AlanSite

Neo Site, New Content

Engage Disk Encryption with LUKS and systemd-cryptenroll on Linux

The TPM, Trusted Platform Module, is well-known by the forced requirements of Windows 11 and automatic Device Encryption aka Bitlocker, which makes lots of people lose they data. However, using a TPM is the best way to protect your digital world in modern times. It’s basically a smartcard mounted on the system, in major, accept hash to ‘extend’ (like NEW = HASH(OLD + PROVIDED)) internal SHA PCRs (Platform Configuration Register), and release key when the PCRs are as same as the key registered for. When the system is booting, the ucode in CPU measures the ucode it self, the UEFI firmware, and the Secured Boot state into the TPM, then pass system control to UEFI firmware. The PCRs can be only reset to zero on the platform hardreset. Read more

AlanCui's Avatar Cryptography

Raise a self hosted PKI (CA) on JavaCard using IsoApplet and OpenSSL

We have handle the fundamentals to JavaCard in last two articles, and completely setup a decentralized cryptography system (OpenPGP). So, in this, we’re going to raise up out PKI (CA) system so that we can issue certificates such as TLS and PIV on our JavaCard. The security and reliability of asymmetric cryptography depends crucially on the confidentiality of the private key. While the public key can be sent to anyone, it is absolutely important that the private key is not compromised. Smartcards have its own processor, RAM and even operating system. They are hermetically sealed from the rest of the system (i.e. the host computer that might be compromised). Also, the developers and manufacturers of smartcards take a huge effort to ensure that no confidential data can be extracted from the card when it is not intended, even by using costly and time-consuming methods such as electron microscopy. Read more

AlanCui's Avatar Cryptography

Introduction to JavaCard and Futhermore (NXP J3R180)

Simply Saying, JavaCard is a kind of SmartCard with JavaCard VM, which can run any JavaCard applet.The opening of Java Card specification makes JavaCard really easy to program instead of old-style Proprietary CPU Card that requires signing up for NDK. In that case, due to the cost of sharing their confidential documents, technical support and production, most of the Manufacturers will not even make a contract with you a little company!So that the JavaCard is the only way we can customize and program SmartCard as safe as CC EAL6+ at low cost. Read more

AlanCui's Avatar Cryptography

Make a Bluetooth LE Coded PHY BTHomev2 Temperature and Humidity Sensor Using nRF52832

Since deploying Home Assistant, I’ve been compelled to measure and automate everything, so I urgently wanted to create a Bluetooth sensor. This project also marks my first attempt at using nRF and Zephyr with low-power optimization. The schematic is quite simple — just an nRF52832 and an SHT4x sensor, powered by a CR2032 battery. Therefore, stacking capacitors are needed to prevent restarts caused by voltage drops due to high internal resistance at low temperatures. Read more

AlanCui's Avatar HomeAssistantEmbedded

Using the EmoePulse Avalanche Fast-Edge Generator to Generate True Random Numbers

In today’s world, cryptography has become the foundation of most digital infrastructure. The randomness in private key generation is a crucial prerequisite for modern cryptographic systems. Recently, I was gifted an EmoePulse transistor avalanche fast-edge generator by friend. Although this generator is designed primarily for rise-time testing or TDR (Time Domain Reflectometry) measurements, the intrinsic noise from such transistors can also be effectively used to generate cryptographically secure true random numbers. The following describes how we can build a true random number generator with no post-processing based on this device. Read more

AlanCui's Avatar Cryptography

Build a Stratum 1 NTP Server using GNSS PPS Signal and chronyd

Recently, I bought a Wyse 5070 thin client and planned to turn it into an internal network comprehensive server. One of the goals is to set up a precise internal NTP server. Therefore, I used the existing GNSSDO’s PPS signal output through RS-232 DCD input to the thin client and used it as a PPS signal source to tame chronyd. The date and time information can be obtained either via NEMA messages or other NTP servers. Read more

AlanCui's Avatar Time&Frequency

Narrowband 1:8 10MHz Reference Clock Distribution Amplifier

With the increasing number of time and frequency instruments in the laboratory, the two 10MHz reference outputs built into the GNSSDO are no longer sufficient for simultaneous operation. Therefore, a 1:8 10MHz clock distribution amplifier was designed and fabricated. Thanks to @滚筒洗衣机 for soldering most of the circuitry; this design is partly derived from the SRS FS730. Read more

AlanCui's Avatar Time&Frequency

Construct an USB488 instrument with TinyUSB and scpi-parser on ESP32

IEEE 488, as well GP-IB, is an actual standard of communication and controling in electrical test and measuring devices, USB TMC USB488 device class implements multiple characters which IEEE 488 have. We are going to support following capabilities on ESP32: All MANDATORY SCPI SR1 - Support for SRQ DT1 - Support for device trigger RL0 - Not support for Local/Remote operations, this device designed to accept commands from an queue, there is no need for switching between two modes. Also, TinyUSB not supports that. Read more

AlanCui's Avatar EmbeddedTest&Measure