Notes on openssl and keytool

Generate an plain pem file including the private and public key
openssl genrsa -out rsa-2048bit-key-pair.pem 2048

Generate an jks file including the private, public key and selfsigned certificate
keytool -genkey -keyalg RSA –keysize 2048 -alias rsa-2048 -keystore keystore.jks

Generate an encrypted pem file with passphrase from scratch - It's equivalent to create the "root key"
openssl genrsa -aes128 -passout pass:myP4ss -out rsa-2048bit-key-pair-encrypted.pem 2048

Generate an encrypted pem file with passphrase from plain pem file
openssl rsa -in rsa-2048bit-key-pair.pem -aes128 -passout pass:myP4ss -out rsa-2048bit-key-pair-encrypted.pem

Remove the passphrase and the encryption:
openssl rsa -in rsa-2048bit-key-pair-encrypted.pem -out rsa-2048bit-key-pair-nonencrypted.pem

Extract the public key:
openssl rsa -in rsa-2048bit-key-pair.pem -pubout -out rsa-2048bit-public-key.pem

what's inside the public key file
openssl rsa -noout -text -inform PEM -in rsa-2048bit-public-key.pem -pubin

what's inside the private key file
openssl rsa -noout -text -in rsa-2048bit-key-pair.pem

Creating an empty keystore jks
keytool -genkey -keyalg RSA –keysize 2048 -alias alias-example -keystore keystore.jks
keytool -delete -alias alias-example -keystore keystore.jks

Creating an empty keystore jceks
keytool -genseckey -keyalg AES -keysize 256 -alias alias-example -storetype jceks -keystore keystore.jck
keytool -delete -alias alias-example -storetype jceks -keystore keystore.jck

Convert pem file into DER format
openssl pkcs8 -topk8 -nocrypt -in rsa-2048bit-key-pair.pem -inform PEM -out rsa-2048bit-key-pair.der -outform DER

Generate a Self-Signed Certificate from an Existing Private Key
openssl req -key rsa-2048bit-key-pair.pem -new -x509 -days 365 -out self-signed-certificate.crt

Generate the CSR
openssl req -new -sha256 -key rsa-2048bit-key-pair.pem -out certificate-signing-request.csr

Generate the PKCS 12 file using your private key and CA self signed certificate of it
openssl pkcs12 -export -in self-signed-certificate.crt -inkey rsa-2048bit-key-pair.pem -certfile self-signed-certificate.crt -out rsa-2048bit-key-pair.p12

Import pkcs12 into JKS
keytool -importkeystore -srckeystore rsa-2048bit-key-pair.p12 -srcstoretype pkcs12 -srcalias 1 -destalias rsa-2048 -destkeypass k3y -destkeystore keystore.jks -deststoretype JKS

List Keys in JKS
keytool -list -v -keystore keystore.jks

Rename Alias
keytool -changealias -alias domain -destalias newdomain -keystore keystore.jks

List pkcs12
keytool -v -list -storetype pkcs12 -keystore rsa-2048bit-key-pair.p12

List jceks
keytool -v -list -storetype jceks -keystore keystore.jck

Export public key from keystore to pem
keytool -exportcert -rfc -alias rsa-2048 -keystore keystore.jks -file rsa-2048-crt.pem
openssl x509 -in rsa-2048-crt.pem -pubkey -noout > rsa-2048-public-key.pem

Symmetric encription with AES 256
openssl enc -aes-256-cbc -k secret -P -md sha256

Generation of key, iv for symmetric encription with AES 128
openssl enc -aes-256-cbc -k secret -P -md sha1

Direct access on docker windows

Create an direct access in windows like this:
Destiny: C:\Windows\System32\cmd.exe /k “D:\mplescano\programs\DockerToolbox\mplescano.cmd”

The content of mplescano.cmd is:
´´set proxy=http://pxsis.sunat.peru:8080
set HTTP_PROXY=%proxy%
set HTTPS_PROXY=%proxy%
set PATH=%PATH%;D:\mplescano\programs\DockerToolbox
docker-machine.exe start mplescano
for /f %%j in (‘docker-machine.exe ip mplescano’) do set DOCKER_HOST=%%j
@FOR /f “tokens=*” %%i IN (‘docker-machine.exe env mplescano’) DO @%%i
“C:\Program Files (x86)\Git\bin\bash.exe” –login -i



Spring AOP Transacional

    <!-- Para que funcione @annotation se tuvo que agregar una nueva version de aspectj 1.7.2 en el lib del ws-ear y sobrecargar el paquete en el weblogic-application.xml -->    
<!-- Para que funcione @annotation se tuvo que agregar una nueva version de aspectj 1.7.2 en el lib del ws-ear y sobrecargar el paquete en el weblogic-application.xml -->    
<!-- Se comentó tx:annotation-driven en favor de pointcut para tener un mayor control sobre que paquetes debe usar el maestros.transactionManager y         no colisionar con otros transactionManager --> 
<!-- <aop:config>
 <aop:pointcut id="maestro.transactional" expression="execution(* pe.gob.sunat.iqbf2.registro.maestros.service.impl.*.*(..)) &amp;&amp; @annotation(org.springframework.transaction.annotation.Transactional)"/> 
<aop:advisor pointcut-ref="maestro.transactional" advice-ref="maestro.txadvice"/> 
 <bean name="maestro.txadvice" class="org.springframework.transaction.interceptor.TransactionInterceptor"> 
<property name="transactionManagerBeanName" value="transactionManager" /> 
<property name="transactionAttributeSource">
        <bean class="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource"/>
        </property> </bean> -->
 <!-- ======================== -->
        <!-- Crea un transaction manager JTA de id transactionManager -->
    <!-- Esto para asegurar que la transaccion sea independiente del datasource, y la transaccion sea multi-datasource -->
    <!-- Los datasources tienen que ser obtenidos desde jndi -->
    <!-- <tx:jta-transaction-manager/> -->


<bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/>

<bean name="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0"
<constructor-arg index="0">
<bean class="com.example.MyTransactionAnnotationParser" />
</bean> <bean name="org.springframework.transaction.interceptor.TransactionInterceptor#0"
<property name="transactionManagerBeanName" value="transactionManager" />
<property name="transactionAttributeSource" ref="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0" />

<bean id="org.springframework.transaction.config.internalTransactionAdvisor"
<property name="transactionAttributeSource" ref="org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0" />
<property name="adviceBeanName" value="org.springframework.transaction.interceptor.TransactionInterceptor#0"/>
</bean> ´

Apache James 3.0-RC1 Intallation and Configuration in Jdk 1.6

Download from

Unzip to /oracle/james-server-app-3.0.0-RC1/

Then, you have to copy and rename configurations files from the template files in the conf/ folder
cp indexer-template.xml indexer.xml
cp quota-template.xml quota.xml
cp events-template.xml events.xml
cp managesieveserver-template.xml managesieveserver.xml

Look into the configuration of this repo. it could help:

* This command can help you to find details of an compiled class
javap -verbose -classpath /oracle/james-server-app-3.0.0-RC1/lib/joda-time-2.9.4.jar org.joda.time.base.BaseDateTime

  • This command can help you to find a class file in a folder of jar files:
    grep BaseDateTime.class ../lib/.jar (only works in dir containing jar files)
    find ../lib/ -type f -name ‘
    .jar’ -print0 | xargs -0 -I ‘{}’ sh -c ‘jar tf {} | grep Hello.class && echo {}’

  • This command can help you to find the the xml file that contains that word.
    grep -R –include=”.xml” “admin” /oracle/james-server-app-3.0.0-RC1
    or this grep -r -R –include=”
    .xml” -F “8280” /opt/wso2/ei

You have to eliminate the package joda-time in the jar elasticsearch-2.2.1.jar inside the conf folder. Because is compiled in java 7 version.

You have to eliminate the jar files lucene-analyzers-common-5.4.1.jar and lucene-backward-codecs-5.4.1.jar from the conf folder.

You have to execute the james server like this:
sudo /oracle/james-server-app-3.0.0-RC1/bin/james start

You can follow the status of the james server:
sudo /oracle/james-server-app-3.0.0-RC1/bin/james status

You can see the log file of the james server:
cat /oracle/james-server-app-3.0.0-RC1/log/james-server.log

You can add domain like this:
sudo /oracle/james-server-app-3.0.0-RC1/bin/ -h localhost adddomain

See more information in

Notes on Ransomware WannaCry

- Block the ports 137/UDP y 138/UDP 139/TCP y 445/TCP.

#Catalog of patches

#How to disable the smbv1
Disables the SMBv1 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

Enables the SMBv1 on the SMB client by running the below commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto

Notes in Informix

#in squirrel you can disable the colon character of parameters inline request by unloading the plugin sqlparam

#enter in interactive mode only commands
#ctrl+d for closing the program
dbaccess - -

#command to connect a DB inside to dbaccess - -:
database your_db;

#import only the schemas of the database
dbschema -t all -d sicobf3 -nw -q -ns dboutput3.txt

#schema data model of sysmaster

#list databases
select * from sysmaster:sysdatabases;

#create database in informix with support of autocommit in jdbc
create database sicobf3 with log;

#Below are to know how was set the variables from your client, especially the date format
SELECT      envses_name, envses_value
FROM        sysmaster:sysenvses
WHERE       envses_name IN (
            AND envses_sid = DBINFO('sessionid')
ORDER BY    DECODE(envses_name,
                'DBDATE',           0,
                'GL_DATE',          1,
                'CLIENT_LOCALE',    2
SELECT * FROM        sysmaster:sysenvses WHERE   envses_sid = DBINFO('sessionid');
SELECT  env_name, env_value FROM    sysmaster:sysenv WHERE   env_name = 'DBDATE';
SELECT  CURRENT::DATE FROM    sysmaster:sysdual;
SELECT  TODAY FROM    sysmaster:sysdual;

#set properties in the jdbc driver of informix, in this case GL_DATE since DBDATE is deprecated
#or with DBDATE=MDY4

#to know the current database used
select * from sysmaster:syssqlcurses

#to know the version of the DB
SELECT  DBINFO('version','full') FROM    sysmaster:sysdual;

#To know the schema of a table in informix:
dbschema -d DB_sicobf3 -t Table_t5641rstockestab


#When you use docker run to start a container, it actually creates a new container 
#based on the image you have specified.
#you can restart an existing container after it exited and your changes are still there.
docker start f357e2faab77 # restart it in the background
docker attach f357e2faab77 # reattach the terminal & stdin

#Preparing a private registry
#For windows docker 1.13
#initiate session
docker-machine ssh default
vi /var/lib/boot2docker/profile
#and put this params
--label provider=virtualbox
#restart docker-machine restart default

#for dockerD in windows
#in windows dockerd resides inside the virtual machine, you have to enter in session. Version 1 of docker-toolbox.
#if you want to tweak some configuration, you have to create the file: 
sudo touch /etc/docker/daemon.json
#locate the pid of the dockerd daemon process
ps -uxa|grep dockerd
#kill by reloading its new config
kill -SIGHUP pidOfDockerd
#more options in

Notes on Oracle DB XE

SELECT username, privilege FROM USER_SYS_PRIVS;
select user from dual;
select sys_context( 'userenv', 'current_schema' ) from dual; 
select * from all_users;

-- drop user
drop user soademo_01 cascade;

-- Create user in XE
create user soademo_01 identified by "soademo_01"
grant dba, resource, connect to soademo_01;
connect soademo_01/soademo_01; -- doesnt work in sql gui jdbc

-- northwind in oracle

-- access to HR sample schema in XE
ALTER USER HR IDENTIFIED BY HR; -- to pass the expired account
CONNECT HR/HR -- doesnt work in sql gui jdbc

#How do I connect as SYSDBA or SYSOPER?
#Properties props = new Properties(); props.put("user", "scott"); props.put("password", "tiger"); props.put("internal_logon", "sysoper");

#see all the variables related to language in oracle client jdbc

#modify params of session because to_date('08-DEC-48','DD-MON-RR') was giving me errors
ALTER SESSION SET NLS_DATE_LANGUAGE = 'American' -- <- here without semicolon!

#sqldeveloper change idiom of the gui

#Shows the current schema
select sys_context( 'userenv', 'current_schema' ) from dual; 

#List all the tables accessibles for the user.
SELECT * FROM dba_tables where table_name like '%CATALOGO%';

#List all the synonyms accessible for the user.
select * from all_synonyms where table_name like 'T%'