Collaborate Disseminate
Scenario A: Suppose I have an .exe file, the provider offers a sha1 txt file with hash value and this txt file is gpg signed. So I check if the hash value matches the exe file and then download the key either from the keyserver or directly… Continue reading Is it normal, that some companies just sign the txt file which contains the sha value of the program?
If I have DNS over HTTPS and DNS over TLS activated simultaneously (router has DoT activated and smartphone browser has DoH activated, so I see on https://1.1.1.1/help DoH: yes and DoT: yes), which one is used?
Continue reading What happens if both DoH and DoT are enabled?
Many downloads offer an OpenPGP signature, which can be used to verify the file, but if a hacker manages to manipulate the file, then he can also simply change the signature key, or not?
Continue reading Why trust a PGP signature if it is distributed along with the data being verified?