedSig.Length)
    throw new Exception("Not enough space");

var paddedSig = new byte[contentEstimated];
Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length);

var dic2 = new PdfDictionary();
dic2.Put(PdfName.CONTENTS, new PdfString(paddedSig).SetHexWriting(true));
sap.Close(dic2);

    Leave any feedback if it doesn’t work.

  • Xades standards testing portal

    I just found out a great portal about xml digital signature xades standard testing tool, with detailed information on what is wrong. You just need to send a free email to get the login credentials and you are good to go. They replied to me the next day.

    The link is located at ETSI site: http://xades-portal.etsi.org/pub/index.shtml

    There is a link (lower left part) to the Xades baseline checker online tool which is the final target:http://212.234.160.9/pub/index.shtml. I hope the ip doesn’t change.

    Have fun!

  • Use iText 5.4.x to signing a PDF file

    Here is a sample code to sign a PDF using iTextSharp library and it is using a certificate file (with private key). 

    X509Certificate2 cert = new X509Certificate2("C:\\mycert.p12");

Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] {
cp.ReadCertificate(cert.RawData)};

IExternalSignature externalSignature = new X509Certificate2Signature(cert, "SHA-1");

PdfReader pdfReader = new PdfReader("C:\\multi-page-test.pdf");

var signedPdf = new FileStream("C:\\multi-page-test-signed.pdf", FileMode.Create);

var pdfStamper = PdfStamper.CreateSignature(pdfReader, signedPdf, '\0');
PdfSignatureAppearance signatureAppearance = pdfStamper.SignatureAppearance;

signatureAppearance.SignatureGraphic = Image.GetInstance("C:\\logo.png");
signatureAppearance.Reason = "Because i can";
signatureAppearance.Location = "Tu podpišem";
signatureAppearance.SetVisibleSignature(new Rectangle(100, 100, 250, 150), pdfReader.NumberOfPages, "Signature");
signatureAppearance.SignatureRenderingMode = PdfSignatureAppearance.RenderingMode.GRAPHIC_AND_DESCRIPTION;

MakeSignature.SignDetached(signatureAppearance, externalSignature, chain, null, null, null, 0, CryptoStandard.CMS);

  • Must have WP plugins

    W3 Total Cache
    Plugin designed to cache and speed up your wordpress blog. With loads of setting you can minify css, cache pages, object, database, … You can even use Cloudflare for CDN.

    Smush.it
    A plugin for smashing (compressing) you pictures to the minimum size, but witouth loose of quality.

    WP Socializer
    Social networking integrated on every page and article of your blog. Lots of sites included.

    GTmetrix
    Speed analyzer of your blog with great suggestion on how to improve it.

    Lazy load
    Beautifully loading pictures when they are displayed in a visitors browser. Saves bandwith.
    Loads of other plugins are available at wordpress and this is just a bit I use. Highly recommended.

  • Vigor, SSTP and VPN

    The Windows integrated SSTP (Secure Socket Tunneling Protocol) is till today supported only by DrayTek Vigor models 2950 and 2930.

    The DrayTek team is of the opinion that the fastest VPN of all is achieved by using IPSec with certificates.

  • #1093 You can not specify target table comments for update in FROM clause

    When I try to run update query for my table “comments”, MySQL returns the #1093 – You can’t specify target table ‘comments’ for update in FROM clause message. My contrived table structure and update query are as follow:

    CREATE TABLE comments(id int primary key, phrase text, uid int);

INSERT INTO comments VALUES(1, 'admin user comments',1),
                           (2, 'HR User Comments',2),
                           (3, 'RH User Comments',2);

UPDATE comments
     SET phrase = (SELECT phrase FROM comments WHERE uid=2 AND id=2)
WHERE id = 3;

    Actually, your above update query seems illegal as per SQL standard. MySQL does not allow to UPDATE or DELETE a table’s data if you’re simultaneously reading that same data with a subquery. Because you are doing so that is why MySQL tersely said its such error message. Therefore, you will have to rewrite your above update query.

    Since MySQL materializes sub queries in the FROM Clause as temporary tables, wrapping the subquery into another inner subquery in the FROM Clause causes it to be executed and stored into a temporary table, then referenced implicitly in the outer subquery. So, the update query will succeed by rewriting it like below:

    UPDATE comments
 SET phrase =( SELECT phrase FROM
 (
 SELECT * FROM comments
 )
 AS c1
 WHERE c1.uid=2 AND c1.id=2
 ) WHERE id =3;

    Thanks to the original source:
    http://www.mysqlfaqs.net/mysql-faqs/Errors/1093-You-can-not-specify-target-table-comments-for-update-in-FROM-clause

  • Mysql – Restore only one database from sqldump

    Restoring the whole mysql dump is easy. Either use phpMyAdmin(if the file is not too big) or do it from the console. I had a hard time finding it how to restore only one database from the sqldump of all databases.

    We have a sqldump file which contains multiple databases. If you want to restore only one of them you should use the –one-database command.

    Example:
    I have a sqldump.sql which contains databases named dbispconfig, forum, gallery, … . On the target machine first create the database with the same name and then run the folowing command:

    mysql -u$username$ -p$password$ --one-database $selected_database$ < $sqldump_file$

    If i wanted to select only the “forum” database from the sqldump.sql I would create an empty “forum” database and then run:

    mysql -uroot -pMyPass --one-database forum < sqldump.sql

    That’s it.