remove the passphrase from a pkcs12 certificate

PKCS12 defines a file format that contains a private key an a associated certifcate. These files might be used to establish some encrypted data exchange. In the current use case, OpenVPN is used to connect to a remote network. The pkcs12 is being issued by a CA (certificat authority) tool. For security reasons, the private key contained in the pkcs12 is normally protected by a passphrase. This has the downside, that you need to manually type the passphrase whenever you need to establish the connection. But there’s a way to get around this. OpenSSL is a swiss-army-knife toolkit for managing simply everything in the field of keys and certificates. Since it’s a command line tool, you need to understand what you’re doing. So it took me a little to figure out how to remove a passphrase from a given pkcs12 file. Here’s what I’ve done:

The first command decrypts the original pkcs12 into a temporary pem file. pem is a base64 encoded format. The second command picks this up and constructs a new pkcs12 file. During this, the new passphrase is asked. By simply typing ‘return’ here, it set to nothing. When using unprotected.p12 in the OpenVPN connection, you’re no longer asked for a passphrase.

A word of warning: I do not recommend doing this generally. From my perspective it’s okay, if your unprotected pkcs12 file is protected by other means, e.g. harddisc encryption.


running Groovy on the Nokia N900

My favorite gadget for the last few months is definitely the Nokia N900. It’s a geeky device with a real Linux OS aboard. In opposite to it’s locked down competitors, the N900 runs Maemo, a platform consisting (mostly) of open source software. So I wonder if it’s possible to use Groovy on that. And yes, it is possible!


Grails Neo4j plugin 0.2 released

Today an important update of the Grails Neo4j plugin has been released. Neo4j is a graph database, it’s main concepts are described in brevity in a previous post.  The plugin provides a convenient way to use Neo4j as a persistence layer for Grails domain classes.

The key features / changes of this release are:

  • domain classes managed by Neo4j can now co-existing with traditional domain classes (aka mapped by Hibernate)
  • Upgrade to Neo4j 1.0
  • usage of Grails dependency resolution instead of embedding the jars in /lib directory
  • added a seperate controller to inspect the Neo4j node space
  • major refactoring using AST transformation, just like in the couchdb plugin
  • support for the Neo4j indexer
  • support for non-declared properties
  • support for traversers

syncing PIM data between Thunderbird Funambol and a Nokia N900 using Funambol

Since about 1 month I’m a proud owner of a Nokia N900. This gadget is really impressive, combining powerful hardware with a open source based operating system. Since it’s the very first Meamo based phone out there, it’s obvious that not everything is perfect for now.

One thing I have been struggling with is synchronizing my PIM data. On the notebook or desktop computer I’m using thunderbird together with the lightning extension (and some other useful addons) holding my contact and calendar data. This stuff should be synced to and from the N900.

The N900’s default solution for syncing is Nokia’s PC suite. Since I’m on Linux, this is no option at all. I tried to use Opensync – without succeeding. A few days ago the InternetTabletBlog published a great german article on syncing the N900 against Using this information, it was pretty simple to adopt the procedure to work with Funambol.

Setting up Funambol

The installation procedure of the Funambol server is very well documented, so I’ll cover here only the main steps without going into detail.

  • Download the Funambol Server from
  • sudo sh ./funambol-8.0.2.bin installs the server software by default to /opt/Funambol
  • startup the server: /opt/Funambol/bin/funambol start
  • Using funambol’s admin tool, set the server’s URL to a reasonable value
  • check if http://<servername>:8080/funambol/ds return a page like this:

Setup thunderbird

  • Install Funambol Mozilla Sync Client and configure it to use the URL from the previous step.
  • Provide an arbitrary login and password, Funambol adds an user accout automatically.
  • Run the sync, your PIM data should now be copied to the Funambol server
  • Check if data was transferred by logging into http://<yourserver>:8080/funambol/webdemo

Configuring the N900

This is described in detail here, so I’ll just repeat the main steps:

  • install syncevoltion from
  • create a syncevoltion profile:
  • edit the config file of the created profile to match your setup:
  • run the sync:

… and hopefully your done.


Customizing Grails data binding with a “groovy” PropertyEditor

When Grails binds data e.g. when the controller’s bindData method is called, it instantiates a GrailsDataBinder to take the action. GrailsDataBinder configures itself with  some basic ProperyEditors. The neat thing is you can extend that behaviour by adding an arbitrary named PropertyEditorRegistrar implementation to the application context. The PropertyEditorRegistrar registers one or multiple PropertyEditors.

A recent use case was the ability to look up some domain instance by a given key and use this for data binding. Coding a seperate PropertyEditor for each domain class would not really be DRY, so I decided to go the groovy way: a DomainClassLookupPropertyEditor:

The PropertyEditor calls the domain class’ findBy<Property> method to look up the desired instance. The PropertyRegistrar looks like this:

Last, we need to configure that in resources.groovy:


Solved a little trouble with Hudson and Grails

A few months ago I started to use Hudson for continuous  integration. Installing and running Hudson is very simple and well documented. There’s a plugin for Grails available.

In most of my Grails projects, I’m using the Acegi Plugin. By default, this plugin utilizes EhCache for caching user data. In principal this is a good idea but it comes to trouble when using multiple Grails apps in Hudson. The default configuration uses /tmp/ for this cache. Since multiple apps use the same cache directory, it’s obvious that we get in trouble.

The most simple solution here is to completely disable the user cache. This can be easily done in grails-app/conf/SecurityConfig.groovy by adding

Another (and probably better) option would be using a more sophisticated cache configuration e.g. by including the application’s name in the cache store dir. Or, even better, disable the cache in development and testing environment and configure it with a unique path name for production.

As mostly always: use the simplest solution that could probably work.

Over and out.


MySQL backup script

I did some research on how to backup up a MySQL database on a regularly base. Finally I decided to use automysqlbackup. It’s a no-brainer. Just drop the script to /etc/cron.daily and configure the database settings and target directory. Very cool stuff!


Pimp my Netbook

I really like my netbook a Samsung NC10 – but the factory default RAM (1GB) is to low for me. The harddisc shipping with the NC10 is rather slow. So I decided to pimp it: double the RAM – so it’s 2 GB now, and get a fast SSD instead of the harddisc. The new harddisc is a Samsung MMCRE28G5MXP-0VB. Following exchanging the disc was a piece of cake.

My first and completely subjective impression is a big performance boost. Before the upgrade, the limiting factor was disc I/O, now it’s CPU.


Example for using Neo4j with Grails

In reply to my today’s annoncement of the Neo4j Grails plugin, @StigLau asked me to provide an example for using the Neo4j Grails plugin. So here we go:

  1. Create your sample application:
  2. Add the Neo4j plugin:
  3. create some sample domain classes:
  4. create a controller for the domain class
  5. modify the domain classes:

  6. modify the controller to use dynamic scaffolding:

  7. start up the application:
  8. use it, love it: go to http://localhost:8080/neo4jtest, add some authors and books.
  9. to explore the Neo4j node space created with your grails app, check out Neoclipse.

UPDATE: Use Grails 1.2.1


Neo4j Grails Plugin

Today I released the first version of the  Neo4j Grails plugin. The plugin’s goal is to provide an alternative approach for storing Grails domain classes: in the Neo4j database.

Neo4j is a relative new and very interesting approach for persitence in a non-SQLish way. Neo4j is a graph database and uses the concept of


A node is the basic building block. It normally represents a “something”, a entity.


Relationsships are associations between nodes. Each relationship connects exactly two nodes. Relationsships have a direction: incoming, outgoing or both.


Each node or relationship might contain a set of properties. A property has a name (String) and a value (primitive datatype). Complex value are not allowed for properties.

This is completely different from the SQL approach. There are no tables, columns, indexes, and other stuff we’ve dealt with for years. Somewhat crucial is the way how to organize the node space. Neo4j gives some advice here.

Neo4j itself uses the AGPL license, the plugin is licensed the WTFPL.

How the plugin works

Using Groovy’s metaprogramming capabilities, the basic CRUD-methods list, save, get and delete are added transparently to each domain class. In addition, each domain instance gets a ‘node’ property referencing the associated Neo4j Node.

For each domain class a subreference node is created related to the reference aka root node. Each domain instance holds a relation to it’s subreference node. For non-primitive properties, either relations to other domain nodes are used or they are converted to strings using the Spring’s PropertyEditor approach.

Aside from this, the plugin starts up and closes the Neo4j database. The database’s path is configured using the grails.neo4j.storeDir property in Config.groovy.

Howto use the plugin

The plugin can be used transparently in a Grails application. The only thing you have to do is to remove the hibernate plugin and install the neo4j plugin:

Add some domain classes and controllers with scaffolding – they should work.

What currently works

  • basic CRUD operations on domain classes
  • one-to-one, one-to-many, many-to-one and many-to-many relations of domain classes
  • the current implementation supports scaffolding
  • Together with the acegi plugin, you can store your user, role and requestmap information in neo4j. Since the default UserDetailsService relies on Hibernate’s SessionFactory you have to use a custom UserDetailsService to get this working.

What’s still missing (and hopefully will be added in upcoming releases)

  • currently all constraints are ignored
  • only a subset of the domain methods are implemented
  • dynamic finders have only a very basic support: just DomainClass.findBy[Property](value) works so far

New planned features

  • SVG controller/views to display the complete object graph, just like Neoclipse does.
  • Gant scripts for automatically snapshotting and restoring the database
  • Criteria queries implemented using Neo4j traversers

Any feedback is appreciated.