ARGYROU MINAS – WindowsTechs.com

Remote eIDAS Qualified Signatures: Control of Signature Activation Data

Posted on November 2, 2023 by ARGYROU MINAS

In eIDAS Remote Qualified Signatures, but also in other Remote-Signature Solutions, the cryptographic keys are held by the Remote Signature Provider. The user uses some method, e.g., a smartphone app, to allow the creation of a signature.
… Continue reading Remote eIDAS Qualified Signatures: Control of Signature Activation Data→

Microsoft Software Key Storage Provider for ECDH (Key Usage: keyAgreement) and for RSA encryption (Key Usage: keyEncipherment)

Posted on April 4, 2023 by ARGYROU MINAS

In the Windows Certificate Store, during a request creation, there are options given for the private key to be ECDH (Key Usage: keyAgreement) and for RSA for encryption only (Key Usage: keyEncipherment):

ECDH,Microsoft Software Key Storag… Continue reading Microsoft Software Key Storage Provider for ECDH (Key Usage: keyAgreement) and for RSA encryption (Key Usage: keyEncipherment)→

ECDSA_nistP384 vs ECDSA_secP384 vs ECDSA_P384 Microsoft Software Key Storage Provider (KSP) [duplicate]

Posted on April 4, 2023 by ARGYROU MINAS

The windows certificate store, during the creation of a request, gives the following options for the private key:

ECDSA_nistP384,Microsoft Software Key Storage Provider (KSP)

ECDSA_secP384,Microsoft Software Key Storage Provider (KSP)

… Continue reading ECDSA_nistP384 vs ECDSA_secP384 vs ECDSA_P384 Microsoft Software Key Storage Provider (KSP) [duplicate]→

ECDSA_bainpoolP512 vs ECDSA Microsoft Software Key Storage Provider (KSP) / ECDSA_nistP384 vs ECDSA_secP384 vs ECDSA_P384

Posted on April 4, 2023 by ARGYROU MINAS

During the creation of a certificate request through the Windows Certificate Store, at the options for the private key, there are the following options for choosing a KSP:

ECDSA_brainpoolP512,Microsoft Software Key Storage Provider (KSP)
… Continue reading ECDSA_bainpoolP512 vs ECDSA Microsoft Software Key Storage Provider (KSP) / ECDSA_nistP384 vs ECDSA_secP384 vs ECDSA_P384→

Certificate Propagation Service CertPropSvc immediately stops

Posted on March 10, 2023 by ARGYROU MINAS

Trying to use my smartcards, suddenly the certificates do not propagate. I try starting and restarting the Certificate Propagation Service, but it immediately stops.
An event is created in the Event Viewer "Application Error":

F… Continue reading Certificate Propagation Service CertPropSvc immediately stops→

How to implement challenge-response authentication using PKCS11

Posted on December 1, 2022 by ARGYROU MINAS

I have been searching for a way to use challenge-response over PKCS11, is that possible? I have found that it is possible for Windows Minidriver, but all the PKCS11 challenge-response protocols are custom and vendor defined.
How can someon… Continue reading How to implement challenge-response authentication using PKCS11→

Using USB Security Token with PIN-Pad for Secure PIN Entry [closed]

Posted on November 24, 2022 by ARGYROU MINAS

PIN-pad smartcard readers (class 2) for secure PIN entry exist, but I have only seen them for smartcards (that come in a card form factor) and they are both a PIN-pad and a card reader. Is there something analogous for USB security tokens … Continue reading Using USB Security Token with PIN-Pad for Secure PIN Entry [closed]→

Encrypting SNI and establishing TLS with two certificates

Posted on November 1, 2022 by ARGYROU MINAS

While looking at the proposed "solutions" for encrypting the SNI, I find that both ESNI and Encrypted ClientHello seem inadequate.
Why can’t there be two different certificates used, so that the server, upon initial contact can p… Continue reading Encrypting SNI and establishing TLS with two certificates→