2015-09-03

Using WebCrypto API to generate a KeyPair

The other day, I was using my chromebook and I needed to generate a keypair to get access to a new ssh server. I googled for a solution, but surprisingly I couldn't find one. Though I was pretty sure that the WebCrypto API would allow me to do easily, it turned out it's not as easy as I thought and it took me a couple days to actually figure out how to use the webcrypto API to achieve this specific goal, though this was mostly due to my blissful ignorance of ASN.1 encoding, JWK, base64url and openssh weird public key format.

Of course the first point of reference should be the the actual W3C spec. But this document is a bit too abstract and I found it hard to actually use the API from the spec.

Then I found a WebCrypto live table that tells me if my current browser actually support the API. Since some of those use native libraries, the Chrome on ChromeOS would have different support as the Chrome on other OSes.

We also need to keep in mind that the WebCrypto api is only available from secure locations. Luckily the file url is counted as a secure location, so it makes it easy to experiment from there. And surge.sh does host under https so that will be my provider of choice to host the end result.

On an OS with support for openssh we have the nifty utility ssh-keygen which allows to generate a keypair that can be used with ssh - which is exactly what we need.

So we have to figure out which algorithm to use, then use it with the appropriate parameters, then find a way to expose the public key and the private key. Ideally save the private key to a file and copy the public key.

The WebCrypto api is based on promises for the async work, so you will need to be vaguely familiar with promises to be able to read the code.

I am forever grateful to Converting OpenSSH public Keys for explaining the format used by OpenSSH public keys.

I also had to use a lot of google-fu to find out how to ASN.1 encode the JWK produced for the private key by the WebCrypto API in format that will be accepted by openSSH. Thanks to Lapo Luchini for putting together the awesome ASN.1 online decoder that allowed me debug my code and find out that ASN.1 doesn't like integer that starts with the high bit set (you have to prefix them with 0x00 in this case).

Please note that it is usually a very bad idea to put private keys in a browser, as most thing that are displayed on a web page can be stolen and a private key is probably the worst thing you could think putting on a web page.

But now, equipped with those two string representation of my key pair, I can setup my ssh connection straight from my Chromebook without having to use another OS. I am using the ssh chrome extension.

Live demo at https://js-keygen.surge.sh
Code at https://github.com/PatrickRoumanoff/js-keygen

2015-09-01

My Weekend

At my previous job, we used to have an informal Monday morning catchup where everyone would talk about their week-end activities before going on about their planned work activities for the week.
When I left, quite a few people told they were always looking for my updates to spin their heads about how many km I had to do to drop how many kids where...
So here is an account on my week-end.

It started on Friday afternoon, when we got ready to go to Friday night races organised by Carlisle Swimming center, as four of the kids are in the right groups to register for the races, it's only $12 per family so it's a great deal for us. And it's a lot of fun, you can win medals and get special cards if you get into the first three or achieve a personal best. J2 likes to do the long distance races, 100m freestyle or breathstroke, but all the other contestants are twice her size and finish in half the time, but she still manages to enjoy herself, and everyone clap when she get to the end.

Saturday starts pretty early as my wife is teaching the french horn from 7:30 to 12:30. Beside the usual breakfast, J1 made pancake for everyone which was nice. We left at 8:30 to head to choir which starts at 9:00 in the city. While J1 & J2 went to choir, we took a walk in the new Barangaroo park with E2, V and C, which was very nice, but E2 was wearing his brand new choir rehearsal outfit and had a difficult time stopping himself from rolling in the dirt, going down stair ramps and climbing rocks close to the water. The park is very nice and the weather was awesome.
J1 & J2 didn't like me going to the park as I usually do parent supervision at choir instead and they were pretty horrible all the way to the swimming pool.
Swimming was good with 5 of them in the water it's pretty relaxing time for me - which means no one cried to get into the water. It was a big day for E2 because he got evaluated and he managed to up a level - which is a big issue for me because there is no class for "SuperFish" at 10:30 and this breaks all my Saturday schedule. We manage to find a spot at 9:00 but I can only drop him at 8:30 on my way to choir - we will test  that next week.

After swimming it was time to go register for next Friday night races - and J2 decided for the 100m again - she is certainly persistant. Whereas I have to encourage Violette to do more than 25m (since the figured out she can get as many points out of 25m, 50m or 100m she opted for the less tiring option).
Once home  have to remember everyone to hang up their towel & costume - minor drama here as C lost her goggles and swimming cap - we will probably find them next week. You couldn't believe how many goggles we lost  in the 10 years we have been going to swimming lessons - that's why I only get the "3 for $10" deal from Big W, because at $25 a pop for a pair of swimming googles, I would already be ruined.
We also got a phone call V's birthday party was cancelled because the host was sick - which was a relief because there was no one to drive her or pick her up and we didn't get a present...

Lunch was alright - then it was time to go to French class for C - which means doing the homework first, for once J2 helped C which was a nice change. But this time I had to bring E1 and E2 because they have a special choir rehearsal this afternoon, so after dropping off C at french class, it's back to the city for me. Of course, E1 being 13 she has a go at me by not getting out of the car when I told her I was a hurry to get back to French class to pick up C. I know they were tired, because they both dozed off in the car, but still, I got angry at her - I should know better.
Back to French class, C is super happy - which is a nice change - and she can't stop speaking French to me which I love so much. She's actually the only who will voluntarily speak French to me. We go to Aldi for the weekly shopping - we only have one hour because I have to go back to the city at 5:30 to pick up the E1&E2 form Choir. C was super helpful at Aldi and even helped me with the bags at the cashier. Back home to drop the shopping and C and it's off to the city for me (third time in a day).
I arrive 10m late because of traffic, but apparently they finished early so they have been waiting 30m outside - though Steph was here to supervise them.

Saturday adventures finish here.
Then it's Sunday... J1 wants to do crepes for breakfast which is great but 7am is a bit early for a Sunday. We start off with a bassoon lesson at 9:30 for V, but for once my wife is driving, she enjoys that because she can talk a walk on the beach during the lesson, so it's not too bad. At Noon my wife is off to perform in a concert for most of the afternoon so I will be with the kids by myself. Not much planned today, but kids insist on going to Warringah Aquatic Center, which is always fun because I get to argue with the cashier lady on the merit of a family entry when you have 6 kids. Before we get to leave we have to fold the laundry which has been accumulating on the couch for the pat two days, it's always a struggle to get them to fold the laundry, but going swimming is a good motivator. Cashier lady is very strict, and I have to pay for a family ticket + two kids to gain entry. We have lots of fun, and I manage to convince E2 to dive properly, starting from the sitting position, then crouching position, then standing position. I think we managed to overcome his fear of belly flop - at least he now can dive. V found $4 at the bottom of the pool and she buys some hot chips she shares with everyone.
Back home, we have to get ready for cello lesson, luckily the teacher comes home for this one, and she brings her daughter with her. We have a big afternoon tea - cello start for E1 her exam is next Saturday so she has an extra long lesson, then it's J2 and C's turn. During the lesson I start dinner, I bought some prawn and they need to be peeled, no kids want to try, "it's too disgusting" only the cello teacher daughter manages to peel a couple prawns. I cook them with garlic to go with pasta. Kids won't touch them, they can have cheese & tomato sauce. For dessert I make apple crumble, but in the rush I leave the oven on grill instead of fan forced, and it ends up with slightly burned top - still alright to eat but I had done better. Wife is back from concert to share dinner with us, and we even have the cello daughter who is having pasta & apple crumble.

Then it's time for bed - at least for the kids

2015-08-11

Give me a diagram!

It happens so often.

I read some blog post or a book or a github repository or I talk with someone, and the discussion is veering towards describing a process. Immediately I feel the need for a diagram. I didn't think I was a visual guy, but the more it goes, the more it drives me mad.

Look at gulp, or any of it's plugin, they are all describing a workflow process and there isn't a single diagram in any of the docs or books I am reading on the topic.


2015-08-07

Static Site Hosting

Everyday I found out about a new service provider for static site hosting, it seems that everyone and their dog is providing the service, the latest one, surge.sh seems to be doing everything I have been looking for in such a service. So it's probably time to actually list what features I am looking for in a static site hosting service:

  • command line update
  • Documented CDN
  • No constraints on file types
  • SSL subdomain
  • SSL custom domain
  • Some kind of source control system (integration with a git provider is ok)
  • Online editing (for chromebooks)
  • drag and drop updates (not required, but nice to have)
  • minimal monthly price (free is fine)
Another I looked at recently is cloud9, which originally was only a web IDE, but seems to have evolved to be a full blown vm provider as well where you can run any command you like (a la runnable.com) probably a bit toomuch for what I am after, but interesting none the less.

2015-08-06

2 more static site hosting solutions which are not

Today I realised that using Google Drive or Dropbox for static site hosting is probably no the best idea, as they don't support relative path and needs to hardcode each file dependencies in the html + there is not way to provide a custom a domain - so this should be reserved for the ad-hoc single-page site.

2015-08-05

10, 100 days challenge

I challenged my kids to a 10 and 100 days challenge of blog post, after 5 days, we are all still there... very exciting to see them post stuff everyday.
check out their blogs at

2015-08-04

3 static web site hosting solutions - Day 3

My three pick for the day are:

  • https://getforge.com/
  • https://neocities.org/
    Very cute UI, super simple, online editor, though the restriction to avoid abuse stopped me form uploading my website which contained sccs files, once deleted, the upload worked with a single drag&drop. After the free tier, there is only one tier at $5 a month, which gives you CNAME (custom domains), generic SSL and remove the restrictions, definitely chromebook friendly - would recommend for 1st time users and kids. But the lack of versioning or automation (beside the webdav mount on the payment tier) is a no-go for developers.
  • https://www.dropbox.com/
    There is a lot of documentation on how to host a website as a shared dropbox folder, but no matter how hard I tried, that feature doesn't seem to be available through the free account setup.