Sunday, 19. January 2014Week 02
.: Verify that an SSL certificate matches the private key

When renewing certificates it is a good idea to verify that the newly installed SSL certificate matches the newly installed private key (eg. to make sure no mixup between the new and old files occurred).
This can be done by comparing the modulus of the two files:

openssl x509 -in <certificatefile> -noout -modulus|sha1sum
openssl rsa -in <privatekeyfile> -noout -modulus|sha1sum

13:32 | Networking | Permalink
Sunday, 12. January 2014Week 01
.: Sipura/Linksys/Cisco SPA901 Provisioning and Upgrade

Loading the configuration from http://config.server/configfile.xml (provisioning has to be enabled on the phone):


Upgrading the firmware with the image from http://upgrade.server/firmware.bin:


21:02 | Networking | Permalink
Wednesday, 1. January 2014Week 00
.: Publish GPG Keys in DNS

Create the PKA DNS record:

# localpart=andreas url=
# LANG=C gpg --fingerprint ${localpart}@${domain}|awk -v local=$localpart -v domain=$domain -v url=$url \
'/fingerprint/{printf("%s._pka.%s. TXT \"v=pka1;fpr=%s;uri=%s\"\n",local,domain,$4$5$6$7$8$9$10$11$12$13,url)}' TXT "v=pka1;fpr=1073501542F38352FC85788207A32EAB1C6AC951;uri="

Test DNS resolution:

# dig +short -t txt

Test with GPG:

# gpg --auto-key-locate pka -ea -r ${localpart}@${domain}

Detailed explanation of the different DNS publication mechanisms for PGP Keys:
Publishing PGP Keys in DNS


13:52 | Networking | Permalink