So this is my (Jens B. Jorgensen's) weak home page. There is an odd assortment of things here.
My PGP Key.

PGP Key Update

Per recommendations I am transitioning to a new PGP key. I have written a statement to this effect, signed with my previous key, here. My new keys have been uploaded to pgp.mit.edu and also to the PGP Global Directory.


NTAuthUser

I wanted an ActiveX object which will perform NT user authentication . Not a big deal eh? I didn't want to call LogonUser for plenty of good reasons, the most prominent of which is that this function LogonUser is really meant for doing what it says: changing the security context of the process to the user whose credentials you present. This also assumes that the user has privileges to log on to the box. So, I checked out some information supplied by Felix Kasza [MVP] <felixk@mvps.org> and wrote a C++ COM object that does this using the NT SSPI. I have made the source available under the GPL and you can also download the binary. 

Download Source plus compiled DLL

Later on I wanted to authenticate NT users from Java on a *nix box. How to do this? CORBA naturally. I wrapped my same code used above into a CORBA server. All I had to do then was take the IDL for this service to generate Java client code. It works great. I don't have the source up here because I just never got around to it but if you're interested in it I'll be happy to email it to you. I used omniORB to build this server.


pyRegistry

I've written a Python 2.X extension module for windows that gives you object-oriented python-style access to the Windows Registry. Highlights:

Download the latest source (gpg signature) or Python 2.5 binary install (gpg signature) or Python 2.6 binary install (gpg signature) or Python 2.7 binary install (gpg signature) or Python 2.7 amd64 binary install (gpg signature).

Check out the Documentation for this module to get the whole skinny.

2014-02-07 update: Python 2.7 binaries & signatures.

2011-03-17 update: Python 2.6 binary & signature.

2008-02-06 update: Python 2.5 binary & signature.

2004-12-21 1.0.5 Built a new version for Python 2.4. I have also included a new feature that let's you iterate through pyregistry object. The iterator returns just the subkeys. This function uses the RegEnumKey function, so if there are a lot of keys this may be better than calling getKeyNames() which constructs the whole list before returning it to you.

2004-08-18 Well, the last release changed the documentation so that getSubKeys was renamed to getKeyNames. The only problem was that the code actually implemented getSubKeys. Well, now there's a new release that fixes this. The code now has getKeyNames and also has getSubKeys although calling getSubKeys causes a deprecation warning that it will be removed in a future version.

2004-08-11 update: fixed some documentation discrepancies and re-rolled as version 1.0.3 with python 2.3 binaries available. Download. (PGP Signature of binary installer.)

2004-01-13 update: built binary installer for Python 2.3. Note source rev is now 1.0.2 but at this moment I can't remember what changed from 1.0.1. Download. (PGP Signature of binary installer.)

2002-08-09 update: Tim Lewis reported a bug to me where calling reg.getValue('valname') where valname contains a zero-length REG_SZ would crash Python. This bug has been fixed. The new version is 1.0.1 and is available in source plus a binary version built for Python 2.1.


pgpmsg.py

There was a point where I was determined to evangelize people to use PGP encryption for email. (I've since given this up and instead evangelize people to use S/MIME encryption for email.) In keeping with this goal I wanted to write an openldap backend that would act as a pgp keyserver. The previous free version of the PGP program (and perhaps the current gpg software?) had the ability to talk to an LDAP server and do queries. That seemed much cooler than doing a plain old HTTP (HKP) implementation. I looked at the messages my pgp software was sending and receiving from an existing server and I soon discovered that in order to do this right (I didn't want the server to have to run 'gpg') I was going to need to parse OpenPGP messages. I opened up the RFC and set to work and wrote this thing. I offer it here for anyone who'd like to use it. It is offered under the GPL license. The ldap backend was completed as well though unfortunately I don't know whence it has gone. It wasn't a lot of code but it did more importantly understand the attributes that the pgp client wants (doesn't seem to be documentation about this).

Source: http://www.ultraemail.net:8000/~jbj1/pgpmsg-1.0.zip (signature)


pgp2freeswan

I don't know if this utility is useful or not. Supposedly you should be able to use PGPNet with FreeS/WAN for IPSEC. The usual instructions for setting up with PGPNet to FreeS/WAN say that you should use the shared key. This didn't work for me. Then, someone on the list said that you could use PGP authentication with FreeS/WAN but you had to be able to get the PGP Public Key and put it into the format expected by ipsec.conf's leftrsasigkey . I was intrigued so I went ahead a wrote a python script that would do this. Fortunately I already had a Python module I wrote that could parse PGP messages so that it was easy to get at the components of the pgp public key 'certificate'. Then it was just a matter of formatting it according to the FreeS/WAN specs. You can download the source here


mpeg_edit
I have written a handful of programs that let you "edit" mpeg2 video. These tools are meant to be companion tools to the mjpegtools suite. Grab them here.
Home Brewing

I am a home brewer. That is, I brew my own beer at home. Homebrewing is fun, legal (in most states in the US), not too expensive and is an easy way to drive your spouse insane if you play your cards right. I've got a lame page here that shows some pics of my setup.
PyCY

This is a binary Python extension that encapsulates Windows CY values. CY values are actually 64-bit signed integers that are implicitly scaled by 10e4, ie. you can store fixed-point decimal numbers with 4 digits after the decimal point. In Python when you get one of these back from a COM method it returns a tuple of two integers. This is generally not very useful, especially if you think that you can turn around and assign this to some other COM object's property and expect that it will do the right thing (get the value as a CY value) 'cause it won't.

This Python extension DLL doesn't solve the whole problem because since the COM extensions for Python don't have any way of passing these values in their full 64-bit glory (as near as I can tell) there are some numbers you just wouldn't be able to set.  This extension will at least though allow you to manipulate these values. It has full Python numeric type support (you can add, subtract, multiply, etc). It converts to and from a variety of types. I think there are probably a few more features needed.

You can download the source here. The  zip includes the cpp and a setup.py file which works with distutils to make building this extension quite easy. If you don't have a compiler (if you need this I bet you do!) you can email me and I can send you a compiled version.


pkcs11

PKCS11 is a standard for a programming API that can interact with a cryptographic token. PKCS11 encompasses a fairly wide range of cryptographic functions: managing keys, encrypting, signing, etc. In fact, the Mozilla Project includes a PKCS11 module (shared library) which the Firefox browser uses.

I myself am interested in PKCS11 because I have a hardware encryption token (Dallas Semiconductor Java iButton) and a PKCS11 module is available to talk to it. I created a Python module so I could directly manipulate the iButton. I have not wrapped the entire PKCS11 interface but I have done enough that I can decrypt and check the signature for an s/mime email. I should note that my script to do this also utilizes an openssl wrapper, pow, in order to perform the decryption, etc. as the DS pkcs11 module doesn't implement all the cryptographic functions needed. I have also used my module to directly use the mozilla pkcs11 module (the Personal Security Manager) and I could have used that to do full s/mime operations but I haven't done that yet since I initially wasn't able to get the wrapper working with the Mozilla module due to their "extensions". If you're interested in doing full s/mime stuff in Python you can email me for the scripts etc. necessary to get you up and running.

The current version is 1.0.4. Documentation for the module is here. A dist-utils-type source package is here, Windows binaries for Python 2.3 (sig), 2.4 (sig), 2.5 (sig), 2.7 (sig), 2.7 64-bit (sig). A test/example script (pkcs11test.py) is included in the source and binary distributions.



NetBIOS Name Resolution (in Linux)

At one point I wanted to be able to find out what the names of Windows boxes where if I only knew the IP address (on a Linux box). That was possible from Windows boxes so I was determined to do this from Linux. So, I looked up the relevant RFCs (rfc1001 , rfc1002) and started coding up some C++. It turns out that this wasn't so hard to do. Though it runs on a different port, NetBT (the technically correct name for NetBIOS over TCP, which is how Windows boxes communicate on an IP network and is not the same or even close to NetBEUI) name service packets use the same packet format as DNS requests but just with different op codes and result codes in them. Also, the NetBIOS name must be formatted specially since it case-insenstive, can have spaces, and has a special TYPE byte with it. At any rate I was quickly able to put together a command-line program that would do some interesting things. It would get you the name of the machine if you passed the IP address. Further, it would get all the names the machine claimed to have given an IP address (Windows boxes can and do register many interesting names). Some of you may be thinking "Hey, this guy's an idiot, the Samba utility nmblookup can do all this stuff!" but guess what, it couldn't at the time I wrote it. Now it can do all this stuff, except do like my nmb-proxy. Additionally there may still be people who don't want to have the whole samba installed and just want to do netbios-ns name resolution.

So was I satisfied and stopped there? No, of course not. Once I was getting windows names with my new command-line program, I thought: Hey, I can use /etc/nsswitch.conf to make my built-in libc name resolution use /etc/hosts, DNS, and NIS, so why can't I build in my NetBIOS resolution to? So that's just what I did. I built the necessary shared libs in the right way so a little edit of /etc/nsswitch.conf and /etc/nss_wins.conf and you're off and running. This works for forward and reverse lookups and can be configured to use WINS servers. You'll have to check the naming of the shared libs on your system to make sure it all works right.

As an aside, the right way to handle NetBIOS name resolution would be to have a daemon that would let programs running locally register names. The Samba nmbd would seem to be the right place/way to do this but they don't seem to be going this direction yet.

Anyway, this stuff is available in source form and should compile on your linux box if you have a c++ compiler. Download it here.

Jens B. Jorgensen
jbj1@ultraemail.net
Last updated Feb 7, 2014