Category Archives: Mac

Adding OIDs to XCA

Adding OIDs to XCA is a straightforward process. I was able to follow the official guide at https://hohnstaedt.de/xca-doc/xca-13.html with minimal issues.

First, ensure you download XCA v2.x from the official download page https://hohnstaedt.de/xca/index.php/download. The instructions didn’t make sense at first since I was running xca v1.4.1.

Create a file named “oids.txt” in the user’s XCA directory:

Windows: C:\Users\<username>\AppData\Roaming\xca
macOS: ~/Library/Application Support/data/xca
Linux: ~/.xca

C:\Users\Admin\AppData\Roaming\xca\oids.txt — oids.txt on Windows

Add the OID(s) to oids.txt using the format “<oid> : <short_name> : <long_name>”. In the example below, I added a (Microsoft) Remote Desktop Authentication OID (1.3.6.1.4.1.311.54.1.2):

1.3.6.1.4.1.311.54.1.2: rdpAuth: Remote Desktop Authentication — oids.txt content

Copy the eku.txt file from the XCA installation location to the user’s XCA directory:

Windows: C:\Program Files\xca
macOS: /Applications/xca.app/Contents/Resources
This can be accessed through the command line or right clicking on the xca application and selecting “Show Package Contents”
Linux: /usr/share/xca or /usr/local/share/xca

Note: The whole file eku.txt file must be copied, because xca only parses the first eku.txt it encounters.

Add a line to the user’s eku.txt referencing your new EKU:

rdpAuth — Add the new EKU to the list of pre-defined EKUs

Close and re-open XCA and your new EKU will be available:

xca: Remote Desktop Authentication EKU — XCA Key Usage Tab

After adding the Remote Desktop Authentication EKU, I found out it is no longer supported/recognized. The Microsoft Remote Desktop 10 app on macOS and Windows 10 both report the EKU as invalid/unknown.

BASH OpenSSL TOTP

Here is a BASH and OpenSSL implementation of a Time-Based One-Time Password generator for "emegency" if my phone is stolen or broken. All I need is a backup copy of the authenticator secrets. When setting up two-factor authentication, these codes are often displayed below the QR code.

BASH OpenSSL HMAC Update

Here is an update to my BASH OpenSSL HMAC script to be much more efficient, now that I’ve learned that BASH supports a lot more operators than I realized. The update is at www.tidgubi.com/tools/text/bash-openssl-hmac/.

Base32 Decoder Update

I’ve updated my BASH Base32 Decoder to be more efficient by using exit codes and bitwise operators (I read the bash man page).

BASH Exit Codes

I’ve been learning a lot about BASH lately and am working on re-writing my Base32 Decoder and HMAC scripts before releasing the full OTP script.

One of the topics that helps with signalling and control flow between BASH functions is exit codes. Understanding the results of calling exit and the exit code that is stored in $?.

#!/bin/bash

function myFunction {
   echo $1
   exit $1
}

# Call 1
var=$(myFunction 1)
echo "Exit 1: $?"

# Call 2
(myFunction 2)
echo "Exit 2: $?"

# Call 3
(( var += 1 ))
echo "Exit 3: $?"

# Call 4
(( 1 / 0 ))
echo "Exit 4: $?"

# Call 5
myFunction 5
echo 'The last line.'

Call 1 captures the stdout of myFunction in var, captures the exit code, then prints the exit code of myFunction,.

Call 2 prints directly to stdout, captures the exit code, and prints the exit code of myFunction.

Call 3, the exit code of the arithmetic operation is printed.

Call 4, shows that a failed arithmetic operation returns a non-zero exit code. Note: Most operations will succeed, even if invalid parameters are given.

Call 5 shows that when a directly called function (i.e. not in a subshell) exits, it causes the whole script or function to exit (i.e. the last line is never executed).

Running the script produces the following output:

Exit 1: 1
2
Exit 2: 2
Exit 3: 0
./test.sh: line 21: ((: 1 / 0 : division by 0 (error token is " ")
Exit 4: 1
5