Code – Page 2 – Codes And Notes

Published on 10 November 2018

OpenPGP Integration (Java and JavaScript): OpenPGP.js

By Diego , In Code, Java, Javascript

So far in this series of posts we have examined how to handle PGP encryption’s core tasks in Java. We now move to the front end side and examine the incredible power of OpenPGP.js !

Published on 18 September 2018

Strong random number generation hangs on Linux machines

By Diego , In Code

You’re working on a new project, which uses a framework requiring strong random number generation. Typically, this could be Spring Security’s BCryptPasswordEncoder. You run your application on a Linux machine: your local Linux Mint for development or some Ubuntu Server instance, for example. And then… nothing happens. The application seems to be hanging! What gives?

Published on 04 September 2018

OpenPGP Integration (Java and JavaScript): Java PGP encryption

By Diego , In Java

In the previous installment we examined how to generate PGP keys using Java. Now that we have those, we can start encrypting! This post examines how to leverage the excellent Bouncy GPG library to make Java PGP encryption as easy as it gets.

Published on 17 July 2018

OpenPGP Integration (Java and JavaScript): Java keys generation

By Diego , In Code, Java

Last time we examined whether Efail and SigSpoof were a game breaker or not. Spoiler: it’s not half as bad as it was claimed. Today we will get our hands dirty: we will implement OpenPGP key generation in Java with BouncyCastle’s seminal library.

Published on 18 June 2018

OpenPGP: no, it’s not broken yet

By Diego , In Code, Opinion

You may have noticed: encryption has received some bad rap lately. I’m talking about Efail and SigSpoof of course, two flaws that impacted OpenPGP-based applications such as GnuPG, Enigmail, etc. Does it mean that OpenPGP is broken?

Published on 18 December 2017

From stateful to stateless RESTful security using Spring and JWTs – Part 7 (Reference material)

By Diego , In Code, Java, Spring

To complete this series about stateless security, I decided to take a bow and list all the blogs posts and websites I’ve studied to get here. If you’re looking for more information on stateless authentication and JWTs, this might be a good place to start from!

Published on 17 November 2017

From stateful to stateless RESTful security using Spring and JWTs – Part 6 (Should I go stateless?)

By Diego , In Java, Opinion, Spring

After a small pause, I resume our exploration of stateless RESTful security by asking THE big question everyone should consider when deciding to go stateless: is it worth it?

Published on 23 October 2017

From stateful to stateless RESTful security using Spring and JWTs – Part 5 (Stateless CSRF)

By Diego , In Code, Java, Spring

When implementing stateful authentication, one often-cited layer of security is CSRF protection. Is it still needed when authenticating using tokens? It depends on how you store your token on the client side. Is it possible to implement CSRF protection in a stateless way? Yes it is!

Published on 16 October 2017

From stateful to stateless RESTful security using Spring and JWTs – Part 4 (JWT-based authentication)

By Diego , In Code, Java, Spring

Previously we have managed to finally get rid of that Session object and transform our RESTful API security to leverage a stateless authentication solution. We replaced our beloved JSESSIONID with a simple string of text, a token, that allowed us to identify a user. But the solution we used is not secure at all. We still need to find a token with the right characteristics to be safe enough in this world of leaks and breaches. Enter JWTs…

Published on 09 October 2017

From stateful to stateless RESTful security using Spring and JWTs – Part 3 (token-based authentication)

By Diego , In Java, Spring

Last time we reviewed how to quickly set up stateful authentication on our Spring-based project. That’s very nice ‘n’ all, and in many cases you won’t need anything more. However shouldn’t we try to get rid of that session-based dependency and attempt to move to a REST-friendly stateless authentication solution? Let’s begin…

Category: Code