Archive for December, 2016

embedded: convert intel hex into bin

December 28, 2016

The post discusses converting a intel hex file into a binary file.

what is hex file
It’s a text file to describe binary file. Some embedded module uses it as input while flashing firmware.

:020000040000FA
:100000000203370218034100C4002202180B222207
:0100100022CD
:07001300021813E4FFA10E27
:07001B0002181B75C8012249
:030023000218239D
:03002B0002182B8D
:030033000218337D
:03003B0002183B6D
:030043000218435D
:03004B0002184B4D
:030053000218533D
:03005B0002185B2D
:030063000218631D
:03006B0002186B0D
:10007300021873BB010689828A83E0225002E722B9
:10008300BBFE02E32289828A83E49322BB010CE54F
:100093008229F582E5833AF583E0225006E9258239
:1000A300F8E622BBFE06E92582F8E222E58229F57D
:1000B30082E5833AF583E49322BB010689828A832E

how to convert it into bin file

  • Download hex2bin .
  • Extract it: tar -xvf Hex2bin-2.3.tar.bz2
  • Then, hex2bin is under Hex2bin-2.3 directory.

use hex2bin to convert file
This command creates a bin file in current directory.

$ ./hex2bin input.hex

use xxd to verify the binary file

$ xxd input.bin | less

conclusion
The post discusses converting a intel hex file into a binary file.

Advertisements

android: third-party package: commons-io

December 28, 2016

This post discusses common-io package in android.

check the version of this package in jcenter repository
Check jcenter repository . So far the latest release is 2.4.

include this package in project

dependencies {
    compile fileTree(include: ['*.jar'], dir: 'libs')
    androidTestCompile('com.android.support.test.espresso:espresso-core:2.2.2', {
        exclude group: 'com.android.support', module: 'support-annotations'
    })
    compile 'com.android.support:appcompat-v7:24.2.1'
    compile 'com.google.code.gson:gson:2.6.2'
    compile 'com.loopj.android:android-async-http:1.4.9'
    compile group: 'commons-io', name: 'commons-io', version: '2.4'
    testCompile 'junit:junit:4.12'
    provided files(android.sdkDirectory.path + "/platforms/" + android.compileSdkVersion + "/data/layoutlib.jar")
}

simple examples of using this package

  • Transform a file into a byte array
  •         byte[] mData;
    
            try {
                mData = org.apache.commons.io.FileUtils.readFileToByteArray(new File(inputFileName));
            } catch (IOException e) {
                e.printStackTrace();
            }
    
  • Transform a byte array into a file
  •         try {
                org.apache.commons.io.FileUtils.writeByteArrayToFile(new File(outputFileName), mData)
            } catch (IOException e) {
                e.printStackTrace();
            }; 
    

conclusion
This post discusses common-io package in android.

raspberry: login raspberry via uart console

December 27, 2016

This post shows how to login raspberry via uart console.

enable uart and fixed its clock frequency
add below two lines in /boot/config.txt

core_freq=250
enable_uart=1

connect usb port of PC and uart port of raspberry

  • Use cp2102 module to convert usb port of PC to uart port.
  • Connect 3.3v pin of cp2102 to pin 1 (3.3v) of raspberry.
  • Connect TXD pin of cp2102 to pin 10 (RXD0) of raspberry.
  • Connect RXD pin of cp2102 to pin 8 (TXD0) of raspberry.
  • Connect GND pin of cp210x to pin 39 (GND) of raspberry.
  • raspberry_uart_console_01

    use tools to login raspberry via uart console
    I use cutecom in ubuntu to login raspberry via uart console. Below are settings.

    • device: /dev/ttyUSB0
    • baudrate: 115200
    • parity check: none
    • data bits: 1
    • stop bits: 1

    raspberry_uart_console_02

    explanation: how it works
    The cutecom is ubuntu communicates a shell in raspberry.

    • The console in raspberry is shell whose stdin and stdout are directed to /dev/ttyS0.
    • /dev/ttyS0 in raspberry is the character device representing uart port
    • The uart port of raspberey is connected to uart pins of CP2102 module.
    • CP2102 converts data between its uart pins and USB connector.
    • USB driver exports a VCP (virtual com port), /dev/ttyUSB0 in my PC’s ubuntu.
    • cutecom program communicate with /dev/ttyUSB0.

    conclusion
    This post shows how to login to raspberry via uart console.

    sd card comparison

    December 26, 2016

    This post discusses sd card comparison.

    what is the difference between sd card and sdhc card, and sdxc card
    They are physically the same. They differ in storage capacity, file system, and data transmission rate.

    • The capacity of sd card is at most 2GB. The file system is 16FAT.
    • The capacity of sdhc card is more than 2GB but at most 32GB. The file system is FAT32
    • The capacity of sdhx card is more than 32GB but at most 2TB. The file system is exFAT.

    class and speed

    • class 2: data transmission rate is at least 2MB/s
    • class 4: data transmission rate is at least 4MB/s
    • class 6: data transmission rate is at least 6MB/s
    • class 8: data transmission rate is at least 8MB/s
    • class 10: data transmission rate is at least 10MB/s

    test of data transmission rate
    I tested a 16GB class 10 SDHC card. It takes 74 seconds to write 1 GB data to sdcard. The test data transmission rate is about 13MB/s.

    dd if=/dev/zero of=/${SD_CARD_PATH}/a.dat bs=1024 count=$((1024*1024))
    

    conclusion
    This post discusses sd card comparison. And test data transmission rate of a sdhc card.

    mac: copy an image to sdcard

    December 26, 2016

    This post discusses how to copy an image to sdcard. My motivation is to boot q device with the image in sdcard.

    testing environment
    OS X El Capitan 10.11.4

    list all disk and partition
    In my case, the sdcard is exported a block device, /dev/disk2, which is mounted at /Volumes/NO NAME with file system fat32.

    $ diskutil list
    /dev/disk0 (internal, physical):
       #:                       TYPE NAME                    SIZE       IDENTIFIER
       0:      GUID_partition_scheme                        *251.0 GB   disk0
       1:                        EFI EFI                     209.7 MB   disk0s1
       2:          Apple_CoreStorage Macintosh HD            250.1 GB   disk0s2
       3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
    /dev/disk1 (internal, virtual):
       #:                       TYPE NAME                    SIZE       IDENTIFIER
       0:                  Apple_HFS Macintosh HD           +249.8 GB   disk1
                                     Logical Volume on disk0s2
                                     1043D3CE-3F0E-4966-BC11-8D76D427A94A
                                     Unencrypted
    /dev/disk2 (internal, physical):
       #:                       TYPE NAME                    SIZE       IDENTIFIER
       0:     FDisk_partition_scheme                        *15.5 GB    disk2
       1:             Windows_FAT_32 NO NAME                 15.5 GB    disk2s1
    $ mount
    /dev/disk1 on / (hfs, local, journaled)
    devfs on /dev (devfs, local, nobrowse)
    map -hosts on /net (autofs, nosuid, automounted, nobrowse)
    map auto_home on /home (autofs, automounted, nobrowse)
    /dev/disk2s1 on /Volumes/NO NAME (msdos, local, nodev, nosuid, noowners)
    

    unmount sdcard
    After the sdcard is unmounted, it’s not managed by file system. Now it’s safe to read/write the block device of sdcard directly.

    $ diskutil unmountDisk /dev/disk2
    $ diskutil list
    /dev/disk0 (internal, physical):
       #:                       TYPE NAME                    SIZE       IDENTIFIER
       0:      GUID_partition_scheme                        *251.0 GB   disk0
       1:                        EFI EFI                     209.7 MB   disk0s1
       2:          Apple_CoreStorage Macintosh HD            250.1 GB   disk0s2
       3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
    /dev/disk1 (internal, virtual):
       #:                       TYPE NAME                    SIZE       IDENTIFIER
       0:                  Apple_HFS Macintosh HD           +249.8 GB   disk1
                                     Logical Volume on disk0s2
                                     1043D3CE-3F0E-4966-BC11-8D76D427A94A
                                     Unencrypted
    /dev/disk2 (internal, physical):
       #:                       TYPE NAME                    SIZE       IDENTIFIER
       0:     FDisk_partition_scheme                        *15.5 GB    disk2
       1:             Windows_FAT_32 NO NAME                 15.5 GB    disk2s1
    $ mount
    /dev/disk1 on / (hfs, local, journaled)
    devfs on /dev (devfs, local, nobrowse)
    map -hosts on /net (autofs, nosuid, automounted, nobrowse)
    map auto_home on /home (autofs, automounted, nobrowse)
    

    copy boot image to sdcard
    Use dd command to copy image to the block device of sdcard directly.

    $ dd bs=512 if=image_file of=/dev/disk2
    

    eject sdcard
    Finally, eject sdcard. The block device of sdcard will be released by kernel. Now it’s safe to remove the sdcard.

    $ diskutil eject /dev/disk2s1
    $ diskutil list
    /dev/disk0 (internal, physical):
       #:                       TYPE NAME                    SIZE       IDENTIFIER
       0:      GUID_partition_scheme                        *251.0 GB   disk0
       1:                        EFI EFI                     209.7 MB   disk0s1
       2:          Apple_CoreStorage Macintosh HD            250.1 GB   disk0s2
       3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
    /dev/disk1 (internal, virtual):
       #:                       TYPE NAME                    SIZE       IDENTIFIER
       0:                  Apple_HFS Macintosh HD           +249.8 GB   disk1
                                     Logical Volume on disk0s2
                                     1043D3CE-3F0E-4966-BC11-8D76D427A94A
                                     Unencrypted
    

    conclusion
    The post discusses commands to copy an image to sdcard.

    android: security: keystore, jks, and jkcs12

    December 21, 2016

    This post discusses keystore.

    test environment
    OS X El Captian Version 10.11.4

    what is keystore
    A file containing private keys and its certificates.

    what is jks and jkcs12
    Two different type of keystore. The default keystore type in jdk and android is jks.

    how to create a keystore

    1. keytool -genkey creates a keystore and a private key within it. The name of the keystore is keystore.jks. The alias of the private key is mykey.
    2. $ keytool -genkey -keystore keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias mykey
      
    3. keytool -list shows that there is only one entry in this keystore. The entry is a private key with alias mykey.
    4. $ keytool -list -v -keystore keystore.jks 
      Keystore type: JKS
      Keystore provider: SUN
      
      Your keystore contains 1 entry
      
      Alias name: mykey
      Creation date: Dec 22, 2016
      Entry type: PrivateKeyEntry
      Certificate chain length: 1
      Certificate[1]:
      Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
      Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
      Serial number: 26c53310
      Valid from: Thu Dec 22 01:01:58 CST 2016 until: Mon May 09 01:01:58 CST 2044
      Certificate fingerprints:
               MD5:  1F:EF:A8:1B:83:1A:B2:37:0E:AF:92:09:A0:F1:EF:72
               SHA1: B9:52:57:E9:6C:AE:F7:98:42:A9:7E:AD:2D:A6:19:F5:59:2B:E9:B6
               SHA256: CA:22:68:5A:6C:D9:3F:6E:E2:88:BC:62:B1:DE:BA:0A:D2:A9:4A:B5:D8:84:62:FC:00:65:DE:A1:12:2C:88:B3
               Signature algorithm name: SHA256withRSA
               Version: 3
      

    how to add a existing private key into a jks keystore
    I tried this when I wanted to add the android’s default platform key into my apk. It couldn’t be done directly. But it could be done indirectly as below.

    1. platform.pk8 is a private key in pkcs#8 format with der encoding. Transform it into a private key in pkcs#1 format with pem coding.
    2. $ openssl pkcs8 -nocrypt -in platform.pk8 -inform der -out platform.pem -outform pem
      $ cat platform.pem 
      -----BEGIN RSA PRIVATE KEY-----
      MIIEogIBAAKCAQEAnHgFkqwNXTgc3qpl7MimAG42SAxtcgexIBG+UIY6q+K1XQCa
      33FG1vIgIoDHzU172yYkO4qAbCazSxN1I6SSaCJJBNwBST58Cs8aBch09psDe2Aw
      nZB00kKA4WutKoc0NhlR6vcqSC0JsgSxh14SrJjBqnc9aAC56v3lbVi+2OjaFvmj
      YAmcN6g0pt/tt7a0SgSeB6Jp/M8sVJbyzzbWTfkKO42PNKO6q0z1M3GrJ3GbO6WH
      VK0MU/wU4dtF1R4jT7vpPJuk7fnOVCYTUOxTVge/aaL/SqB9tffqIA0JpsG0niFA
      L4ntEZCJOqtakYDxUugvhaRXU89fwZBxxe7IJwIBAwKCAQBoUAO3HV4+JWiUcZlI
      hcQASXmFXZ5MBSDAC9Q1rtHH7HjoqxHqS4SPTBVsVdqI3lKSGW19BwBIGczct6Nt
      GGGawYYDPVYw1FKx32auhaNPEgJSQCBpCviMLFXrnR4cWiLOu4vx+hwwHgZ2rcuv
      lAxzEIEcT35FVdFHU+5I5dSQmjE03IV8a/qBrB+XeRBwjwXxFOL/AajgUhIJFBSd
      WOmOQEKm0ntp0memymaRPGGNuyKb6ga2RDdI+0inByriQ5vNQxny64d7zplulNGV
      su6Par+yDWFzQ77SlDEIoF2GADSlKSr73lEoCifosXxT/GHvdo/Jqfnf/teouFmu
      1rubAoGBAMgnd8LuMLEQLv/KtWmy9eP1fDPefnZX4SQZdx/VcFG7B/gj9lUUPSmJ
      GmHT8Dm/Ic9YfIKq++AEmxL8/osTB8yOs3pdO1QwnsPujlGTgYjsRnPKe0qWbgng
      7C/hhGcZDjEOz11KQyP6fJ8fOHhCVGax3NpL9VXKXQFy4ba6YonFAoGBAMggNxg3
      NvNk9wV49Otb6kdq6RWqoXZUcu0tgbQNwSY9kK4dW4EBqvWoAvmFpt8Ttxf5SfqY
      Stlh6BTqUfpusO0NI8fy/wWDpSQ/uIdc3mSSoSwUE6KHTNWZLXCxmBZEszSXlCJr
      eU9bBK4+aKfRMfe52X2LMAq5dBrRmjSFSiT7AoGBAIVvpSyeyyC1dKqHI5vMo+1O
      Us0+/vmP621mT2qOSuEnWqVtTuNi03EGEZaNStEqFoo6/axx/UADEgyoqbIMr920
      d6bo0jggadf0XuENAQXy2aKG/NxkSVvrSB/rrZoQtCC0ij4xghf8UxS/evrW4u8h
      PebdTjkxk1ZMlnnRlwaDAoGBAIVqz2V6JKJDT1j7TfI9RtpHRg5xwPmNofNzq81e
      gMQpCx6+PQCrx05wAfuubz9ieg/7hqcQMeZBRWNG4VGfIJ4IwoVMqgOtGMLVJa+T
      Pu23Fh1it8GviI5mHkshEA7Yd3hlDWxHpjTnWHQpmxqLdqUmkP5cyrHQ+BHhEXhY
      3BinAoGAPiXjreVhRDab+C0/uz/o9ZN8bzmfbCRrl0V5PR187Cb0Qp3OaEnMKpLu
      ouR48xvIMjVWYNbEBm1W1lpnDbWkvCN12pWAB2EMm/EhsZUD+HLSgDeI9h25NThw
      DFvOHXwEGEMBXAXWiU7TF0JW21+UYcfdMBOKhbiGqceiCjpg8Uc=
      -----END RSA PRIVATE KEY-----
      
    3. The private key in pem encoding can be used to create a new keystore. The keystore, platform.pk12, contains the private key platform.pem.
    4. $ openssl pkcs12 -export -in platform.x509.pem -inkey platform.pem -out platform.pk12 -name platform
      
    5. Import the private key in platform.pk12 into keystore.jks
    6. $ keytool -importkeystore -srckeystore platform.pk12 -destkeystore keystore.jks 
      Entry for alias platform successfully imported.
      Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
      
    7. keytool -list shows that the android default platform key, platform.pk8 has already been imported into keystore.jks successfully.
    8. $ keytool -list -v -keystore keystore.jks
      
      Keystore type: JKS
      Keystore provider: SUN
      
      Your keystore contains 2 entries
      
      Alias name: platform
      Creation date: Dec 22, 2016
      Entry type: PrivateKeyEntry
      Certificate chain length: 1
      Certificate[1]:
      Owner: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
      Issuer: EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US
      Serial number: b3998086d056cffa
      Valid from: Wed Apr 16 06:40:50 CST 2008 until: Sun Sep 02 06:40:50 CST 2035
      Certificate fingerprints:
      	 MD5:  8D:DB:34:2F:2D:A5:40:84:02:D7:56:8A:F2:1E:29:F9
      	 SHA1: 27:19:6E:38:6B:87:5E:76:AD:F7:00:E7:EA:84:E4:C6:EE:E3:3D:FA
      	 SHA256: C8:A2:E9:BC:CF:59:7C:2F:B6:DC:66:BE:E2:93:FC:13:F2:FC:47:EC:77:BC:6B:2B:0D:52:C1:1F:51:19:2A:B8
      	 Signature algorithm name: MD5withRSA
      	 Version: 3
      
      Extensions: 
      
      #1: ObjectId: 2.5.29.35 Criticality=false
      AuthorityKeyIdentifier [
      KeyIdentifier [
      0000: 4F E4 A0 B3 DD 9C BA 29   F7 1D 72 87 C4 E7 C3 8F  O......)..r.....
      0010: 20 86 C2 99                                         ...
      ]
      [EMAILADDRESS=android@android.com, CN=Android, OU=Android, O=Android, L=Mountain View, ST=California, C=US]
      SerialNumber: [    b3998086 d056cffa]
      ]
      
      #2: ObjectId: 2.5.29.19 Criticality=false
      BasicConstraints:[
        CA:true
        PathLen:2147483647
      ]
      
      #3: ObjectId: 2.5.29.14 Criticality=false
      SubjectKeyIdentifier [
      KeyIdentifier [
      0000: 4F E4 A0 B3 DD 9C BA 29   F7 1D 72 87 C4 E7 C3 8F  O......)..r.....
      0010: 20 86 C2 99                                         ...
      ]
      ]
      
      
      
      *******************************************
      *******************************************
      
      
      Alias name: mykey
      Creation date: Dec 22, 2016
      Entry type: PrivateKeyEntry
      Certificate chain length: 1
      Certificate[1]:
      Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
      Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
      Serial number: 26c53310
      Valid from: Thu Dec 22 01:01:58 CST 2016 until: Mon May 09 01:01:58 CST 2044
      Certificate fingerprints:
      	 MD5:  1F:EF:A8:1B:83:1A:B2:37:0E:AF:92:09:A0:F1:EF:72
      	 SHA1: B9:52:57:E9:6C:AE:F7:98:42:A9:7E:AD:2D:A6:19:F5:59:2B:E9:B6
      	 SHA256: CA:22:68:5A:6C:D9:3F:6E:E2:88:BC:62:B1:DE:BA:0A:D2:A9:4A:B5:D8:84:62:FC:00:65:DE:A1:12:2C:88:B3
      	 Signature algorithm name: SHA256withRSA
      	 Version: 3
      
      Extensions: 
      
      #1: ObjectId: 2.5.29.14 Criticality=false
      SubjectKeyIdentifier [
      KeyIdentifier [
      0000: 14 2B FA 9F D1 8B D4 7E   CF 4E 00 AF 83 D0 FD 78  .+.......N.....x
      0010: 13 0F 8A 48                                        ...H
      ]
      ]
      
      
      
      *******************************************
      *******************************************
      
      
      
      

    conclusion
    This post discusses what is keystore and how to add an existing private key into a keystore.

    android: security: sign apk with android default platform key

    December 19, 2016

    This post discusses how to sign apk with android default platform key.

    preliminary

    build apk and sign it with android default platform key
    Use signapk to sign platform key into the apk. Certificate and private key of platform key are needed.

    $ ./gradlew assembleRelease
    $ java -jar signapk.jar ${ANDROID_SOURCE}/build/target/product/security/platform.x509.pem ${ANDROID_SOURCE}/build/target/product/security/platform.pk8 ./app/build/outputs/apk/app-release.apk ./app/build/outputs/apk/platform-key-release.apk
    
    ./app/build/outputs/apk/platform-key-release.apk
    

    conclusion
    This post shows how to sign apk with android default platform key.

    android: security: private key formats and encodings

    December 19, 2016

    This post discusses private key formats and encodings.

    what is private key
    Public key and private key are essential in asymmetric encryption.

    • A pair of public key and private key could be generated efficiently.
    • Given a public key, there exists no efficient algorithm to get its private key.
    • Given a private key, there exists efficient algorithms to get its public key.
    • Private key and public key could verify each other.
    • Private key and public key could verify the signatures created by each other.

    private key formats
    The post discusses two private key formats.

    • pkcs#1 format
    • pkcs#8 format

    android default platform key
    We use android default platform key as an example since it’s a pkcs#8 format private key. Below shows how to get android default platform private key in android 5.1.1. The file name of this private key is platform.pk8.

    $ git clone https://android.googlesource.com/platform/build
    $ git reset --hard android-5.1.1_r1
    $ cd build/target/product/security 
    $ ls 
    Android.mk              media.pk8               platform.pk8            shared.pk8              testkey.pk8             verity.pk8              verity_key
    README                  media.x509.pem          platform.x509.pem       shared.x509.pem         testkey.x509.pem        verity.x509.pem
    

    private key encodings
    A private key could be represented in two encodings.

    • pem encoding: Base64 ASCII text.
    • der encoding: binary data

    For example, android default platform key, platform.pk8, is a private key in pkcs#8 format with der encoding.

    $ openssl pkcs8 -in platform.pk8 -inform der -nocrypt 
    -----BEGIN RSA PRIVATE KEY-----
    MIIEogIBAAKCAQEAnHgFkqwNXTgc3qpl7MimAG42SAxtcgexIBG+UIY6q+K1XQCa
    33FG1vIgIoDHzU172yYkO4qAbCazSxN1I6SSaCJJBNwBST58Cs8aBch09psDe2Aw
    nZB00kKA4WutKoc0NhlR6vcqSC0JsgSxh14SrJjBqnc9aAC56v3lbVi+2OjaFvmj
    YAmcN6g0pt/tt7a0SgSeB6Jp/M8sVJbyzzbWTfkKO42PNKO6q0z1M3GrJ3GbO6WH
    VK0MU/wU4dtF1R4jT7vpPJuk7fnOVCYTUOxTVge/aaL/SqB9tffqIA0JpsG0niFA
    L4ntEZCJOqtakYDxUugvhaRXU89fwZBxxe7IJwIBAwKCAQBoUAO3HV4+JWiUcZlI
    hcQASXmFXZ5MBSDAC9Q1rtHH7HjoqxHqS4SPTBVsVdqI3lKSGW19BwBIGczct6Nt
    GGGawYYDPVYw1FKx32auhaNPEgJSQCBpCviMLFXrnR4cWiLOu4vx+hwwHgZ2rcuv
    lAxzEIEcT35FVdFHU+5I5dSQmjE03IV8a/qBrB+XeRBwjwXxFOL/AajgUhIJFBSd
    WOmOQEKm0ntp0memymaRPGGNuyKb6ga2RDdI+0inByriQ5vNQxny64d7zplulNGV
    su6Par+yDWFzQ77SlDEIoF2GADSlKSr73lEoCifosXxT/GHvdo/Jqfnf/teouFmu
    1rubAoGBAMgnd8LuMLEQLv/KtWmy9eP1fDPefnZX4SQZdx/VcFG7B/gj9lUUPSmJ
    GmHT8Dm/Ic9YfIKq++AEmxL8/osTB8yOs3pdO1QwnsPujlGTgYjsRnPKe0qWbgng
    7C/hhGcZDjEOz11KQyP6fJ8fOHhCVGax3NpL9VXKXQFy4ba6YonFAoGBAMggNxg3
    NvNk9wV49Otb6kdq6RWqoXZUcu0tgbQNwSY9kK4dW4EBqvWoAvmFpt8Ttxf5SfqY
    Stlh6BTqUfpusO0NI8fy/wWDpSQ/uIdc3mSSoSwUE6KHTNWZLXCxmBZEszSXlCJr
    eU9bBK4+aKfRMfe52X2LMAq5dBrRmjSFSiT7AoGBAIVvpSyeyyC1dKqHI5vMo+1O
    Us0+/vmP621mT2qOSuEnWqVtTuNi03EGEZaNStEqFoo6/axx/UADEgyoqbIMr920
    d6bo0jggadf0XuENAQXy2aKG/NxkSVvrSB/rrZoQtCC0ij4xghf8UxS/evrW4u8h
    PebdTjkxk1ZMlnnRlwaDAoGBAIVqz2V6JKJDT1j7TfI9RtpHRg5xwPmNofNzq81e
    gMQpCx6+PQCrx05wAfuubz9ieg/7hqcQMeZBRWNG4VGfIJ4IwoVMqgOtGMLVJa+T
    Pu23Fh1it8GviI5mHkshEA7Yd3hlDWxHpjTnWHQpmxqLdqUmkP5cyrHQ+BHhEXhY
    3BinAoGAPiXjreVhRDab+C0/uz/o9ZN8bzmfbCRrl0V5PR187Cb0Qp3OaEnMKpLu
    ouR48xvIMjVWYNbEBm1W1lpnDbWkvCN12pWAB2EMm/EhsZUD+HLSgDeI9h25NThw
    DFvOHXwEGEMBXAXWiU7TF0JW21+UYcfdMBOKhbiGqceiCjpg8Uc=
    -----END RSA PRIVATE KEY-----
    

    what is pem format
    It means pkcs#1 format with pem encoding.

    transform a private key between different formats and encodings

    • Transform a private key in pkcs#8 format with der encoding to pem format (pkcs#1 format in pem encoding).
    • $ openssl pkcs8 -nocrypt -inform der -outform pem -in platform.pk8 -out platform.pem 
      
    • Transform the private key in pem format back to pkcs#8 format with der encoding
    • $ openssl pkcs8 -nocrypt -topk8 -inform pem -outform der -in platform.pem -out platform.pk8.2
      $ md5 platform.pk8 platform.pk8.2
      MD5 (platform.pk8) = 6d1611ff6c2201b5edb8c4906b8adcfa
      MD5 (platform.pk8.2) = 6d1611ff6c2201b5edb8c4906b8adcfa 
      
    • Transform the private key in pem format to pkcs#8 format with pem encoding
    • $ openssl pkcs8 -nocrypt -topk8 -inform pem -outform pem -in platform.pem -out platform.pk8.pem
      $ cat platform.pk8.pem 
      -----BEGIN PRIVATE KEY-----
      MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCceAWSrA1dOBze
      qmXsyKYAbjZIDG1yB7EgEb5Qhjqr4rVdAJrfcUbW8iAigMfNTXvbJiQ7ioBsJrNL
      E3UjpJJoIkkE3AFJPnwKzxoFyHT2mwN7YDCdkHTSQoDha60qhzQ2GVHq9ypILQmy
      BLGHXhKsmMGqdz1oALnq/eVtWL7Y6NoW+aNgCZw3qDSm3+23trRKBJ4Homn8zyxU
      lvLPNtZN+Qo7jY80o7qrTPUzcasncZs7pYdUrQxT/BTh20XVHiNPu+k8m6Tt+c5U
      JhNQ7FNWB79pov9KoH219+ogDQmmwbSeIUAvie0RkIk6q1qRgPFS6C+FpFdTz1/B
      kHHF7sgnAgEDAoIBAGhQA7cdXj4laJRxmUiFxABJeYVdnkwFIMAL1DWu0cfseOir
      EepLhI9MFWxV2ojeUpIZbX0HAEgZzNy3o20YYZrBhgM9VjDUUrHfZq6Fo08SAlJA
      IGkK+IwsVeudHhxaIs67i/H6HDAeBnaty6+UDHMQgRxPfkVV0UdT7kjl1JCaMTTc
      hXxr+oGsH5d5EHCPBfEU4v8BqOBSEgkUFJ1Y6Y5AQqbSe2nSZ6bKZpE8YY27Ipvq
      BrZEN0j7SKcHKuJDm81DGfLrh3vOmW6U0ZWy7o9qv7INYXNDvtKUMQigXYYANKUp
      KvveUSgKJ+ixfFP8Ye92j8mp+d/+16i4Wa7Wu5sCgYEAyCd3wu4wsRAu/8q1abL1
      4/V8M95+dlfhJBl3H9VwUbsH+CP2VRQ9KYkaYdPwOb8hz1h8gqr74ASbEvz+ixMH
      zI6zel07VDCew+6OUZOBiOxGc8p7SpZuCeDsL+GEZxkOMQ7PXUpDI/p8nx84eEJU
      ZrHc2kv1VcpdAXLhtrpiicUCgYEAyCA3GDc282T3BXj061vqR2rpFaqhdlRy7S2B
      tA3BJj2Qrh1bgQGq9agC+YWm3xO3F/lJ+phK2WHoFOpR+m6w7Q0jx/L/BYOlJD+4
      h1zeZJKhLBQToodM1ZktcLGYFkSzNJeUImt5T1sErj5op9Ex97nZfYswCrl0GtGa
      NIVKJPsCgYEAhW+lLJ7LILV0qocjm8yj7U5SzT7++Y/rbWZPao5K4SdapW1O42LT
      cQYRlo1K0SoWijr9rHH9QAMSDKipsgyv3bR3pujSOCBp1/Re4Q0BBfLZoob83GRJ
      W+tIH+utmhC0ILSKPjGCF/xTFL96+tbi7yE95t1OOTGTVkyWedGXBoMCgYEAhWrP
      ZXokokNPWPtN8j1G2kdGDnHA+Y2h83OrzV6AxCkLHr49AKvHTnAB+65vP2J6D/uG
      pxAx5kFFY0bhUZ8gngjChUyqA60YwtUlr5M+7bcWHWK3wa+IjmYeSyEQDth3eGUN
      bEemNOdYdCmbGot2pSaQ/lzKsdD4EeEReFjcGKcCgYA+JeOt5WFENpv4LT+7P+j1
      k3xvOZ9sJGuXRXk9HXzsJvRCnc5oScwqku6i5HjzG8gyNVZg1sQGbVbWWmcNtaS8
      I3XalYAHYQyb8SGxlQP4ctKAN4j2Hbk1OHAMW84dfAQYQwFcBdaJTtMXQlbbX5Rh
      x90wE4qFuIapx6IKOmDxRw==
      -----END PRIVATE KEY-----
      

      difference between pkcs#1 and pkcs#8 format

      • A private key in pkcs#1 format with pem encoding begins with —–BEGIN RSA PRIVATE KEY—–
      • A private key in pkcs#8 format with pem encoding begins with —–BEGIN PRIVATE KEY—–
      • pkcs#1 format only includes a RSA private key.
      • pkcs#8 format includes meta data and a private key. The key might not be RSA private key. The meta data implies if it’s RSA private key or not.

      how to verify certificate with private key
      The certificate’s embedded public key is supposed to be the same as the public key computed from its corresponding private key.

      • Get the public key embedded in a certificate.
      • $ openssl x509 -in  platform.x509.pem -noout -pubkey
        -----BEGIN PUBLIC KEY-----
        MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAnHgFkqwNXTgc3qpl7Mim
        AG42SAxtcgexIBG+UIY6q+K1XQCa33FG1vIgIoDHzU172yYkO4qAbCazSxN1I6SS
        aCJJBNwBST58Cs8aBch09psDe2AwnZB00kKA4WutKoc0NhlR6vcqSC0JsgSxh14S
        rJjBqnc9aAC56v3lbVi+2OjaFvmjYAmcN6g0pt/tt7a0SgSeB6Jp/M8sVJbyzzbW
        TfkKO42PNKO6q0z1M3GrJ3GbO6WHVK0MU/wU4dtF1R4jT7vpPJuk7fnOVCYTUOxT
        Vge/aaL/SqB9tffqIA0JpsG0niFAL4ntEZCJOqtakYDxUugvhaRXU89fwZBxxe7I
        JwIBAw==
        -----END PUBLIC KEY-----
        
      • Compute the public key from a private key.
      • $ openssl pkcs8 -in platform.pk8 -inform der -nocrypt -out platform.pem -outform pem
        $ openssl rsa -in platform.pem -inform pem -pubout
        writing RSA key
        -----BEGIN PUBLIC KEY-----
        MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAnHgFkqwNXTgc3qpl7Mim
        AG42SAxtcgexIBG+UIY6q+K1XQCa33FG1vIgIoDHzU172yYkO4qAbCazSxN1I6SS
        aCJJBNwBST58Cs8aBch09psDe2AwnZB00kKA4WutKoc0NhlR6vcqSC0JsgSxh14S
        rJjBqnc9aAC56v3lbVi+2OjaFvmjYAmcN6g0pt/tt7a0SgSeB6Jp/M8sVJbyzzbW
        TfkKO42PNKO6q0z1M3GrJ3GbO6WHVK0MU/wU4dtF1R4jT7vpPJuk7fnOVCYTUOxT
        Vge/aaL/SqB9tffqIA0JpsG0niFAL4ntEZCJOqtakYDxUugvhaRXU89fwZBxxe7I
        JwIBAw==
        -----END PUBLIC KEY-----
        

      conclusion
      This post discusses private key formats and encodings. It also shows how to verify a certificate with its corresponding private key.

    android: security: x509 certificate and encodings

    December 19, 2016

    This post discusses x509 certificate, its encodings, and android default platform key’s certificate.

    what is certificate
    It includes a public key and information related to this key, such as issuers and encryption algorithm.

    what is x509 certificate
    A certificate format.

    android default platform key’s certificate
    Android default platform key is only used during development stage. Below shows how to get android default platform key’s certificate in android 5.1.1. The file name of this certificate is platform.x509.pem.

    $ git clone https://android.googlesource.com/platform/build
    $ git reset --hard android-5.1.1_r1
    $ cd build/target/product/security 
    $ ls 
    Android.mk              media.pk8               platform.pk8            shared.pk8              testkey.pk8             verity.pk8              verity_key
    README                  media.x509.pem          platform.x509.pem       shared.x509.pem         testkey.x509.pem        verity.x509.pem
    

    x509 and encodings
    X509 format could be represented in two encodings.

    • pem encoding: Base64 in ASCII text. It begins with —–BEGIN CERTIFICATE—– and ends with —–END CERTIFICATE—–
    • der encoding: binary data
    • $ file platform.x509.pem
      platform.x509.pem: ASCII text
      $ cat platform.x509.pem
      -----BEGIN CERTIFICATE-----
      MIID4zCCAsugAwIBAgIJAIYmxNS3ueGhMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD
      VQQGEwJDTjERMA8GA1UECAwIU2hlbnpoZW4xEDAOBgNVBAcMB05hbnNoYW4xDTAL
      BgNVBAoMBE1pa2kxDTALBgNVBAsMBE1pa2kxEjAQBgNVBAMMCVNpdGVyd2VsbDEh
      MB8GCSqGSIb3DQEJARYSc2l0ZXJ3ZWxsQG1pa2kuY29tMB4XDTE2MDkxMjEzMTEw
      NloXDTQ0MDEyOTEzMTEwNlowgYcxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhTaGVu
      emhlbjEQMA4GA1UEBwwHTmFuc2hhbjENMAsGA1UECgwETWlraTENMAsGA1UECwwE
      TWlraTESMBAGA1UEAwwJU2l0ZXJ3ZWxsMSEwHwYJKoZIhvcNAQkBFhJzaXRlcndl
      bGxAbWlraS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe+L/H
      VlmJt2oRCLoxvebthSPpIAYcFK3+MK4yv0On8bzbrDpaTMct1b+8Or24xkomyz7I
      7y0mKLkDYxd2NLwMTw/JsX0n6yOUBVpvkGPQKg8jXXI13BvnOqzZDBdU4uUX0SAx
      IbVIYijfTdCH5IT6O7Fym9Iju2F39iMMpjePvsi4IAlaqHmXe4blaJcMsBrIV7yf
      vQExGDJpJiFIQ0UUSKVsKpUnFI0TdQiBZGHY3cHV0HI6mDHUocnTGIXhnZ0jF2Cs
      LdJ1oEryvnMkVTRd4KjtxilkntWGTy8PjY3Je1KuAKrxIl6gLx8w6rCEDYFAZXTh
      RdWHAe63Z1n94UCdAgMBAAGjUDBOMB0GA1UdDgQWBBTBICrojPpl7zoOs937tO9Z
      gdsHxDAfBgNVHSMEGDAWgBTBICrojPpl7zoOs937tO9ZgdsHxDAMBgNVHRMEBTAD
      AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQB5Id+i6oaC/tJ4/7Tc3xg/3v15VLT+qgcN
      G0NWPq+XyGJ4fI95CNAV3QcDQXkVk6u00JFLC0yIygnaz3r/rYFh+1v0P/sHK4A6
      LG75C6RUGmQaqW8enDHK8hkcp7Qxfk+75b7geIQiotGH0Yk2Zl1HGRHB0+54W+hU
      sOfgymV5cNhkC+NYOUc1y3QTVv6kMjua3g0fGIHTD+CqhEeUVlkhm4+LOl0AXD1Q
      PVY0Qoe6d3g21bucFiX/1NWhVUQccYIKhsRlX3FS7JGRLYUCC3/Xt8pn84yENEo7
      V1d7SOWTspSKRUnZySFZc1eObuveKOdjl893o/vQF1CSAwOh/JkH
      -----END CERTIFICATE-----
      

    transform x509 format between different encodings

    • Transform a x509 format certificate from pem encoding into der encoding
    • $ openssl x509 -in platform.x509.pem -inform pem -out platform.x509.der -outform der
      
    • Transform a x509 format certificate from der encoding into pem encoding
    • $ openssl x509 -in platform.x509.der -inform der -out platform.x509.pem.2 -outform pem
      
    • Verify that this x509 certificate is the same with the two encodings.
    • bash-3.2$ openssl x509 -in platform.x509.pem -inform pem
      -----BEGIN CERTIFICATE-----
      MIID4zCCAsugAwIBAgIJAIYmxNS3ueGhMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD
      VQQGEwJDTjERMA8GA1UECAwIU2hlbnpoZW4xEDAOBgNVBAcMB05hbnNoYW4xDTAL
      BgNVBAoMBE1pa2kxDTALBgNVBAsMBE1pa2kxEjAQBgNVBAMMCVNpdGVyd2VsbDEh
      MB8GCSqGSIb3DQEJARYSc2l0ZXJ3ZWxsQG1pa2kuY29tMB4XDTE2MDkxMjEzMTEw
      NloXDTQ0MDEyOTEzMTEwNlowgYcxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhTaGVu
      emhlbjEQMA4GA1UEBwwHTmFuc2hhbjENMAsGA1UECgwETWlraTENMAsGA1UECwwE
      TWlraTESMBAGA1UEAwwJU2l0ZXJ3ZWxsMSEwHwYJKoZIhvcNAQkBFhJzaXRlcndl
      bGxAbWlraS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe+L/H
      VlmJt2oRCLoxvebthSPpIAYcFK3+MK4yv0On8bzbrDpaTMct1b+8Or24xkomyz7I
      7y0mKLkDYxd2NLwMTw/JsX0n6yOUBVpvkGPQKg8jXXI13BvnOqzZDBdU4uUX0SAx
      IbVIYijfTdCH5IT6O7Fym9Iju2F39iMMpjePvsi4IAlaqHmXe4blaJcMsBrIV7yf
      vQExGDJpJiFIQ0UUSKVsKpUnFI0TdQiBZGHY3cHV0HI6mDHUocnTGIXhnZ0jF2Cs
      LdJ1oEryvnMkVTRd4KjtxilkntWGTy8PjY3Je1KuAKrxIl6gLx8w6rCEDYFAZXTh
      RdWHAe63Z1n94UCdAgMBAAGjUDBOMB0GA1UdDgQWBBTBICrojPpl7zoOs937tO9Z
      gdsHxDAfBgNVHSMEGDAWgBTBICrojPpl7zoOs937tO9ZgdsHxDAMBgNVHRMEBTAD
      AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQB5Id+i6oaC/tJ4/7Tc3xg/3v15VLT+qgcN
      G0NWPq+XyGJ4fI95CNAV3QcDQXkVk6u00JFLC0yIygnaz3r/rYFh+1v0P/sHK4A6
      LG75C6RUGmQaqW8enDHK8hkcp7Qxfk+75b7geIQiotGH0Yk2Zl1HGRHB0+54W+hU
      sOfgymV5cNhkC+NYOUc1y3QTVv6kMjua3g0fGIHTD+CqhEeUVlkhm4+LOl0AXD1Q
      PVY0Qoe6d3g21bucFiX/1NWhVUQccYIKhsRlX3FS7JGRLYUCC3/Xt8pn84yENEo7
      V1d7SOWTspSKRUnZySFZc1eObuveKOdjl893o/vQF1CSAwOh/JkH
      -----END CERTIFICATE-----
      bash-3.2$ openssl x509 -in platform.x509.der -inform der
      -----BEGIN CERTIFICATE-----
      MIID4zCCAsugAwIBAgIJAIYmxNS3ueGhMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD
      VQQGEwJDTjERMA8GA1UECAwIU2hlbnpoZW4xEDAOBgNVBAcMB05hbnNoYW4xDTAL
      BgNVBAoMBE1pa2kxDTALBgNVBAsMBE1pa2kxEjAQBgNVBAMMCVNpdGVyd2VsbDEh
      MB8GCSqGSIb3DQEJARYSc2l0ZXJ3ZWxsQG1pa2kuY29tMB4XDTE2MDkxMjEzMTEw
      NloXDTQ0MDEyOTEzMTEwNlowgYcxCzAJBgNVBAYTAkNOMREwDwYDVQQIDAhTaGVu
      emhlbjEQMA4GA1UEBwwHTmFuc2hhbjENMAsGA1UECgwETWlraTENMAsGA1UECwwE
      TWlraTESMBAGA1UEAwwJU2l0ZXJ3ZWxsMSEwHwYJKoZIhvcNAQkBFhJzaXRlcndl
      bGxAbWlraS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe+L/H
      VlmJt2oRCLoxvebthSPpIAYcFK3+MK4yv0On8bzbrDpaTMct1b+8Or24xkomyz7I
      7y0mKLkDYxd2NLwMTw/JsX0n6yOUBVpvkGPQKg8jXXI13BvnOqzZDBdU4uUX0SAx
      IbVIYijfTdCH5IT6O7Fym9Iju2F39iMMpjePvsi4IAlaqHmXe4blaJcMsBrIV7yf
      vQExGDJpJiFIQ0UUSKVsKpUnFI0TdQiBZGHY3cHV0HI6mDHUocnTGIXhnZ0jF2Cs
      LdJ1oEryvnMkVTRd4KjtxilkntWGTy8PjY3Je1KuAKrxIl6gLx8w6rCEDYFAZXTh
      RdWHAe63Z1n94UCdAgMBAAGjUDBOMB0GA1UdDgQWBBTBICrojPpl7zoOs937tO9Z
      gdsHxDAfBgNVHSMEGDAWgBTBICrojPpl7zoOs937tO9ZgdsHxDAMBgNVHRMEBTAD
      AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQB5Id+i6oaC/tJ4/7Tc3xg/3v15VLT+qgcN
      G0NWPq+XyGJ4fI95CNAV3QcDQXkVk6u00JFLC0yIygnaz3r/rYFh+1v0P/sHK4A6
      LG75C6RUGmQaqW8enDHK8hkcp7Qxfk+75b7geIQiotGH0Yk2Zl1HGRHB0+54W+hU
      sOfgymV5cNhkC+NYOUc1y3QTVv6kMjua3g0fGIHTD+CqhEeUVlkhm4+LOl0AXD1Q
      PVY0Qoe6d3g21bucFiX/1NWhVUQccYIKhsRlX3FS7JGRLYUCC3/Xt8pn84yENEo7
      V1d7SOWTspSKRUnZySFZc1eObuveKOdjl893o/vQF1CSAwOh/JkH
      -----END CERTIFICATE-----
      

      get issuer information from a x509 certificate
      Below shows how to use openssl x509 command to get issuer information from android default platform key’s certificate.

      $ openssl x509 -in  platform.x509.pem -noout -issuer 
      issuer= /C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com
      

      get public key from a x509 certificate
      Below shows how to use openssl x509 command to get public key from android default platform key’s certificate.

      $ openssl x509 -in  platform.x509.pem -noout -pubkey
      -----BEGIN PUBLIC KEY-----
      MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAnHgFkqwNXTgc3qpl7Mim
      AG42SAxtcgexIBG+UIY6q+K1XQCa33FG1vIgIoDHzU172yYkO4qAbCazSxN1I6SS
      aCJJBNwBST58Cs8aBch09psDe2AwnZB00kKA4WutKoc0NhlR6vcqSC0JsgSxh14S
      rJjBqnc9aAC56v3lbVi+2OjaFvmjYAmcN6g0pt/tt7a0SgSeB6Jp/M8sVJbyzzbW
      TfkKO42PNKO6q0z1M3GrJ3GbO6WHVK0MU/wU4dtF1R4jT7vpPJuk7fnOVCYTUOxT
      Vge/aaL/SqB9tffqIA0JpsG0niFAL4ntEZCJOqtakYDxUugvhaRXU89fwZBxxe7I
      JwIBAw==
      -----END PUBLIC KEY-----
      

      get all information from a x509 certificate
      Below shows how to use openssl x509 command to all information from android default platform key’s certificate.

      $ openssl x509 -in  platform.x509.pem -noout -text
      Certificate:
          Data:
              Version: 3 (0x2)
              Serial Number:
                  b3:99:80:86:d0:56:cf:fa
              Signature Algorithm: md5WithRSAEncryption
              Issuer: C=US, ST=California, L=Mountain View, O=Android, OU=Android, CN=Android/emailAddress=android@android.com
              Validity
                  Not Before: Apr 15 22:40:50 2008 GMT
                  Not After : Sep  1 22:40:50 2035 GMT
              Subject: C=US, ST=California, L=Mountain View, O=Android, OU=Android, CN=Android/emailAddress=android@android.com
              Subject Public Key Info:
                  Public Key Algorithm: rsaEncryption
                  RSA Public Key: (2048 bit)
                      Modulus (2048 bit):
                          00:9c:78:05:92:ac:0d:5d:38:1c:de:aa:65:ec:c8:
                          a6:00:6e:36:48:0c:6d:72:07:b1:20:11:be:50:86:
                          3a:ab:e2:b5:5d:00:9a:df:71:46:d6:f2:20:22:80:
                          c7:cd:4d:7b:db:26:24:3b:8a:80:6c:26:b3:4b:13:
                          75:23:a4:92:68:22:49:04:dc:01:49:3e:7c:0a:cf:
                          1a:05:c8:74:f6:9b:03:7b:60:30:9d:90:74:d2:42:
                          80:e1:6b:ad:2a:87:34:36:19:51:ea:f7:2a:48:2d:
                          09:b2:04:b1:87:5e:12:ac:98:c1:aa:77:3d:68:00:
                          b9:ea:fd:e5:6d:58:be:d8:e8:da:16:f9:a3:60:09:
                          9c:37:a8:34:a6:df:ed:b7:b6:b4:4a:04:9e:07:a2:
                          69:fc:cf:2c:54:96:f2:cf:36:d6:4d:f9:0a:3b:8d:
                          8f:34:a3:ba:ab:4c:f5:33:71:ab:27:71:9b:3b:a5:
                          87:54:ad:0c:53:fc:14:e1:db:45:d5:1e:23:4f:bb:
                          e9:3c:9b:a4:ed:f9:ce:54:26:13:50:ec:53:56:07:
                          bf:69:a2:ff:4a:a0:7d:b5:f7:ea:20:0d:09:a6:c1:
                          b4:9e:21:40:2f:89:ed:11:90:89:3a:ab:5a:91:80:
                          f1:52:e8:2f:85:a4:57:53:cf:5f:c1:90:71:c5:ee:
                          c8:27
                      Exponent: 3 (0x3)
              X509v3 extensions:
                  X509v3 Subject Key Identifier: 
                      4F:E4:A0:B3:DD:9C:BA:29:F7:1D:72:87:C4:E7:C3:8F:20:86:C2:99
                  X509v3 Authority Key Identifier: 
                      keyid:4F:E4:A0:B3:DD:9C:BA:29:F7:1D:72:87:C4:E7:C3:8F:20:86:C2:99
                      DirName:/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com
                      serial:B3:99:80:86:D0:56:CF:FA
      
                  X509v3 Basic Constraints: 
                      CA:TRUE
          Signature Algorithm: md5WithRSAEncryption
              57:25:51:b8:d9:3a:1f:73:de:0f:6d:46:9f:86:da:d6:70:14:
              00:29:3c:88:a0:cd:7c:d7:78:b7:3d:af:cc:19:7f:ab:76:e6:
              21:2e:56:c1:c7:61:cf:c4:2f:d7:33:de:52:c5:0a:e0:88:14:
              ce:fc:0a:3b:5a:1a:43:46:05:4d:82:9f:1d:82:b4:2b:20:48:
              bf:88:b5:d1:49:29:ef:85:f6:0e:dd:12:d7:2d:55:65:7e:22:
              e3:e8:5d:04:c8:31:d6:13:d1:99:38:bb:89:82:24:7f:a3:21:
              25:6b:a1:2d:1d:6a:8f:92:ea:1d:b1:c3:73:31:7b:a0:c0:37:
              f0:d1:af:f6:45:ae:f2:24:97:9f:ba:6e:7a:14:bc:02:5c:71:
              b9:81:38:ce:f3:dd:fc:05:96:17:cf:24:84:5c:f7:b4:0d:63:
              82:f7:27:5e:d7:38:49:5a:b6:e5:93:1b:94:21:76:5c:49:1b:
              72:fb:68:e0:80:db:db:58:c2:02:9d:34:7c:8b:32:8c:e4:3e:
              f6:a8:b1:55:33:ed:fb:e9:89:bd:6a:48:dd:4b:20:2e:da:94:
              c6:ab:8d:d5:b8:39:92:03:da:ae:2e:d4:46:23:2e:4f:e9:bd:
              96:13:94:c6:30:0e:51:38:e3:cf:d2:85:e6:e4:e4:83:53:8c:
              b8:b1:b3:57
      

      conclusion
      This post discusses x509 format certificate. It demonstrates how to use openssl x509 command to manipulate and get information from android default platform key’s certificate.

    algorithm: SAT problem

    December 11, 2016

    This post discusses what is SAT, Boolean satisfiability problem, and its complexity.

    what is SAT problem

    • Input: A boolean formula
    • Output: Return true if there exists an assignment of variables such that the boolean formula is true. Otherwise, return false.
    • This problem is NP-Complete

    what is CNF form

    • A boolean formula in CNF form is a boolean formula of conjunctions of clauses.
    • A clause is disjunction of literals.
    • A literal is positive or negative of a boolean variable

    what is CNF SAT problem

    • Input: A boolean formula in CNF form
    • Output: Return true if there exists an assignment of variables such that the boolean formula is true.
      Otherwise, return false.
    • This problem is NP-Complete

    what is 3-SAT problem

    • Input: A boolean formula in CNF form. Each clause has at most 3 literals.
    • Output: Return true if there exists an assignment of variables such that the boolean formula is true.
      Otherwise, return false.
    • This problem is NP-Complete

    2-SAT problem

    • Input: A boolean formula in CNF form. Each clause has at most 2 literals.
    • Output: Return true if there exists an assignment of variables such that the boolean formula is true.
      Otherwise, return false.
    • There exist polynomial time algorithms to solve this problem

    conclusion
    This post discusses SAT problem.


    %d bloggers like this: