Jeremy Mates’s Blog

The length of a RSA signature varies in direct proportion to the RSA key size, not the amount of data encrypted. The Perl script below demonstrates the length of signatures for several RSA key sizes. Also, larger keys allow more data to be encrypted with RSA, minus overhead for various encoding and security measures. Large amounts of data should be encrypted using a symmetric cipher, and the private key for this cipher encrypted via RSA.

#!/usr/bin/perl -wl use strict; use Crypt::OpenSSL::Random; use Crypt::OpenSSL::RSA; Crypt::OpenSSL::Random::random_status() or die "single and thine image dies with thee\n"; my $string = 'foo'; KEYSIZE: for my $ks (qw{512 1024 2048}) { my $pk = Crypt::OpenSSL::RSA->generate_key($ks); my $sig = $pk->sign($string); print $ks, ' -> ', length $sig; } __DATA__ 512 -> 64 1024 -> 128 2048 -> 256

Technorati Tags: coding, cryptography, Perl

The maximum amount of data encryptable with RSA varies with the RSA key size and encoding method used, as demonstrated by the following code:

#!/usr/bin/perl -wl use Crypt::OpenSSL::Random; use Crypt::OpenSSL::RSA; use MIME::Base64; Crypt::OpenSSL::Random::random_status() or die "as fast as they see others grow\n"; KEYSIZE: for my $ks (qw{512 1024 2048 3072 4096}) { my $pk = Crypt::OpenSSL::RSA->generate_key($ks); # NOTE try altering encoding method here! #$pk->use_pkcs1_padding(); $pk->use_pkcs1_oaep_padding(); # encrypt longer strings until failure for my $dl ( 1 .. 10000 ) { # lengths of resulting blob and blob # base64 encoded my $el = length $pk->encrypt("a"); my $bl = length encode_base64( $pk->encrypt("a") ); eval { $pk->encrypt( "a" x $dl ); }; if ($@) { # failed on current length, so # max one less $dl--; print join( ' ', "rsakey=$ks", "datalength=$dl", "encryptedlength=$el", "base64=$bl" ); next KEYSIZE; } } } __DATA__ rsakey=512 datalength=22 encryptedlength=64 base64=90 rsakey=1024 datalength=86 encryptedlength=128 base64=175 rsakey=2048 datalength=214 encryptedlength=256 base64=349 rsakey=3072 datalength=342 encryptedlength=384 base64=519 rsakey=4096 datalength=470 encryptedlength=512 base64=693

For more information, consult the Crypt::OpenSSL::RSA module documentation. Also consider the excellent Applied Cryptography or Practical Cryptography texts.

Posted by Jeremy Mates at 07:54 | Permalink

sgrax - converts argument list to standard input for a named command. Opposite of xargs(1). Handy on (rare) occasion. Okay, very rare.

#!/bin/sh if [ -z "$1" ]; then echo "Usage: `basename $0` command data for standard input ..." >&2 exit 1 fi COMMAND=$1 shift echo "$@" | $COMMAND

Posted by Jeremy Mates at 05:37 | Permalink

Use parsepath to report Unix directory paths, or check whether a user or group has permissions to access named files. Great to quickly check CGI permissions where some parent directory sets the wrong permissions.

$ parsepath % /Users/jmates d 1775 root:admin / d 1775 root:admin /Users d 0755 jmates:jmates /Users/jmates $ parsepath +w /var/tmp $ parsepath +w /etc/passwd ! unix-other +w fails: f 0644 root:wheel /etc/passwd

Script originally filed under my debugging Unix pages.

Technorati Tags: Perl, Unix

Posted by Jeremy Mates at 21:36 | Permalink

Four excellent recordings of Bach’s Goldberg Variations:

• Bach: Goldberg Variationen with Pierre Hantaï, Harpsichord. My favorite of the bunch, better than the excellent piano interpretations and chamber orchestra.

• Bach: Goldberg Variations by Murray Perahia, Piano.

• Bach: Goldberg Variations by Tatiana Nikolayeva, Piano.

• Bach: Goldberg Variations performed by the NES Chamber Orchestra with Henry Grossman.

Posted by Jeremy Mates at 03:11 | Permalink

And, on a somewhat related note, Talk Like a Pirate Day.

Posted by Jeremy Mates at 14:36 | Permalink

Magic Mouse Toys in Pioneer Square. Easy to bike past, except for Lego and other toy signs buried in otherwise dour building. Huge eclectic selection, must spend more time browsing through it.

Posted by Jeremy Mates at 00:43 | Permalink

Test Perl code illustrating how to read a file from the position last read to. Handy for log processing agents run multiple times on a growing file, where repeated scans would otherwise duplicate previous matches. Re-reads entire file if last position past end of current file contents.

#!/usr/bin/perl use Fatal qw(open); # filename => last read offset my %file_position_stash = ( test => 5 ); my $file = shift || die "Usage: $0 filename\n"; open my $fh, '<', $file; # Try to resume where left off if ( exists $file_position_stash{$file} ) { seek $fh, $file_position_stash{$file}, 0 or warn "whoa: $!\n"; # If at end of file already, file truncated # since last read? Start from beginning, unless # file same size as last read position. if ( eof $fh and $file_position_stash{$file} != -s $fh ) { seek $fh, 0, 0; } } while (<$fh>) { print; } # Save where read to $file_position_stash{$file} = tell $fh or warn "whoa: $!\n"; use Data::Dumper; warn Dumper \%file_position_stash;

If possible, avoid copying and truncating log files. Instead, use software such as httplog to direct logs into files by date-based patterns.

Technorati Tags: coding, Perl

Posted by Jeremy Mates at 04:57 | Permalink

Unix utilities may enforce bizzare restrictions on where options can appear on the command line, or support any number of incompatible option formats. This charming mess results from open development on multiple branches of Unix, and a healthy “invent as need be” attitude. The Rosetta Stone for Unix does a great job mapping common tasks to various commands on various Unix. This article presents a selection of common option processing methods with commentary and example uses.

Technorati Tags: Unix

• ls(1) uses the typical command options items format. Options must always appear before the items. To distinguish between options and items that look like options, most Unix flavors now ship with getopt(3) that support -- to stop option processing.

  $ touch -- -a $ ls | grep a$ -a $ rm -- -a

  Shell scripts may fail without --, for example when external input contains data getopt(3) considers an option. However, be aware -- is not portable. In Perl, always use the list syntax when calling external programs to avoid shell interpretation.

  Adding options requires history up, beginning of line, word forward, space, then editing.

• find(1) employs yet another grammar: find global-options directories-to-search search-expression-options. The expression options may easily be confused with the seldom used global options, and can be mixed with other find syntax that conflicts with shell metacharacters.

• cat(1) and other utilities support a trailing hyphen (sometimes optional, sometimes mandatory) to read from standard input instead of a named file.

  $ echo a line | cat a line $ echo a line | cat - a line

  Perl follows the optional hyphen syntax with the <> operator. However, be aware some (of the many) Perl Getopt::* modules may read a trailing - as an option and remove it from @ARGV.

  $ echo a line | perl -e 'print while <>' a line $ echo a line | perl -e 'print while <>' - a line

• tar(1), depending on the flavor, supports a plethora of options and option syntaxes. Perhaps the worst: the option list xvzfC followed by the named arguments for the f and C option: tar xvzfC filename.tar directory-to-extract-to optionally followed by filenames. This requires careful consideration of the option list order and corresponding values. Modern tar thankfully allow -C directory-name or --directory directory usages.

  Long option names better document what the script does, and are no harder to lookup in the man page than short options. The --option value syntax must be included in the options portion of the command, while --option=value presumably could appear anywhere on the command line. Additional confusion: some utilities use --version, and others -version. I usually determine the version of Java installed on the third try. (Tip: neither -v nor --version work.)

• ps(1) suffer from historical differences and option creep between different Unix distributions. Old ps fall into BSD and SysV flavors, each with their adherents. Modern ps usually support all of the above and more. The documentation for ps thus becomes nearly unreadable, and new programs such as killall(1) (dangerous portability problems) and pgrep(1) (not widely available) see increased usage.

• cvs(1) uses a common cvs global-options subcommand subcommand-options items syntax. The subcommand encapsulates many commands that otherwise would separate compilation and installation, as done for the various RCS commands. I use this format in utility scripts that perform many related functions, and where writing and managing a new script for each would be excessive.

  This format suffers from confusion between the global options and subcommand options, and the related difficulty editing these option areas.

• dd(1) requires key=value operands, which may appear in any order. This facilitates adding new options (simply append them), and allows shell “forward|back by word” to skip between operands. I favor this syntax style, as it avoids -- workarounds, and enforces no artificial position requirements for options versus items. However, this syntax does not suit the needs of every utility.

On a somewhat related note, Unix shell redirects (usually) need not appear at the end of the command line. The following commands have the same result as the usual trailing position for the redirect:

$ echo >target-file some text $ >target-file echo some text $ echo some >target-file text

Posted by Jeremy Mates at 03:03 | Permalink

Same environment used to generate Pastel, modified.

Posted by Jeremy Mates at 01:12 | Permalink

Curious Cook - blog of Harold McGee, author of the excellent On Food and Cooking text.

Technorati Tags: cooking

Posted by Jeremy Mates at 02:37 | Permalink

Posted by Jeremy Mates at 08:33 | Permalink

OmniWeb 5.5 released by OmniGroup. My default browser on Mac OS X, mainly due to site specific options and sidebar tabs with preview instead of a row of tabs with nearly useless <title> text. New release much snappier, better JavaScript support for the few pages I allow that on (mainly Amazon and Bikely).

Posted by Jeremy Mates at 15:29 | Permalink

rename - my enhancement of the original rename script by Larry Wall. Adds preview and copy support, plus documentation with examples. Assumes working knowledge of Perl. Did I mention the preview support?

Warning! Certain vendors install a useless but conflicting rename command under /usr/bin.

Technorati Tags: Perl

Posted by Jeremy Mates at 08:30 | Permalink

StarDrop - new webcomic by Mark Oakley, creator of the most excellent Thieves & Kings series.

Technorati Tags: comics

Posted by Jeremy Mates at 03:54 | Permalink

New trigger found for volcanic eruptions - the more magma crystallizes, the hotter it gets. Meanwhile, Mt. St. Helens spews away. For great background information on Washington State geology, consider Roadside Geology of Washington.

Much still unknown in Geology, with major changes (and arguments over) in thinking since the beginning of the science. Great Geological Controversies provides an excellent background on the various controversies.

Posted by Jeremy Mates at 04:49 | Permalink

Disclaimer: this article has nothing to do with herbs. With that said, I use the following spices heavily:

• Ajwain - good complement in moderation with Coriander.
• Black and White Pepper - mixed together in pepper mill.
• Cardamon Seeds - wonderful when ground fresh, though fades quickly.
• Coriander - excellent base spice for Indian dishes or with quinoa.
• Ginger - fresh, ground, crystalized, it’s all good. Use in both Asian and Indian dishes, and also my smoothie spice mix.
• Poppy Seeds - complement for Cardamon based spice mixes.
• Turmeric - mainly for curry mixes and the health benefits. Not so keen on the orange stains it leaves everywhere.

For curry mixes, I also pick up any number of other spices. Be sure to buy spices fresh, or failing that, try ordering whole spices online. Like coffee, spices must be ground and used as soon as possible. Unless the spice requires industrial equipment to process, such as Mace.

For equipment, currently have a Kitchen Aid blade grinder, a small mortar and pestle, a pepper mill, and a hand crank coffee grinder. Kitchen Aid good for quick mixes of softer spices. Mortar and pestle has smooth sides, so hard to grind spices with. Coffee grinder handles hard spices such as Coriander best, though this task could also be handled by another pepper mill. If only buying one item, purchase a large mortar and pestle. Ensure it has rough sides, as smooth ones allow the spices to escape.

My favorite spice book came from the local World Merchant’s store: The Contemporary Encyclopedia of Herbs and Spices: Seasonings for the Global Kitchen.

Technorati Tags: food

Posted by Jeremy Mates at 02:43 | Permalink

Trying out a series of chess books by Yasser Seirawan. Started with Winning Chess Tactics, but quickly realized lacked the fundamentals covered in first book Play Winning Chess (force, time, space, and pawn structure).

For extra practice, installed chess board at work. Great time waster (and developer snare). Run open games where anyone free to play. This leads to odd chess games, where one side dominates, or numerous tactics changes as different players cast their opinion.

Technorati Tags: chess

Posted by Jeremy Mates at 12:19 | Permalink

Unix shells allow subshells, which can aggregate output from multiple commands into a single stream, or pass input to multiple commands. Aggregation allows the output from two commands to be piped into a single e-mail:

$ (echo data; echo otherdata) | mail nobody@example.org

Use the normally useless cat(1) command to join compressed and uncompressed log data together for searching:

$ ( gunzip -c log.2006-09-01.gz; cat log ) | grep …

When passing a single stream to multiple commands, typically only one of those commands handles the input. In the following example, cd ignores standard input, but does change the working directory for the subsequent mkdir. When the subshell exits, the working directory will not have been changed in the parent shell.

$ rpm2cpio some.rpm | ( cd SOURCES && cpio -id 2>/dev/null )

Note the use of &&. A cd SOUCES; cpio … semicolon between the commands will ignore any chdir(2) errors, and blindly run the cpio(1). By using &&, the cpio will only be called if the chdir succeeds. Always check the exit status of every chdir call made.

To learn more, use pwd(1) to show the current working directory:

$ cd /var/tmp; pwd | ( cat; cd /tmp && pwd ); pwd /var/tmp /tmp /var/tmp

If the command to run only accepts one argument, use either a shell loop, or xargs(1).

$ ( echo dir1; echo dir2 ) | ( cd /tmp && xargs mkdir ) $ ls -d /tmp/dir* /tmp/dir1 /tmp/dir2 $ rmdir /tmp/dir*

A shell loop allows multiple commands:

$ ( echo dir1; echo dir2 ) | \ ( cd /tmp && while read dir; do \ mkdir $dir; chmod 700 $dir; done )

However, increasing complexity on the command line at some point mandates a wrapper script to encapsulate the logic. This provides an easy to edit file that can be tested, have appropriate input checks and error handling, and be saved under a version control repository.

Technorati Tags: Unix

Posted by Jeremy Mates at 03:07 | Permalink

Use convert2der to convert TLS key and certificate files from PEM to DER format and back again.

$ convert2der *.prv *.crt $ convert2der --inform=DER --outform=PEM *.prv *.crt

Great when a vendor tool only supports the DER format, but other tools and vendors generate PEM by default. Convenient wrapper around the openssl rsa(1) and x509(1) subcommands.

Technorati Tags: Perl

Posted by Jeremy Mates at 03:04 | Permalink