We’ve recently added the capability to send/receive secure, signed and/or encrypted emails.
Why?
Simply put, we have nothing to hide. To paraphrase a movie line, we aren’t even very exciting. 🙂 But just as we don’t put pictures of our underwear & sock drawers online for just anyone to see, we aren’t all that enthused about perfect strangers poring over our grocery lists, family emails, etc. I suspect most people aren’t.
How?
It’s pretty quick and easy to secure your email using PGP/GPG (Pretty Good Privacy and the Gnu Privacy Guard). Here are some links you can use to “get secure” in a matter of minutes on most platforms:
If you’ve never used PKI (Public Key Infrastructure) solutions before, you may want to read up on them a bit. The summary version, though, is that you have a private key that you keep (PRIVATE!) and a public key you publish for others to use when sending you mail. To email someone else, you either retrieve their public key from a central key server or simply copy/paste it from an email or website into your keychain, then address your email to them and choose to sign, encrypt, or both. That’s it.
If you’d like to send us a test email, please feel free to either download our public keys from the server or just go here to get them. Good luck, and all the best to you in a more secure future!
Renewable energy (RE) has long been a passion of mine, but practically speaking, it simply hasn’t been cost-effective to implement at a personal level. Factoring in credits, location, type of RE, etc. can often tip the scale, but generally speaking, an investment in RE would require more commitment than simply “running the numbers.” No judgment here, I understand and appreciate both sides of that argument.
In recent years, though, things have changed. Not entirely, and not across the board even now…but with inexpensive (yet quality) RE equipment being produced in the US, China, and many locations throughout Europe, one can begin to experiment with RE on a much smaller scale and determine if/how it makes sense for your particular situation.
As a software engineer, I also work to integrate whatever I build into a more manageable, usable system. Physical computing promises many things, which I’ll coarsely lump into the term “better living” – but to do it right requires more than just assembling some hardware. The intersection of devices with software and the greater internet results in what is often termed the “Internet of Things”, or the IoT…and this is where the potential for “better living” can skyrocket, if things are properly integrated. It’s a small and limited example, but how much more useful is a fully-integrated system that is easily managed from anywhere on the planet than a complex system composed of numerous components…all of which must be monitored individually and manually?
For this post, we’ll focus solely upon one small portion of that integrated system: adding PV, or photovoltaic (solar) panels to a functioning small-scale RE system. Before these additions, the system consisted of:
Wind turbine
Deep-cycle battery bank
Arduino to control sensors, radio transceiver
Temp/humidity and current/voltage sensors
Radio transceiver, primarily for comm link to send readings
Now we’re adding a solar charge controller and initially, two 25W solar panels wired in parallel for a total of 50W maximum.
In future posts, I hope to elaborate on the software side because (as stated above) that is where the difference truly lies. For now, here are some pictures (and a very short video) of the PV addition:
Connecting the PV Panel
Mounting the PV Panels to the Backing Board
Initial Two Panels Mounted
Simple Wire Terminals on PV Board
Charge Controller Mounted, Not Yet Connected
Charge Controller Mounted AND Connected! The “Sun” light indicates power from the panels; the “Battery” light flashes while charging attached batteries.
And finally, a short video to give a glimpse of the PV portion of the system in action:
In future posts, I plan to provide more information about the “good stuff” (teaser: JavaFX, Java Embedded Suite, more Arduino, BeagleBone Black, wireless management, and more!), but a system must exist before it can be monitored and managed. As we continue to “build out” the system, those opportunities will only increase. Stay tuned, and please feel free to comment below or drop me a line. Thanks for visiting!
I don’t know whether it’s sentimentality or practicality – or maybe both – but I love Radio Shack. While there are stores and/or online vendors who offer a wider assortment of embedded devices and electronic components, their Radio Shack stores are everywhere, and the selection is good. And although the prices are higher than ordering directly from China, I can have a part or board in hand in 15 minutes if Radio Shack carries it. You’re buying the item + unbeatable convenience, and all things considered, it’s a pretty great deal.
Years ago, I bought a little multimeter kit from Radio Shack. I needed a multimeter, and I kind of wanted to “build it myself”. The ArcherKits are easy to assemble, with just enough soldering and small work to give you immense satisfaction every time you use it. 🙂
I’ve since upgraded multimeters to a nice digital model, but you know what I keep in my embedded device toolbox? My trusty old analog ArcherKit multimeter. It’s not fancy, but it’s nearly indestructible and it just works.
Just today, I couldn’t remember how to take a measurement that I rarely have call to make, and when I went to look for the operator’s manual, I couldn’t find it. Searching online didn’t help, either. I finally did locate it…but it occurred to me that others may find themselves in the same bind. And no one should have a great tool without having the instructions handy. So…below is a snapshot of the basic foldout of operating instructions. Simple, straightforward, and essential!
If you have an ArcherKit 28-4012A multimeter, I hope you’re still enjoying it as much as I am. When absolute digital precision is required, this little guy gets a well-deserved rest…but guess what sees the most action? 😉
If you’ve worked (or played) much with Arduinos, you’ve probably run into “dead pins” – or wondered if you had. How can you tell which pins, if any, are unusable on an otherwise perfectly good board?
There are probably more precise ways of determining what is wrong, and perhaps even ways to repair some defects…but for those of us embedded folk who work far more with software than hardware, this is a quick way to confirm which pins don’t work properly with sufficient precision so you can label the board and move on. To quote Steve Jobs, “Real artists ship.” 🙂
To test digital pins, you need to test both pinModes: INPUT and OUTPUT. (There is also INPUT_PULLUP, but that is only relevant if using the internal resistors vs. external ones.) I created two sketches, one to test pins with a call to digitalWrite() to light up connected LEDs, and one to read a switch using digitalRead(). Those are the software components necessary, and they’re available at my ArduinoPinTests GitHub repository.
The hardware portion of the test can be easily assembled as well. Here are the items I used; feel free to substitute similar components as desired:
Solderless breadboards (2, one for each: input & output)
LEDs (6)
Resistors, 220 Ohm (6) (for output test board)
Resistors, 10k Ohm (2) (for input test board)
microtivity IM211 push-and-lock switch (for input test board)
Necessary wires to put it all together
It has been said that a picture is worth a thousand words. Here are two thousand for you!
Digital Pins (In) Test Board
Digital Pins (Out) Test Board
The Bottom Line
If you have pins you think may be dead on your Arduino or clone board, grab some spare parts, visit my GitHub repo, and within minutes you can find out if/which pins are out of commission and get back to configuring devices and pounding out code. Now…back to business!
I’ve been working recently with a client to do some rather useful things with notifications, and one of them involved sending a secure email from within a Java program. We encountered some interesting (translation: weird!) challenges, and in overcoming them, I worked out a reasonably straightforward path through the minefield. If you’ve been thinking about secure-email-enabling your Java app but aren’t sure where to start, hopefully this will serve as a fairly quick and mostly painless primer. 🙂
The Problem
Let me first say that if you only want to send a plain-text email from Java, there are ways to do that without much fuss and without any external players. If you want to sign or encrypt your emails, though, you’ll need a couple of extra components:
A digital certificate (private/public key pair issued by a recognized Certificate Authority, or “CA”)
A means of using the certificate to sign and/or encrypt the email
The goal is to digitally sign an email to assure recipients that the sender of the mail is indeed me (or you, if you’re following along at work/home). Let’s get started!
Getting Your Tools in Order
Getting a Certificate
First, we have to have a digital certificate. If you already have one, you can skip this step…but if not, StartSSL offers free user/email certificates for personal use. Just point your browser to the StartSSL site and click the large button labeled “Sign-up”. You’ll need to provide them some information, enter the verification code they email to the address you provide, and they do the rest…including installing your new cert and the certificate chain into your web browser.
Freeing the Certificate from your Browser
Perhaps the easiest way to use a certificate is to store it (keys, certificate chain) in a Java Keystore (jks). Extracting your shiny new certificate from your browser is a relatively easy (albeit drawn-out) process. From your browser, export your certificate, including private key. This will produce a .pfx file, which is a PKCS12 keystore. From Chrome, you simply:
Click on the Wrench (or Lines) icon in the upper-right corner
Select “Settings” from the menu
“Show advanced settings…” at the bottom of the page
Scroll down to the section labeled “HTTPS/SSL”
Click the “Manage certificates…” button to display your certificates.
Then, from the certificates window:
Select the target certificate and click the “Export…” button
Click “Next” from the Export Wizard window
Choose “Yes, export the private key” and click “Next”
Under the “Personal Information Exchange – PKCS #12 (.PFX)” entry, select the options to “Include all certificates in the certification path if possible” and “Export all extended properties” (NOTE: Do NOT choose to “Delete the private key if the export is successful”. No no no!) and click “Next”
Enter a password (twice) and click “Next”
Provide a path/filename for the export and click “Next”, and finally…
Confirm the export options and click “Finish”.
Now that we’ve liberated your cert from the browser, let’s make it usable by our (non-browser) Java program.
Creating a Java Keystore
The fastest, easiest way I’ve found to convert a .pfx file to a .jks (Java Keystore) file is with the Oracle 11g database client. The database client can be downloaded by following this link, selecting the “See All” link to the right of your listed operating system, and choosing the 11g client from the OS-specific download page. Once it’s downloaded and installed, you’re ready to proceed.
Like the .pfx file, the Oracle wallet is a PKCS12 keystore, and the orapki utility (and other tools) included with the database client can be used to manipulate it…as long as it thinks it’s dealing with an Oracle wallet. To make that happen, simply rename the .pfx file to ewallet.p12. Since we aren’t dealing with the Oracle Wallet Manager, we don’t have to worry about meeting OWM’s password criteria or other niceties. Yes, that really is all there is to it!
Now, to make a Java Keystore. To do that, you’ll need to open a command prompt and do the following tasks:
Create an ORACLE_HOME environment variable that points to the install location of the Oracle client
Run the following command, pointing to the orapki utility under %ORACLE_HOME%\bin (in Windows) or $ORACLE_HOME/bin (Mac/Linux/UNIX):
You should now have a brand new Java KeyStore! You can verify its contents with the OpenSSL keytool utility:
keytool -list -keystore <java_key_store>
Now that we have our credentials in order, on to the Java side of things!
Building the Solution
There are several Java libraries available that aid in signing and/or encrypting email. Of the non-commercial options I found, all use the Bouncy Castle Crypto API and libraries as their underpinnings. Bouncy Castle (BC) may have a funny name, but it’s all business with regard to encryption.
At a very high level, you need to do the following things to create/send a signed email:
Provide the email “essentials”: SMTP server host & port, email addresses (sender & receiver), a subject, content, and the sending user’s password
Add BC as a new crypto provider
Retrieve the cert from your Java Keystore
Create and sign the email using the BC API/libraries
Send the email
There is much more you can do of course, but these are the “must-haves”.
In preparation for developing our secure email module, I created a proof of concept (BCCrypTool) by marrying a Java email program I’d written previously and some BC sample code…code reuse at its lowest level, but still good for the environment. 🙂 What you see here in my GitHub repo is a bit of streamlined Java code that should be pretty easy to repurpose. Please feel free to take a copy and do just that, and if you make significant changes/improvements and are able and inclined to share them, please feel free to do that as well. Sharing is caring. 🙂
A quick note on libraries. You’ll need the following to make this work:
