Spring Login (Stack Templates) with HTTPS

Spring Login (Stack Templates) with HTTPS.

sl-jsp-djpa-jc-hib-ehc3-ssl on GitHub
Spring Login (Stack Templates)
Spring Login (Stack Templates) on GitHub

Demo project (Spring, Spring Boot, Spring-Security, JSP, Apache Tiles, Spring-Jpa, Spring-Data-Jpa, JCache, Ehcache, Hibernate, MySQL, Logback, Maven, Gradle) with HTTPS has been added to Spring Login Suite:

sl-jsp-djpa-jc-hib-ehc3-ssl (Spring Login with HTTPS)

  • Spring Boot
  • JSP + Apache Tiles 3
  • Spring MVC + Spring-Security
  • DAO (Spring Data JPA)
  • JCache
  • Hibernate
  • Ehcache3

Project sl-jsp-djpa-jc-hib-ehc3-ssl  contains functionality like in sl-jsp-djpa-eclnk-cache project.

Application sl-jsp-djpa-jc-hib-ehc3-ssl creates default Root Admin (login: ‘root‘ passw: ‘root‘). Root Admin can’t be removed, but can be updated (for ex. passw value).

You can launch built application as using java -jar sl-jsp-djpa-jc-hib-ehc3-ssl.war as you can deploy him to your Java Servlet Container.

If you build sl-jsp-djpa-jc-hib-ehc3-ssl with current version of  src/main/resources/srv.sl.p12, you will need to import CA certificate (as trusted, for ex. Trusted Root CA) from current version ssl/ssl.ecdsa.ca/out/ca.sl.pem. Also you can extract CA certificate from src/main/resources/srv.sl.p12.

Please, and send your notes and questions to info@smansoft.com.

SSL Web scripts

SSL Web scripts.

SSL Web scripts on GitHub
sl-jsp-djpa-jc-hib-ehc3-ssl (Spring Login with HTTPS)

SSL Web scripts is a suite of scripts for generation X.509 keys/certificates for Web Applications.

Overview
—————-

SSL Web scripts generates X.509 keys/certificates, using as RSA as ECDSA. The main features of SSL Web scripts:

  • generation of CA ECDSA key and Self-Signed CA ECDSA Certificate;
  • generation of SSL ECDSA private key, ECDSA public key and sign ECDSA public key, using ECDSA CA key and generation of X.509 certificate of server (server certificate);
  • generation of CA RSA key and Self-Signed CA RSA Certificate;
  • generation of SSL RSA private key, RSA public key and sign RSA public key, using RSA CA key and generation of X.509 certificate of server (server certificate);
  • usage (by default) of Elliptic Curves (ECDSA-WITH-SHA256) prime256v1 (NIST P-256, secp256r1) or RSA (RSA2048-WITH-SHA256) for signing of public keys;

Usage
—————-

Suite of scripts generates/uses follow files (extensions):

  • .key  – private key (ECDSA or RSA) in PEM format;
  • .pub  – non-signed public key (ECDSA or RSA) in PEM format;
  • .csr   –  certificate request (for signing) of public key;
  • .cert  – signed public key (ECDSA or RSA) (certificate) with additional text info in PEM format;
  • .pem  – signed public key (ECDSA or RSA) (certificate) in PEM format;
  • .chain.pem  – file, that contains list of authorized certificate(s), including root CA;
  • .p12    – archive (in PKCS12 format), that contains private key, public key (certificate), and authorized certificate(s);

Suite of scripts contains follow directories:

ssl.ecdsa.ca
ssl.rsa.ca

  • suite of scripts (using ECDSA/RSA), that:
    • generates CA keys (private and public);
    • generates CA Certificate Request;
    • self-signs of CA Certificate Request;
    • generates Server keys (private and public);
    • generates Server Certificate Request (for signing, by CA key);
    • signs of Server Certificate Request, by CA key;
    • imports of signing of Server Certificate Request, by CA key;
  • files/dirs:
    • cnfs/openssl.ca.int.cnf – configuration file, that is used for generation of CA key pair and self-signing of CA Certificate Request;
    • cnfs/openssl.ca.srv.cnf – configuration file, that is used for signing of Server Certificate Request;
    • cnfs/openssl.srv.cnf – configuration file, that is used for generation of Server key pair and generation of Server Certificate Request;
    • out – directory, that contains all generated keys, certificates and .p12 (PKCS12 archive);
    • ssl.ecdsa.ca.ini – base ini file, that is used by ECDSA scripts;
    • ssl.rsa.ca.ini – base ini file, that is used by RSA scripts;
    • 01.init.sh – bash script, that clears all dirs and removes all keys and certificates;
    • 02.ca.sh – bash script, that creates CA key pair, generates CA Certificate Request and self-signs of CA Certificate Request;
    • 03.srv.sh – bash script, that creates Server key pair, generates Server Certificate Request, signs Server Certificate Request by CA key and exports Server key and certificates to PKCS12 (.p12) file;

ssl.ecdsa.req
ssl.rsa.req

  • suite of scripts (using ECDSA/RSA), that:
    • generates Server keys (private and public);
    • generates Server Certificate Request (for signing, by CA key);
    • signs of Server Certificate Request, by CA key;
  • files/dirs:
    • cnfs/openssl.srv.cnf – configuration file, that is used for generation of Server key pair and generation of Server Certificate Request;
    • out – directory, that contains of Server key, certificates and .p12;
    • ssl.ecdsa.req.ini – base ini file, that is used by ECDSA scripts;
    • ssl.rsa.req.ini – base ini file, that is used by RSA scripts;
    • 01.init.sh – bash script, that clears all dirs and removes all keys and certificates;
    • 02.srv.req.sh – bash script, that Server key pair and generates Server Certificate Request;
    • 03.srv.imp.sh – bash script, that exports Server key, signed certificate and CA certificates to PKCS12 (.p12) file;

ssl.ecdsa.sign
ssl.rsa.sign 

  • suite of scripts (using ECDSA/RSA), that:
    • generates CA keys (private and public);
    • generates CA Certificate Request;
    • self-signs of CA Certificate Request;
    • signs of Server Certificate Request, by CA key;
  • files/dirs:
    • cnfs/openssl.ca.int.cnf – configuration file, that is used for generation of CA key pair and self-signing of CA Certificate Request;
    • cnfs/openssl.ca.srv.cnf – configuration file, that is used for signing of Server Certificate Request;
    • out – directory, that contains CA key and certificates;
    • ssl.ecdsa.sign.ini – base ini file, that is used by ECDSA scripts;
    • ssl.rsa.sign.ini – base ini file, that is used by RSA scripts;
    • 01.init.sh – bash script, that clears all dirs and removes all keys and certificates;
    • 02.ca.sh – bash script, that creates CA key pair, generates CA Certificate Request and self-signs of CA Certificate Request;
    • 03.srv.sign.sh – bash script, that signs Server Certificate Request by CA key;

If you use ssl.ecdsa.req/ssl.rsa.req and ssl.ecdsa.sign/ssl.rsa.sign together, you should:

  1. call:
    ssl.ecdsa.sign/02.ca.sh or ssl.rsa.sign/02.ca.sh
  2. call:
    ssl.ecdsa.req/02.srv.req.sh or ssl.rsa.req/02.srv.req.sh
  3. copy:
    ssl.ecdsa.req/out/srv.sl.csr or ssl.rsa.req/out/srv.sl.csr
    to
    ssl.ecdsa.sign/out or ssl.rsa.sign/out
  4. call:
    ssl.ecdsa.sign/03.srv.sign.sh or ssl.rsa.sign/03.srv.sign.sh
  5. copy:
    ssl.ecdsa.sign/out/srv.sl.cert or ssl.rsa.sign/out/srv.sl.cert
    and
    ssl.ecdsa.sign/out/ca.sl.cert or ssl.rsa.sign/out/ca.sl.cert
    to
    ssl.ecdsa.req/out or ssl.rsa.req/out
  6. call:
    ssl.ecdsa.req/03.srv.imp.sh or ssl.rsa.req/03.srv.imp.sh

You can use result files: ca.sl.cert/ca.sl.pemsrv.sl.cert/srv.sl.pem, srv.sl.key or srv.sl.p12 in Web Applications/Servers.

Files openssl.xxx.srv.cnf contain section:
[alt_names]
DNS.1=localhost
DNS.2=*.localhost
You can change domain name(s) to some other or add some new domain name(s).

In practice, you should generate Server key pair, generate Certificate request, sign Server certificate request, using official Authorized Centers and then import results to srv.sl.p12.

Read ReadMe.txt for more info.
SSL Web scripts is a free software distributed under the MIT.
Read License.txt for more information about license.

Please, send your notes and questions to info@smansoft.com.

SSL Web scripts ® Copyright © 2018-2019 by SManSoft

GPG Public Key (SManSoft ECDSA Key)

GPG Public Key (SManSoft ECDSA Key) <info@smansoft.com> has been published here:

http://smansoft.com/gpg/smansoft.pub.asc.

Please, use:

gpg --import ./smansoft.pub.asc

for importing of key and

gpg --verify ./[some_install_file].asc ./[some_install_file]

for verification of files, published on this site;
Also Public GPG ECDSA Key can be imported, using:

gpg --keyserver hkp://pgp.mit.edu --recv-keys A408B0FCFD774649
.

File Exchanger Tool 0.0.11.11

File Exchanger Tool 0.0.11.11 has been released.

Supported platforms:

  • Windows (x86, x86_64)
  • Linux (x86_64)

File Exchanger – 0.0.11.11 – Linux
File Exchanger Tool – 0.0.11.11 – Windows

Please, see screenshots here: screenshots.
Here are: demo (screenshots (.jpg), video demo (install, run) (.mp4)).

File Exchanger (file_exchanger) Tool is a peer-to-peer files exchanger for Windows/Linux platform.

Overview
—————-
The main features of File Exchanger (file_exchanger) Tool:

  • transfer of files from client to server, using open socket connections;
  • transfer of files from client to server, using SSL connections;
  • control of entirety of received files, comparing of checksum values sent and received files, using CRC-32 algorithm;
  • using transfer of files from client to server, using SSL connections;
  • using follow SSL mode/algorithms (TLSv1.2), if SSL connection is used:
    • ECDHE-ECDSA-AES256-GCM-SHA384
    • TLSv1.2 – version
    • TLS – the protocol used
    • ECDHE – the key exchange mechanism
    • ECDSA – the algorithm of the authentication key
    • AES – the symmetric encryption algorithm
    • 256 – the key size of AES
    • GCM – the mode of AES
    • SHA384 – the MAC used by the algorithm
    • prime256v1 (NIST P-256, secp256r1) – Elliptic Curve, that is used by ECDHE and ECDSA
  • using unique CA of client and server certificates;
  • user can update CA, client/server/gui keys/certificates, using suite of scripts ssl.ecdsa.tar.gz (ReadMe.txt in ssl.ecdsa.tar.gz);
  • using of xml configuration files, which can be updated by user and will be applied without restart of processes (sm_file_send_clns, sm_file_send_srvs);
  • scanning of configured directories, where sent files can be copied;
  • copying of sub-directories with files, saving of sub-directories tree at the server side;
  • support of unicode symbols in file/directory names;
  • backup (with rolling) of sent/received files;
  • server and client modules can be launched as Services (Windows)/Daemons (Linux);
  • console command line control application (only Windows) of client/server Services (requires Administrator permissions);
  • Windows gui application (asynchronous multi-thread GUI), that allows to monitor states of client/server Services, control of client/server Services and change parameters of client/server Services;
  • Linux gui application (Qt-based) (asynchronous multi-thread GUI), that allows to monitor states of client/server Daemons, control of client/server Daemons (when it’s possible, according to users permissions) and change parameters of client/server Deamons;
  • using ECDSA (NIST P-256, secp256r1) for signing/verification parameters, which are sent between client/server and gui applications (Windows/Linux);
  • tool applications don’t use any intermediate servers and transfer files directly between client and server;

Windows gui application: Screenshot 1
Windows gui application: Screenshot 2
Linux gui application (Qt-based): Screenshot 1
Linux gui application (Qt-based): Screenshot 2

Please, see more screenshots here: screenshots.

Read ReadMe.txt for more info.

File Exchanger (file_exchanger) Tool is a free software distributed under the MIT.
Read License.txt for more information about license.

Please, send your notes and questions to info@smansoft.com.

File Exchanger (file_exchanger) Tool ® Copyright © 2018-2019 by SManSoft.

SSL ECDSA scripts 0.0.11.11

SSL ECDSA script.

SSL ECDSA scripts
SSL ECDSA scripts on GitHub

SSL ECDSA scripts is a suite of scripts for generation X.509 keys/certificates.

Overview
—————-

The main features of SSL ECDSA scripts:

  • generation of CA key and Self-Signed CA Certificate;
  • generation of SSL private key, public key and sign public key, using CA key and generation of X.509 certificate of server (server certificate);
  • generation of SSL private key, public key and sign public key, using CA key and generation of X.509 certificate of client (client certificate);
  • generation of SSL private key, public key and sign public key, using CA key and generation of X.509 certificate of gui applications (client certificate);
  • usage of Elliptic Curves (ECDSA-WITH-SHA384) prime256v1 (NIST P-256, secp256r1) for signing of public keys;

Read ReadMe.txt for more info.
SSL ECDSA scripts is a free software distributed under the MIT.
Read License.txt for more information about license.

Please, send your notes and questions to info@smansoft.com.

SSL ECDSA scripts ® Copyright © 2018-2019 by SManSoft

SSL ECDSA scripts

SSL ECDSA scripts.

SSL ECDSA scripts
SSL ECDSA scripts on GitHub

SSL ECDSA scripts is a suite of scripts for generation X.509 keys/certificates.

Overview
—————-

The main features of SSL ECDSA scripts:

  • generation of CA key and Self-Signed CA Certificate;
  • generation of SSL private key, public key and sign public key, using CA key and generation of X.509 certificate of server;
  • generation of SSL private key, public key and sign public key, using CA key and generation of X.509 certificate of client;
  • usage of Elliptic Curves (ECDSA-WITH-SHA384) prime256v1 (NIST P-256, secp256r1) for signing of public keys;

Read ReadMe.txt for more info.
SSL ECDSA scripts is a free software distributed under the MIT.
Read License.txt for more information about license.

Please, send your notes and questions to info@smansoft.com.

SSL ECDSA scripts ® Copyright © 2018-2019 by SManSoft

File Exchanger Tool 0.0.9.9

File Exchanger Tool 0.0.9.9 has been released.

Supported platforms:

  • Windows (x86, x86_64)
  • Linux (x86_64)

File Exchanger – 0.0.9.9 – Linux
File Exchanger Tool – 0.0.9.9 – Windows

File Exchanger (file_exchanger) Tool is a peer-to-peer files exchanger for Windows/Linux platform.

Overview
—————-
The main features of File Exchanger (file_exchanger) Tool:

  • transfer of files from client to server, using open socket connections;
  • transfer of files from client to server, using SSL connections;
  • control of entirety of received files, comparing of checksum values sent and received files, using CRC-32 algorithm;
  • using transfer of files from client to server, using SSL connections;
  • using follow SSL mode/algorithms (TLSv1.2), if SSL connection is used:
    • ECDHE-ECDSA-AES256-GCM-SHA384
    • TLSv1.2 – version
    • TLS – the protocol used
    • ECDHE – the key exchange mechanism
    • ECDSA – the algorithm of the authentication key
    • AES – the symmetric encryption algorithm
    • 256 – the key size of AES
    • GCM – the mode of AES
    • SHA384 – the MAC used by the algorithm
    • prime256v1 (NIST P-256, secp256r1) – Elliptic Curve, that is used by ECDHE and ECDSA
  • using unique CA of client and server certificates;
  • user can update CA, client/server keys/certificates, using suite of scripts ssl.ecdsa.tar.gz (ReadMe.txt in ssl.ecdsa.tar.gz);
  • using of xml configuration files, which can be updated by user and will be applied without restart of processes (sm_file_send_clns, sm_file_send_srvs);
  • scanning of configured directories, where sent files can be copied;
  • copying of sub-directories with files, saving of sub-directories tree at the server side;
  • support of unicode symbols in file/directory names;
  • backup (with rolling) of sent/received files;
  • server and client modules can be launched as Services (Windows)/Daemons (Linux);
  • tool applications don’t use any intermediate servers and transfer files directly between client and server;

Read ReadMe.txt for more info.
File Exchanger (file_exchanger) Tool is a free software distributed under the MIT.
Read License.txt for more information about license.

Please, send your notes and questions to info@smansoft.com.

File Exchanger (file_exchanger) Tool ® Copyright © 2018-2019 by SManSoft.