JamesTheAwesomeDude – WindowsTechs.com

Does self-signed encryption certificate violate "no multi-use keys" principle?

Posted on December 5, 2023 by JamesTheAwesomeDude

Say that I have generated an RSA keypair, which I intend to publish only for use with RSA-KEM; I can see that this is provisioned for:

The intended application for the key MAY be indicated in the key usage certificate extension (see RFC 5… Continue reading Does self-signed encryption certificate violate "no multi-use keys" principle?→

What is the point of the “AES Key Wrap” algorithm?

Posted on May 11, 2023 by JamesTheAwesomeDude

What is the point of the “AES Key Wrap” algorithm prescribed for use with CMS-like contexts in IETF RFC 3394?
Just look at the algorithm (tacked on to the end of this post), informally, it smells a lot like a "home-brew" cryptosy… Continue reading What is the point of the “AES Key Wrap” algorithm?→

How do RSA smartcards prevent key exfiltration?

Posted on September 12, 2022 by JamesTheAwesomeDude

Extracting private keys directly from the card is nearly impossible. With some acid package destruction and electron microscope work, a skilled team, and enough time, money, and luck you can in theory extract keys but it involves not only… Continue reading How do RSA smartcards prevent key exfiltration?→

OCSP Must-Staple test website?

Posted on August 25, 2022 by JamesTheAwesomeDude

I’m interested in the status of OCSP respect in modern browsers (particularly the one I’m using right now).
Is there any website that will allow me to test how my browser treats the status_request SecurityPolicy?
I know that you can use SS… Continue reading OCSP Must-Staple test website?→

What measure (if any) does HTTPS use to hide the request path length?

Posted on May 30, 2022 by JamesTheAwesomeDude

I really, really thought I remembered seeing the existence of some standardized header or TLS packet whose purpose is to (try to) hide the length of the requested URL from an eavesdropper. But I cannot find anything about this at this time… Continue reading What measure (if any) does HTTPS use to hide the request path length?→

What is the PKCS#7 detached signature format?

Posted on May 22, 2021 by JamesTheAwesomeDude

This website claims that (emphasis added):

In PKCS#7 SignedData, attached and detached formats are supported… In detached format, data that is signed is not embedded inside the SignedData package instead it is placed at some external loca… Continue reading What is the PKCS#7 detached signature format?→

How to encode a public key in PKCS#8?

Posted on May 19, 2021 by JamesTheAwesomeDude

RFC5958 defines a set of enhancements to the PKCS#8 key serialization format, bumping the version field up to 1 and additionally permitting serialization of public keys for arbitrary asymmetric cryptographic algorithms.
OneAsymmetricKey ::… Continue reading How to encode a public key in PKCS#8?→

Non-TLS-authoritative ZSKs?

Posted on November 30, 2018 by JamesTheAwesomeDude

Under DANE, the digital chain of trust goes (roughly):

[Public visibility of the ceremony for the generation of the]
ICANN Root Zone Key, which
something something involving the TLD authorities and registrars, which culminates in validat… Continue reading Non-TLS-authoritative ZSKs?→