Skip to content

Instantly share code, notes, and snippets.

View karalabe's full-sized avatar
🧬

Péter Szilágyi karalabe

🧬
2.9k followers · 1 following
View GitHub Profile
@karalabe
karalabe / yubihsm-post.md
Last active July 15, 2025 13:01
Publicly auditable YubiHSM logs

Publicly auditable YubiHSM

Disclaimer: This is not an article with a beginning, a middle and an end for public consuption, rather a personal memo I figured I'd publish if anyone else finds it useful.

Background: I've got a genomic project (Bsky: @dark.bio, X: @dark_dot_bio) requiring secure-boot signing keys and API server identity certs/keys.

I've chosen YubiHSMs to be my roots of trust, because I don't want to mess up key handling myself; and because I want to have a public audit trail of what I've signed to soft-prove non-malice. This guide is my personal memo on how to onboard a YubiHSM into my project in a way that makes the audit logs (mostly) publicly verifiable.

Onboarding the device

@karalabe
karalabe / keybase.md
Created September 26, 2017 07:47
keybase.md

Keybase proof

I hereby claim:

  • I am karalabe on github.
  • I am karalabe (https://keybase.io/karalabe) on keybase.
  • I have a public key ASBWlGCQs65jLuHXFfGkRwvtVXsJg8r5Hgs1wjmwtxdueQo

To claim this, I am signing this object:

@karalabe
karalabe / bufio_repro.go
Created January 31, 2015 08:46
Repro to highlight the bufio.Copy requirements
package main
import (
"bytes"
"fmt"
"io"
"net/http"
"os/exec"
)
@karalabe
karalabe / bufioext.go
Created January 28, 2015 18:37
Buffered concurrent copy
package bufioext
import (
"io"
"sync/atomic"
)
// Copy copies from src to dst until either EOF is reached on src or an error
// occurs. It returns the number of bytes copied and the first error encountered
// while copying, if any.
@karalabe
karalabe / cloud_appengine.go
Last active March 31, 2021 21:23
Simplified cloud context creation
// Contains the App Engine specific cloud utility implementations.
// +build appengine
package cloud
import (
"net/http"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
@karalabe
karalabe / Dockerfile
Created November 7, 2014 09:11
Docker expose bug repro
FROM debian:7
EXPOSE \
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 \
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 \
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 \
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 \
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 \
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 \
97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 \
@karalabe
karalabe / main.go
Last active October 23, 2023 18:21
Access Google services through service accounts in Go
package main
import (
"code.google.com/p/goauth2/oauth/jwt"
"code.google.com/p/google-api-go-client/storage/v1beta2"
"fmt"
"log"
"regexp"
)