PEM encoding is a commonly used format to store and transmit cryptographic keys. Typically these keys are PEM encoded as ASN.1 DER data for SEC 1, PKCS #1, PKCS #8, PKIX, or X.509 certificates.

JSON Web Keys (JWK) are another popular way to represent cryptographic keys and metadata. Notably, OAuth 2.0 and OpenID connect use JWK Sets to communicate cryptographic keys for authentication and authorization.

I have updated my JWK Set Golang GitHub project to include an open-source website to convert between these formats. You can find this website deployed to jwkset.com, linked below.

The website and project aim to be the most complete implementation of a JWK Set possible using the Golang standard library.

Home - JWK Set

The JWK generator accepts PEM encoded assets, including certificates. It can also create new keys from the selected options.

The JWK inspector validates and extracts the key material to PKIX (public key) and PKCS #8 (private key) formats.

If you are working with private key material, self-host this website with the below Docker command. Then visit http://localhost:8080

docker run --rm -p 8080:8080 micahparks/jwksetcom

Alternatively, use the jwkset CLI tool to convert between PEM and JWK. Install it with the Golang toolchain:

go install github.com/MicahParks/jwkset/cmd/jwkset@latest

Use the CLI tool to turn PEM encoded assets into a JWK Set:

jwkset mykey.pem mycert.crt

I hope these tools have helped you convert between PEM encoded keys and JSON Web Keys. If you have other JWK Set needs, be sure to check out the GitHub project for a JWK Set client and related projects.

Edit:

Bluesky has removed the waitlist. Anyone can sign up now.

Bluesky (@bsky.app)

Bluesky’s waitlist is broken, but you shouldn’t pay for a invite code!

Table of Contents:

• Introduction and hustlers/scammers
• Where to find free Bluesky invite codes
• Conclusion

Introduction and hustlers/scammers

Elon Musk’s X (Twitter) is in decline, yet no competitor has emerged victorious in capturing its fleeing user base. The competitors with the widest name recognition appear to be Instagram Threads, Mastodon, and Bluesky.

Bluesky is particularly interesting because it started as a project internal to Twitter, but became an independent entity this year. Contrary to other popular social media platforms, new user sign-up is restricted to a seemingly never-ending waitlist and invite codes from existing users.

The Bluesky waitlist is opaque, meaning once you sign up for the waitlist, you get no information about when you will get off the waitlist. Most people on the waitlist, including myself, complain about being on the waitlist for upwards of six months with no end in sight. Existing users get to invite one new user per week with an invite code.

This makes Bluesky invite codes a relatively scarce resource that hustlers and scammers are capitalizing on. A prime example of this is the subreddit called r/blueskyinvites. Do not bother with this subreddit. There’s no real guarantee that you will receive an invite code.

This subreddit is primarily focused on making you pay directly for an invite code or redirecting you off-platform to pay for access to a Discord server.

Unfortunately, the person running this operation has excellent SEO. The next result on Google for “Bluesky invite code” is this same hustler/scammer community here on Medium. Do not bother paying to join a “community” of people “paying it forward”. People in this community are paying a hustler to join Bluesky or simply getting ripped off by a scammer.

Where to find free Bluesky invite codes

The first place to start is with the official waitlist or your personal network of friends that may already be on Bluesky. If you don’t like those options, here are some ways to get a Bluesky invite code for free today:

• Mastodon’s #bluesky and #blueskyinvite tags
• r/BlueskySocial via megathread comments and DMs

I got my Bluesky invite code on Mastodon’s #bluesky tag. I saw people were politely asking for invite codes and receiving them, so I drafted the below post:

I’m looking to check out #bluesky. Does anyone have an invite code they’d be willing to share with me? Thanks! 😄

But I never had to post that message. I scrolled through the existing messages and people are simply posting their invite codes for free. It took less than 5 minutes after looking for free Bluesky invite codes on Mastodon. Here’s what my interaction was like:

If you do this too, make sure to comment with a thank you if you end up using a posted code. This will let other people know it’s taken and it is a courtesy to the person posting it.

The subreddit r/BlueskySocial is also an option. There is a megathread about giving invite codes away for free. It looks like this happens primarily through the comments and DMs. You can find the latest megathread here. It is against the rules of this megathread to to sell invite codes.

After you have an invite code, head over to https://bsky.app/ to sign up. It didn’t take me long to find a free Bluesky invite code. With this guide, I hope it takes less than 10 minutes for you.

Conclusion

The exclusive nature of Bluesky invite codes makes them seem enticing, but don’t pay a hustler/scammer for a code that may or may not work. In my opinion, the Bluesky experience isn’t currently worth the time it takes to sign up for an account. Paying money to join will likely lead to disappointment in multiple ways.

That being said, I’ll drop my own Bluesky invite codes in the comments as I get them. That is, until I get bored with it 😄

A cheapskate’s guide to obtaining unlimited incoming and outgoing email addresses for a domain you own.

Requirements

In order to have unlimited incoming email addresses you will need:

• A domain registrar with catch-all forwarding (Ex: NameCheap)

In order to have unlimited outgoing email addresses you will need:

• Edit access to your domain’s DNS records
• An AWS account
• Ability to use git
• Ability to use Docker Compose

This guide is split into three parts:

1. Introduction
2. Unlimited incoming
3. Unlimited outgoing

Introduction

I have personal and business domains. For professionalism, I prefer to send and receive business emails from an address linked to the business’ domain. On the personal side, it’s nice to shield my Gmail account when dealing with untrustworthy sources. For example, under Florida law, email addresses are public record. Scammers use these public records to make email lists. When interacting with the state government, I use a unique Florida-specific email from my personal domain to track the source of incoming messages. Typically, emails sent to this address are spam, making them easy to filter out.

I’ve been using the solution described in this guide to achieve unlimited incoming and outgoing email address for about a year. Other than domain registration fees, I have yet to be charged even a penny. After my AWS free tier has expired, I anticipate the bill being $0.10 per month. This guide’s solution is aimed at achieving these goals for an individual extremely cheaply without the need to host a mail server.

Before continuing with this guide, please know that high quality services like Google Workspace or AWS Workmail can solve this, but these solutions can be pricey and typically charge per email address.

Another route is to self-host an email server. Even for the technically minded, this nightmare consists of high maintenance costs and email deliverability issues.

This guide’s solution is to use domain registrar email forwarding for incoming emails. For outgoing emails there is an open source AWS SES client web interface that can be run from a personal computer.

AWS SES is Amazon Web Service’s Simple Email Service. It’s one of the cheapest, if not the cheapest, programmatic email sending services. At the time of writing this guide, it is 10 cents to send 1,000 emails. AWS SES removes the need to maintain an email server and worry about deliverability problems.

Unlimited incoming

If you own a domain, it’s relatively simple to forward all incoming email to a single email address using a catch-all. The email address can be any address, I use my personal Gmail.

Here’s how to enable a catch-all email for a domain hosted on NameCheap:

Log into NameCheap and navigate to the Domain List page. Click to manage the domain. This will redirect you to the Domain Details page. On this page, reference the below screenshot to find the button to add a catch-all address. This screenshot has the ADD CATCH-ALL button grayed out because there is already a row containing a catch-all.

Now, any email sent to any address at this domain will be automatically redirected to example@gmail.com. For example, any email sent to john.doe@example.com or jane.doe@example.com will end up in the inbox of example@gmail.com.

This does not allow emails to be sent from any address at this domain, yet. In order to set that up, continue on with this guide.

Unlimited outgoing

Set up AWS SES

You must have an AWS account with SES enabled to use the method described in this guide. Instructions for setting this up may change over time. So in order to future-proof this guide, here is a link to the AWS documentation’s guide on this.

After SES is enabled and setup, create a verified identity for your domain. This will require editing the DNS records for your domain. The SES web interface that is about to be introduced will also work with single email addresses, provided they are verified identities.

Set up the SES client web interface

Before setting up the SES client web interface, ensure you have the latest version of Docker Compose installed. Docker Compose is now bundled with Docker, which is included in Docker Desktop.

Here are Docker Desktop installation links for:

• MacOS
• Windows

On Ubuntu or other Linux distributions,, I recommend the Docker CLI installation.

After the latest version of Docker Compose is installed, it’s time to install the open source AWS SES client web interface. The project is located at https://github.com/MicahParks/aws-ses-web-ui. Clone the repository to your personal computer.

git clone https://github.com/MicahParks/aws-ses-web-ui.git

In the root directory of the project, create a new file called config.json. Edit the below JSON and write it to config.json:

• Replace @example.com with your domain preceded by an @ symbol.
• A default address to send emails from.
• Your AWS credentials.

Remember your AWS credentials are highly sensitive, do not share them with anyone else.

{
  "aswu": {
    "allowedFrom": [
      "@example.com"
    ],
    "defaultFrom": "John Doe <john.doe@example.com>"
  },
  "ses": {
    "awsRegion": "us-east-1",
    "accessKeyID": "my-access-key-id",
    "secretKey": "my-secret-key"
  }
}

After the config.json file is complete, run the docker-compose.yml file. To do this via the CLI, run the following command:

docker compose up

Once the containers are running, visit http://localhost:8080 to be greeted with the AWS SES client web interface. Use this simple web form to send emails from any of your verified identities.

Further improvements to this project could include using a persistent PostgreSQL database. The Docker Compose configuration is not sufficiently persistent. The web form only supports text based emails without attachments. Adding support for HTML and attachments would also be an improvement.

Hosting this project on the public internet should only occur if there is an advantage over running the project on a personal computer. Proper encryption and authentication is essential. For a simple solution, I would recommend a TLS reverse proxy with basic HTTP authentication using a strong password.