Skip to content

Instantly share code, notes, and snippets.

View usmansaleem's full-sized avatar

Usman Saleem usmansaleem

30 followers · 2 following
View GitHub Profile
@usmansaleem
usmansaleem / yubihsm.md
Last active December 12, 2023 00:58
YubiHSM setup for Web3Signer

YubiHSM

yubihsm-shell --connector=yhusb:// --authkey=1 --password=password \
--action=put-authentication-key --new-password=password3 --object-id=3 --domains=1,2,3 \
--capabilities=get-opaque,put-opaque,delete-opaque,export-wrapped,get-pseudo-random,put-wrap-key,import-wrapped \
--delegated=exportable-under-wrap,export-wrapped,import-wrapped
@usmansaleem
usmansaleem / README.md
Last active June 13, 2023 00:21
Compile jblst on Raspbian OS 32 bit (to be used by Web3Signer)

Update apt cache

sudo apt-get update && sudo apt-get -y upgrade

Install dependencies

sudo apt-get install -y git autoconf libpcre3 libpcre3-dev bison flex gcc make gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf binutils-arm-linux-gnueabihf
@usmansaleem
usmansaleem / readme.md
Created March 7, 2023 02:12
Check SSL certificate or sha256 fingerprint of a host 
openssl s_client -connect localhost:8200 </dev/null 2>/dev/null | openssl x509 -inform pem -noout -fingerprint

Or

openssl s_client -connect localhost:8200 </dev/null 2>/dev/null | openssl x509 -inform pem -text
@usmansaleem
usmansaleem / release.yml
Created March 3, 2023 11:02
Github action - run workflow after another workflow
name: "Release"
permissions:
contents: "write"
on:
workflow_run:
workflows: ["Tag"]
types:
- "completed"
@usmansaleem
usmansaleem / openssl_ca_tls.md
Last active January 19, 2023 01:48
Custom Root CA and signed server (Web3Signer) TLS certificates using openssl

Generate Root CA, Web3Signer server and client certificate

This example uses openssl utility to generate custom CA and signs web3signer and client certs and shows how to setup Web3Signer with them. The keytool example can be seen here.

Generate Root CA key pair (CN=root.mycompany.com)

openssl genrsa -out root_ca.key 4096
@usmansaleem
usmansaleem / keytool_ca_tls.md
Last active January 19, 2023 02:10
Custom Root CA and Intermediate CA to sign the server cert using keytool (Web3Signer TLS)

Generate Root CA, Web3Signer server and client certificate

This example uses JDK's keytool utility to generate custom CA and signs web3signer and client certs and shows how to setup Web3Signer with them. The openssl example can be seen here.

Note: password 123456 is used in these examples

@usmansaleem
usmansaleem / nvim_readme.md
Created November 22, 2022 00:28
nvim LSP
  • Install nvim
  • Install Nerd Font
brew tap homebrew/cask-fonts
brew install --cask font-JetBrains-Mono-nerd-font
  • Install AstroNVim. From Optional, install ripgrep and python at least.
  • Install NeoVide.
@usmansaleem
usmansaleem / gist:40c4832957ab90091e47c06879e4e94f
Created January 24, 2022 05:34
Useful git config options
git config --global core.pager "less -F -X"
git config --global push.default current
@usmansaleem
usmansaleem / prepare-commit-msg.md
Last active December 3, 2021 05:41
DCO automatic signoff git hook
@usmansaleem
usmansaleem / web3signer_docker_tls.md
Last active November 10, 2021 06:04
Running web3signer in docker with TLS enabled

Self signed certificate in PKCS12 keystore

Keystore is created using JDK's keytool command (OpenSSL can be used as well). First keystore is required for Web3Signer, second for client (such as Teku or curl). Pay special attention to specify CN for the client keystore/certificate as it is required by knownClients file in Web3Signer.

keytool -genkeypair -keystore web3signer_keystore.p12 -storetype PKCS12 -storepass MY_PASSWORD -alias SOME_ALIAS \
-keyalg RSA -keysize 2048 -validity 700 -dname "CN=localhost, OU=PegaSys, O=ConsenSys, L=Brisbane, ST=QLD, C=AU" \
-ext san=dns:localhost,ip:127.0.0.1