Blog Thom Wiggers's blog

Certificate signing with an ePass2003

Written by Thom Wiggers on 10 Jun 2014

I have a fairly creative ssl setup on my webserver:

  • I run my own 'certificate authority' which signs the server certificate;
  • I have a bunch of alternative names specified;
  • The CA certificate sits on an ePass 2003 PKI token.

I'm writing down how I sign certificates in this context so I can use this to look up the procedure instead of spending hours in DuckDuckGo. This is more of a tutorial than elegant prose.


Written by Thom Wiggers on 01 May 2014

Blendle is een kort geleden gelanceerde website waarop je digitaal door kranten en tijdschriften kan bladeren. Denk je "goh, dit wil ik wel lezen", dan kun je met één klik het artikel openen en tegen betaling van zo'n € 0,10 het artikel lezen. Dit alles in een simpele, maar heel effectieve website.


Written by Thom Wiggers on 30 Apr 2014

As you can see, this site has been overhauled! I am now using the pretty awesome Jekyll static site generator.

The source of my website is on Github.

Time-invariant equality in assembly

Written by Thom Wiggers on 21 Mar 2014

For crypto code it's important that it's time-invariant, otherwise it is vulnerable to timing attacks. I've had to build this time-invariant equality test from scratch, because I couldn't find something on Google. I hope it's useful to someone else.

Written by Thom Wiggers on 16 Mar 2014

Users of PGP will be aware of the many keyservers around the web. has launched as an interesting alternative to the 'boring' and complicated keyservers. They provide an easy CLI client and web client (if you choose to share your private key - I didn't) for PGP crypto, where you don't need to know someone's key id - just their username on Twitter or GitHub.


Written by Thom Wiggers on 25 Feb 2014

Instead of trusting Telegram (which is a bad idea, try using Google for a few minutes, or start here) I'm going to bet on TextSecure, which actually does something which resembles OTR.

Music Review

Written by Thom Wiggers on 29 Sep 2013

It's been a while since I posted. Today I decided it was time to behave myself a bit like the pretentious hipster I secretly am and post a bit about the music that I discovered lately.

OpenSC, Gentoo & Feitian ePass 2003

Written by Thom Wiggers on 25 May 2013

While playing with my ePass2003 on my Gentoo installation today, I had some trouble getting it to work. As it turned out, you need the following use flags enabled:

# /etc/portage/package.use
dev-libs/opensc pcsc-lite secure-messaging

Hope this helps someone.