20 Jun 2018, 13:41

TLS: Files formats and content manipulation

The Transport Layer Security (TLS) protocol, successor of the Secure Socket Layer (SSL) after its version 3 (SSLv3) is a protocol that provides communications security over a computer network. In today’s world this is the technology that encrypts your communications to web servers, mail servers, instant messaging servers,… .

Setting TLS up correctly is not a hard task but requires quite some amount of know-hows. First timers (or not) in contact with TLS can quickly be overwhelmed by the perception of the multitude of file formats. To simply enable TLS on a HTTP server, one might come across .key, .csr,.crt and.pem files. Eventually based on the platform one can even come across a .cer file.

Don’t be afraid, don’t pull your hair, this article is here to demistify the files formats involved in dealing with TLS from a practical point of view and explain how it all works together.

See More...

04 Feb 2018, 16:21

Simple outgoing-only SMTP server

It’s 2018, RFC 2821 (Simple Mail Transfer Protocol) turns 17 this year, yet emails are the most widely used type of notification. When one builds/deploys a service - most of the time - it will requires the ability to send emails.

With spam emails being a significant amount of global emails volume, rules to be considered a legitimate email has tighten up. Autenthenticated users, TLS, SPF, DKIM, DMARC, …

At $DAYJOB time came to launch a new service and hence a new outgoing-only SMTP server. Rather than going down the habitual Postfix route deployment, we got curious about what were the alternatives out there, and if there was one that was simplier.

Let me introduce you to OpenSMTPD.

See More...

31 Jan 2018, 13:46

Sharing secrets across a team

In my team at $DAYJOB, like most teams, we need to share secrets. Hence we started looking at the various options available. There is a plethora of tools out there that address this specific issue, but after hearing everyone in the team and their expectations about the tool, we came up with a minimal set of requirements the tool should fulfill:

  • No shared password: Secrets must be available for every team members using their own password, no shared password required.
  • Offline use: Secrets must be available offline.
  • Easy way to change all the password at once: Easy way of changing all the secrets at once when a team member leaves the team.

See More...