Category: Cryptography

Engage Disk Encryption with LUKS and systemd-cryptenroll on Linux

The TPM, Trusted Platform Module, is well-known by the forced requirements of Windows 11 and automatic Device Encryption aka Bitlocker, which makes lots of people lose they data. However, using a TPM is the best way to protect your digital world in modern times. It’s basically a smartcard mounted on the system, in major, accept hash to ‘extend’ (like NEW = HASH(OLD + PROVIDED)) internal SHA PCRs (Platform Configuration Register), and release key when the PCRs are as same as the key registered for. When the system is booting, the ucode in CPU measures the ucode it self, the UEFI firmware, and the Secured Boot state into the TPM, then pass system control to UEFI firmware. The PCRs can be only reset to zero on the platform hardreset. Read more

2026-04-08 Cryptography

Raise a self hosted PKI (CA) on JavaCard using IsoApplet and OpenSSL

We have handle the fundamentals to JavaCard in last two articles, and completely setup a decentralized cryptography system (OpenPGP). So, in this, we’re going to raise up out PKI (CA) system so that we can issue certificates such as TLS and PIV on our JavaCard. The security and reliability of asymmetric cryptography depends crucially on the confidentiality of the private key. While the public key can be sent to anyone, it is absolutely important that the private key is not compromised. Smartcards have its own processor, RAM and even operating system. They are hermetically sealed from the rest of the system (i.e. the host computer that might be compromised). Also, the developers and manufacturers of smartcards take a huge effort to ensure that no confidential data can be extracted from the card when it is not intended, even by using costly and time-consuming methods such as electron microscopy. Read more

2026-03-22 Cryptography

OpenPGP, PIV, FIDO, NDEF on NXP J3R180 JavaCard and usage principles to ensure safety

In fact, in modern cryptographic systems, the most insecure element is humans; therefore, secure usage guidelines are essential. There’s a joke that describes this scenario: : What if I lose my key and an attacker knows my PIN? : The attacker is you. Do it better next time. Read more

2026-03-18 Cryptography

Introduction to JavaCard and Futhermore (NXP J3R180)

Simply Saying, JavaCard is a kind of SmartCard with JavaCard VM, which can run any JavaCard applet.The opening of Java Card specification makes JavaCard really easy to program instead of old-style Proprietary CPU Card that requires signing up for NDK. In that case, due to the cost of sharing their confidential documents, technical support and production, most of the Manufacturers will not even make a contract with you a little company!So that the JavaCard is the only way we can customize and program SmartCard as safe as CC EAL6+ at low cost. Read more

2026-03-16 Cryptography

Using the EmoePulse Avalanche Fast-Edge Generator to Generate True Random Numbers

In today’s world, cryptography has become the foundation of most digital infrastructure. The randomness in private key generation is a crucial prerequisite for modern cryptographic systems. Recently, I was gifted an EmoePulse transistor avalanche fast-edge generator by friend. Although this generator is designed primarily for rise-time testing or TDR (Time Domain Reflectometry) measurements, the intrinsic noise from such transistors can also be effectively used to generate cryptographically secure true random numbers. The following describes how we can build a true random number generator with no post-processing based on this device. Read more

2025-11-30 Cryptography

AlanSite