+ <div class="entry">
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Fetching_trusted_timestamps_using_the_rfc3161ng_python_module.html">Fetching trusted timestamps using the rfc3161ng python module</a></div>
+ <div class="date"> 8th October 2018</div>
+ <div class="body"><p>I have earlier covered the basics of trusted timestamping using the
+'openssl ts' client. See blog post for
+<a href="http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html">2014</a>,
+<a href="http://people.skolelinux.org/pere/blog/syslog_trusted_timestamp___chain_of_trusted_timestamps_for_your_syslog.html">2016</a>
+and
+<a href="http://people.skolelinux.org/pere/blog/Idea_for_storing_trusted_timestamps_in_a_Noark_5_archive.html">2017</a>
+for those stories. But some times I want to integrate the timestamping
+in other code, and recently I needed to integrate it into Python.
+After searching a bit, I found
+<a href="https://dev.entrouvert.org/projects/python-rfc3161">the
+rfc3161 library</a> which seemed like a good fit, but I soon
+discovered it only worked for python version 2, and I needed something
+that work with python version 3. Luckily I next came across
+<a href="https://github.com/trbs/rfc3161ng/">the rfc3161ng library</a>,
+a fork of the original rfc3161 library. Not only is it working with
+python 3, it have fixed a few of the bugs in the original library, and
+it has an active maintainer. I decided to wrap it up and make it
+<a href="https://tracker.debian.org/pkg/python-rfc3161ng">available in
+Debian</a>, and a few days ago it entered Debian unstable and testing.</p>
+
+<p>Using the library is fairly straight forward. The only slightly
+problematic step is to fetch the required certificates to verify the
+timestamp. For some services it is straight forward, while for others
+I have not yet figured out how to do it. Here is a small standalone
+code example based on of the integration tests in the library code:</p>
+
+<pre>
+#!/usr/bin/python3
+
+"""
+
+Python 3 script demonstrating how to use the rfc3161ng module to
+get trusted timestamps.
+
+The license of this code is the same as the license of the rfc3161ng
+library, ie MIT/BSD.
+
+"""
+
+import os
+import pyasn1.codec.der
+import rfc3161ng
+import subprocess
+import tempfile
+import urllib.request
+
+def store(f, data):
+ f.write(data)
+ f.flush()
+ f.seek(0)
+
+def fetch(url, f=None):
+ response = urllib.request.urlopen(url)
+ data = response.read()
+ if f:
+ store(f, data)
+ return data
+
+def main():
+ with tempfile.NamedTemporaryFile() as cert_f,\
+ tempfile.NamedTemporaryFile() as ca_f,\
+ tempfile.NamedTemporaryFile() as msg_f,\
+ tempfile.NamedTemporaryFile() as tsr_f:
+
+ # First fetch certificates used by service
+ certificate_data = fetch('https://freetsa.org/files/tsa.crt', cert_f)
+ ca_data_data = fetch('https://freetsa.org/files/cacert.pem', ca_f)
+
+ # Then timestamp the message
+ timestamper = \
+ rfc3161ng.RemoteTimestamper('http://freetsa.org/tsr',
+ certificate=certificate_data)
+ data = b"Python forever!\n"
+ tsr = timestamper(data=data, return_tsr=True)
+
+ # Finally, convert message and response to something 'openssl ts' can verify
+ store(msg_f, data)
+ store(tsr_f, pyasn1.codec.der.encoder.encode(tsr))
+ args = ["openssl", "ts", "-verify",
+ "-data", msg_f.name,
+ "-in", tsr_f.name,
+ "-CAfile", ca_f.name,
+ "-untrusted", cert_f.name]
+ subprocess.check_call(args)
+
+if '__main__' == __name__:
+ main()
+</pre>
+
+<p>The code fetches the required certificates, store them as temporary
+files, timestamp a simple message, store the message and timestamp to
+disk and ask 'openssl ts' to verify the timestamp. A timestamp is
+around 1.5 kiB in size, and should be fairly easy to store for future
+use.</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+</div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
<div class="entry">
<div class="title"><a href="http://people.skolelinux.org/pere/blog/Automatic_Google_Drive_sync_using_grive_in_Debian.html">Automatic Google Drive sync using grive in Debian</a></div>
<div class="date"> 4th October 2018</div>
<p>I hope you find the approach useful. I know I do.</p>
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
-</div>
- <div class="tags">
-
-
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/kodi">kodi</a>, <a href="http://people.skolelinux.org/pere/blog/tags/video">video</a>.
-
-
- </div>
- </div>
- <div class="padding"></div>
-
- <div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Streaming_the_Linux_desktop_to_Kodi_using_VLC_and_RTSP.html">Streaming the Linux desktop to Kodi using VLC and RTSP</a></div>
- <div class="date">12th July 2018</div>
- <div class="body"><p>PS: See
-<ahref="http://people.skolelinux.org/pere/blog/Simple_streaming_the_Linux_desktop_to_Kodi_using_GStreamer_and_RTP.html">the
-followup post</a> for a even better approach.</p>
-
-<p>A while back, I was asked by a friend how to stream the desktop to
-my projector connected to Kodi. I sadly had to admit that I had no
-idea, as it was a task I never had tried. Since then, I have been
-looking for a way to do so, preferable without much extra software to
-install on either side. Today I found a way that seem to kind of
-work. Not great, but it is a start.</p>
-
-<p>I had a look at several approaches, for example
-<a href="https://github.com/mfoetsch/dlna_live_streaming">using uPnP
-DLNA as described in 2011</a>, but it required a uPnP server, fuse and
-local storage enough to store the stream locally. This is not going
-to work well for me, lacking enough free space, and it would
-impossible for my friend to get working.</p>
-
-<p>Next, it occurred to me that perhaps I could use VLC to create a
-video stream that Kodi could play. Preferably using
-broadcast/multicast, to avoid having to change any setup on the Kodi
-side when starting such stream. Unfortunately, the only recipe I
-could find using multicast used the rtp protocol, and this protocol
-seem to not be supported by Kodi.</p>
-
-<p>On the other hand, the rtsp protocol is working! Unfortunately I
-have to specify the IP address of the streaming machine in both the
-sending command and the file on the Kodi server. But it is showing my
-desktop, and thus allow us to have a shared look on the big screen at
-the programs I work on.</p>
-
-<p>I did not spend much time investigating codeces. I combined the
-rtp and rtsp recipes from
-<a href="https://wiki.videolan.org/Documentation:Streaming_HowTo/Command_Line_Examples/">the
-VLC Streaming HowTo/Command Line Examples</a>, and was able to get
-this working on the desktop/streaming end.</p>
-
-<blockquote><pre>
-vlc screen:// --sout \
- '#transcode{vcodec=mp4v,acodec=mpga,vb=800,ab=128}:rtp{dst=projector.local,port=1234,sdp=rtsp://192.168.11.4:8080/test.sdp}'
-</pre></blockquote>
-
-<p>I ssh-ed into my Kodi box and created a file like this with the
-same IP address:</p>
-
-<blockquote><pre>
-echo rtsp://192.168.11.4:8080/test.sdp \
- > /storage/videos/screenstream.m3u
-</pre></blockquote>
-
-<p>Note the 192.168.11.4 IP address is my desktops IP address. As far
-as I can tell the IP must be hardcoded for this to work. In other
-words, if someone elses machine is going to do the steaming, you have
-to update screenstream.m3u on the Kodi machine and adjust the vlc
-recipe. To get started, locate the file in Kodi and select the m3u
-file while the VLC stream is running. The desktop then show up in my
-big screen. :)</p>
-
-<p>When using the same technique to stream a video file with audio,
-the audio quality is really bad. No idea if the problem is package
-loss or bad parameters for the transcode. I do not know VLC nor Kodi
-enough to tell.</p>
-
-<p><strong>Update 2018-07-12</strong>: Johannes Schauer send me a few
-succestions and reminded me about an important step. The "screen:"
-input source is only available once the vlc-plugin-access-extra
-package is installed on Debian. Without it, you will see this error
-message: "VLC is unable to open the MRL 'screen://'. Check the log
-for details." He further found that it is possible to drop some parts
-of the VLC command line to reduce the amount of hardcoded information.
-It is also useful to consider using cvlc to avoid having the VLC
-window in the desktop view. In sum, this give us this command line on
-the source end
-
-<blockquote><pre>
-cvlc screen:// --sout \
- '#transcode{vcodec=mp4v,acodec=mpga,vb=800,ab=128}:rtp{sdp=rtsp://:8080/}'
-</pre></blockquote>
-
-<p>and this on the Kodi end<p>
-
-<blockquote><pre>
-echo rtsp://192.168.11.4:8080/ \
- > /storage/videos/screenstream.m3u
-</pre></blockquote>
-
-<p>Still bad image quality, though. But I did discover that streaming
-a DVD using dvdsimple:///dev/dvd as the source had excellent video and
-audio quality, so I guess the issue is in the input or transcoding
-parts, not the rtsp part. I've tried to change the vb and ab
-parameters to use more bandwidth, but it did not make a
-difference.</p>
-
-<p>I further received a suggestion from Einar Haraldseid to try using
-gstreamer instead of VLC, and this proved to work great! He also
-provided me with the trick to get Kodi to use a multicast stream as
-its source. By using this monstrous oneliner, I can stream my desktop
-with good video quality in reasonable framerate to the 239.255.0.1
-multicast address on port 1234:
-
-<blockquote><pre>
-gst-launch-1.0 ximagesrc use-damage=0 ! video/x-raw,framerate=30/1 ! \
- videoconvert ! queue2 ! \
- x264enc bitrate=8000 speed-preset=superfast tune=zerolatency qp-min=30 \
- key-int-max=15 bframes=2 ! video/x-h264,profile=high ! queue2 ! \
- mpegtsmux alignment=7 name=mux ! rndbuffersize max=1316 min=1316 ! \
- udpsink host=239.255.0.1 port=1234 ttl-mc=1 auto-multicast=1 sync=0 \
- pulsesrc device=$(pactl list | grep -A2 'Source #' | \
- grep 'Name: .*\.monitor$' | cut -d" " -f2|head -1) ! \
- audioconvert ! queue2 ! avenc_aac ! queue2 ! mux.
-</pre></blockquote>
-
-<p>and this on the Kodi end<p>
-
-<blockquote><pre>
-echo udp://@239.255.0.1:1234 \
- > /storage/videos/screenstream.m3u
-</pre></blockquote>
-
-<p>Note the trick to pick a valid pulseaudio source. It might not
-pick the one you need. This approach will of course lead to trouble
-if more than one source uses the same multicast port and address.
-Note the ttl-mc=1 setting, which limit the multicast packages to the
-local network. If the value is increased, your screen will be
-broadcasted further, one network "hop" for each increase (read up on
-multicast to learn more. :)!</p>
-
-<p>Having cracked how to get Kodi to receive multicast streams, I
-could use this VLC command to stream to the same multicast address.
-The image quality is way better than the rtsp approach, but gstreamer
-seem to be doing a better job.</p>
-
-<blockquote><pre>
-cvlc screen:// --sout '#transcode{vcodec=mp4v,acodec=mpga,vb=800,ab=128}:rtp{mux=ts,dst=239.255.0.1,port=1234,sdp=sap}'
-</pre></blockquote>
-
<p>As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
<li><a href="http://people.skolelinux.org/pere/blog/archive/2018/09/">September (3)</a></li>
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2018/10/">October (1)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2018/10/">October (2)</a></li>
</ul></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (386)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (387)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (23)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (54)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (55)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
projects / homepage.git / blobdiff