Getting mail server certificate fingerprint for use in offlineimap with openssl

Happy new year 2020! We now officially live in the future!
Make it a good one!

And yeah, it’s been a long time since my last post. Lot of stuff happened that I might one day write down here. But for now I’m happy to be writing again and I hope to write more on a regular base. Not just coding related stuff, but let’s see…

Now back to topic:

I now switched back to using offlineimap for all my mail accounts with mu4e.

For configuring ssl with servers you need to have their cert fingerprint. For e.g. my icloud this looks something like this:

[Repository me-remote]
type = IMAP
remotehost =
remoteuser = ...
remotepasseval = get_keychain_pass(account="", server="")
realdelete = no
maxconnections = 1
ssl = yes
cert_fingerprint = ?
sslcacertfile = /usr/local/etc/openssl/cert.pem

But how do I find out the cert fingerprint ?

Well we can here use openssl for the rescue.
First find out the server domain and the port for you mail.
For e.g. my iCloud Account, accoding to this looks like.

IMAP-Informationen für den Posteingangsserver

  • Servername:
  • SSL erforderlich: Ja
  • Port: 993

So we can query openssl with this command:

SSL_CERT_DIR="" openssl s_client -connect < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -text -in /dev/stdin

The output can be quite long for some pages but we are only intereseted in the first lines which look like.

SHA1 Fingerprint=E1:A5:F9:D2:2A:81:09:79:CA:CD:FC:0B:41:51:F5:61:E8:D0:29:76
Version: 3 (0x2)
Serial Number:
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Apple IST CA 2 - G1, OU = Certification Authority, O = Apple Inc., C = US

Now replace all colon in the fingerprint and add it to the offlineimaprc file.


After creating an app specific password within my apple account, I can use offlineimap with it.

mcrypt and PHP, on Mac OS X Snow Leopard 10.6.4

I found this great tutorial on how to install mcrypt into php under OS X 10.6.1
Works like charming with OS X 10.6.4 and PHP Version 5.3.2.

mkdir src
cd src
tar xzvf php-5.3.2.tar.bz2
tar xzvf libmcrypt-2.5.8.tar.gz
cd libmcrypt-2.5.8
MACOSX_DEPLOYMENT_TARGET=10.6 CFLAGS='-O3 -fno-common -arch i386 -arch x86_64' LDFLAGS='-O3 -arch i386 -arch x86_64' CXXFLAGS='-O3 -fno-common -arch i386 -arch x86_64' ./configure --disable-dependency-tracking && make -j6 && sudo make install
cd ../php-5.3.2/ext/mcrypt
MACOSX_DEPLOYMENT_TARGET=10.6 CFLAGS='-O3 -fno-common -arch i386 -arch x86_64' LDFLAGS='-O3 -arch i386 -arch x86_64' CXXFLAGS='-O3 -fno-common -arch i386 -arch x86_64' ./configure --with-php-config=/Developer/SDKs/MacOSX10.6.sdk/usr/bin/php-config && make -j6 && sudo make install
echo "Completed install, now make sure to edit your php.ini"
echo "and check for \"enable_dl = On\" and add \"\"" to the dynamic extentions"

This is the little bash script I wrote according to his tutorial. This comes without any warranty!!!
Be aware that you have to enter your root password twice while installing this script.

Big Thanks to Michael Gracie

Atbash Cipher

Just al little python script for preforming a Atbash encryption (roman alphabet). This type of cipher is older than Caesar cipher
Maybe you can use it.
-> Wikipedia article

clear="abcdefghijklmnopqrstuvwxyz 1234567890"
for i in sys.argv[1].lower():
print c


$ ./ "This Is A Little Test"
$ ./ "$(./ "This Is A Little Test")"
this is a little test

hexadecimal xor de/encryption

Here’s are 2 little scripts I wrote today for encoding/decoding XOR encrypted text.

Script 1 ( takes a string/text and a integer key value. Then it preforms and xor encryption on the string with the given key.

import sys
#Copyleft m.puchalla 2010                                                                                                                                                                     
#Preforms a XOR Encoding with a specific string and returns a hexadecimal representation of it                                                                                         

    print "Usage:",sys.argv[0]," [String] [integer key]"

def baseN(num,b,numerals="0123456789abcdefghijklmnopqrstuvwxyz"):
    return ((num == 0) and  "0" ) or ( baseN(num // b, b).lstrip("0") + numerals[num % b])

for i in range(0,len(s)):
print sol


$ ./ "this is a little test" 25

Here’s script number 2 ( which simply reverses the process.

import sys
#Copyleft m.puchalla 2010                                                                                                                                                                     
#Decrypt a hex xor coded string with a key                                                                                                                                             

    print "Usage:",sys.argv[0]," [XOR Code String] [integer key]"

def baseN(num,b,numerals="0123456789abcdefghijklmnopqrstuvwxyz"):
    return ((num == 0) and  "0" ) or ( baseN(num // b, b).lstrip("0") + numerals[num % b])

for i in xrange(0,len(s)-1,2):
print sol


$ ./ "6d71706a39706a39783975706d6d757c396d7c6a6d" 25
this is a little test

If you like it, use it.

synergy, ssh and port forwarding

How to use synergy over ssh with a gateway server, or
How to make port fowarding over a gateway ?

Ok then, someone last week showed me the great tool “synergy”. With it, two ore more computers can be controlled by one keyboard and one mouse. So that’s nothing new.
The nice thing is that if you move your mouse over the boarder of screen 1 if will appear on screen 2 just like this screen was connected to your computer.
It’s working great and I wanted to have this everywhere my MacBook goes.
Setup and Config is real easy and descibed at

The problem is that it’s build upon a server client architecture and you need to have a direct connection between your server and your client. Yes well that should be no problem but I’m working in an office where the networks for hosted computers and the computers ones bring in  are seperated. The only option to get a connection from my macbook to the linux machine I’m sitting right next to, is a connection over a gateway Server that’s somewhere else.
So ssh from my macbook -> gateway
and then from gateway -> to office local linux box
But if i do it this way I won’t be able to establish a direct connection. After some research on the net I came up with this:
Box1 = MacBook
Box2 = Gateway Server
Box3 = office linux box

1st of all start the Server on Port 8033 (or sth. else), Type this on bash in BOX3

synergys -a localhost:8033 -f –config ../conf/synergy.conf

then make a port forwarding from Box2 port 8033 to Box3 port 22. Type this on bash in BOX1

ssh -L 8033:BOX3:22 cb0@BOX2

Then make a port forward from localhost port 24810 to port 8033 on localhost which redirects us directly to Box3. Type this on bash in BOX1

ssh -p 8033 -v -f -N -L localhost:24810:localhost:8033 cb0@localhost

Now on Box1 type this to connect synergy to localhost on port 24810 which redirects it to Box 3.

./synergyc -f localhost:24810

thats it.
Hope you enjoy your new productivity with synergy 😉

A nice project I thought of was to teach my macbook to atomatically connect to a specific server dependent on the enviroment i’m in. This should somehow be possible using apple script but at the moment I have no Idea how.

recover zip password under os x

Marc Lehmann has written a zip Password cracker similar to fzc or zipcrack. It can be used to either bruteforce or try a dictionaty attack on a password protected file.
It’s called fcrackzip and can be found here.
Just follow the instruction given in the Readmefile and compile it. This work’s great for me under 10.5.6 as long as you have X Code installed.

Here’s how I use it:

fcrackzip -b -c aA1 -l 6-8 -v -u

-b : bruteforce the password
-c : use the following character classes for cracking:

a    use all lowercase character
A   use all uppercase character
1    use all digits

-l 6-8 : Try passwords between 6 to 8 characters in length
-v be more verbose (this will print out the actual used password)
-u : Try to decompress first file in with the generated password.

And when the output starts with ‘PASSWORD FOUND!!!!: pw ==’, I’m happy.

For more command line options see the project page under