DEV Community: Manuka Maduranga

What is PKCS12?

Manuka Maduranga — Tue, 11 Feb 2020 14:16:10 +0000

Whenever we talk about secure communication over networks, keywords such as "SSL", "Keystores", "JKS" pop up frequently.
Typically keystores and trust stores are used when our applications need to communicate securely over SSL/TLS.
For more details about how communication over SSL works, follow the blog mentioned below.

SSL Certificates

These keystores and trust stores are password-protected files that reside on the same file system as the application. The default and the most widely used format for these files are JKS (Java Keystore). At least that was the case until Java 8.

With Java 9, the default Keystore format was changed from JKS to PKCS12. The most noteworthy difference between JKS and PKCS12 is that while JKS was a format specific to Java, PKCS12 is a standardized and language-neutral way of storing encrypted private keys and certificates.
Here's an excerpt from the official definition -

"A PKCS12(Public-Key Cryptography Standards) defines an archive file format for storing server certificates, intermediate certificate if any, and private key into a single encryptable file"

So why did Java 9 made PKCS12 the default?

Secret keys, private keys, and certificates can be stored
PKCS12 is a standard format, it can be read by other programs and libraries while JKS is java specific.
Improved security: JKS is pretty insecure. This can be seen by the the number of tools for brute-forcing passwords of this Keystore types, especially popular among Android developers [1].

If you're working in Java then the Java Key Store is a fairly natural place to store private keys. Java applications typically expect to get the keys they need from JKS, and it's easy to access from your own Java apps. JKS is not accessible from outside Java though.
PKCS12 (aka PFX) files, on the other hand, are language-neutral and is more secure and has been around long enough that it's supported just about everywhere.
If you want to convert JKS (.jks) Keystore to a PKCS12 (.p12) Keystore, you can do so by executing the following command.

keytool -importkeystore -srckeystore [MY_KEYSTORE.jks] -destkeystore [MY_FILE.p12] -srcstoretype JKS - deststoretype PKCS12 -deststorepass [PASSWORD_PKCS12]

[MY_KEYSTORE.jks]: The path to the Keystore that you want to convert.
[MY_FILE.p12]: path to the PKCS12 file (.p12 or .pfx extension) that is going to be created.
[PASSWORD_PKCS12]: The password that will be requested at the PKCS12 file opening.

At the end of the day, the decision on what Keystore type to use should be based on how you plan to use the private key - that is: what applications will need to use the private key and what format(s) of key store do they already handle. PKCS12 is a more flexible and secure option.
Thank you for reading up until the end, if you have any questions regarding this feel free to mention them in the comments.

[1] - https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_02B-1_Focardi_paper.pdf

Expertise and context-based answer rating system for Q&A websites.

Manuka Maduranga — Sun, 24 Jun 2018 15:10:05 +0000

First of all, let me give you a bit of context. I am into the final year of my undergraduate studies and as part of the final year, I have the opportunity to do a research project. So this is merely a concept I cooked up inside my head and I wanted to hear what the fellow devs think before I pitch this to my supervisor. Any feedback is welcome.

Let's take StackOverflow as an example, because why not? Currently, any type of feedback you give, doesn't matter who you are and how much reputation you have, you can have a 10k reputation or you can have 10 reputations, it's all taken the same.
What I basically want to do is change this and make these feedback a user gives, weigh according to their expertise and the context of the question.
For Example, let's imagine there is a FORTRAN question,

User A - Very experienced in FORTRAN.
User B - Very experienced in Java.

In this scenario, User A's feedback will have more weight than User B's feedback.

This can be used in upvoting/downvoting questions or answers, ranking the order of answers displayed.

How to come up with the expertise?

For that, I'm thinking of profiling the users based on their StackOverflow stats and maybe use their GitHub stats as well.

I hope you understood what I'm trying to say. Look at this concept as a pure research project.

Any feedback, good or bad is welcome, or if there are any improvements to be made.

Rating StackOverflow Answers.

Manuka Maduranga — Wed, 23 May 2018 20:21:08 +0000

Fellow Devs, how would you like the idea of rating StackOverflow answers via answerers Github activity? Please sound off your thoughts below. (Consider this as for a pure research project)

Is one Technology really better than another?

Manuka Maduranga — Sat, 24 Feb 2018 19:14:20 +0000

Is one Technology really better than another?
https://medium.com/@manukamaduranga/is-one-technology-really-better-than-another-11ef666b685

Comparing Frameworks/Languages

Manuka Maduranga — Sun, 18 Feb 2018 15:17:50 +0000

Most of the people who say NodeJS is better than PHP has not even used PHP once in their lives. I'm not saying PHP is better, but you need have some amount of experience in both to make that kind of assessment.