Collaborate Disseminate
If it comes to the security a hashing or encryption algorithm provides, we never know the full story. There’s that part that we (respectively the public research) understand and can reason about, but we also know that there might be weakne… Continue reading Do you rather trust a widely adopted algorithm or an underdog if they’re cryptoanalytically on a level playingfield?
Let’s say Alice has three secrets: SecretA, SecretB, SecretC
Alice shows these three secrets to Bob and gets a single signature from him that signs all three secrets together. Something like
Signature = Sign(Hash(SecretA, SecretB, SecretC)… Continue reading How to sign multiple data sets with a single signature, so that it can be validated for single data set without requiring the rest of the data?
I have two sha256 hashes as hex strings
HASH1=b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c
HASH2=7d865e959b2466918c9863afca942d0fb89d7c9ac0c99bafc3749504ded97730
now I want to create a new SHA256 that depends on these … Continue reading OpenSSL: best way to get sha256 hash of two sha256 hashes
the purpose of adding trusted timestamps to signatures is so that they can be considered valid long beyond the validity of the signing certificate.
However, this is not so easy, since TSA’s signing certificate has an expiration date too or… Continue reading What’s the PROPER way to validate a signature timestamp?
So x9.95 seems to be a trusted timestamping scheme built on top of RFC3161.
I couldnāt find a good definition though how it differes or what additional constraints it imposes.
Can someone list the (technical) constraints that a x9.95 syste… Continue reading What are the main constraints x9.95 imposes on RFC3161
I’d like to test some code that should be compatible with both RFC5816 (https://www.ietf.org/rfc/rfc5816.txt) as well as RFC3161 tokens. The problem is that all timestamping services that I found so far which serve RFC5816 tokens (which us… Continue reading Looking for an RFC5816 token that does not use default hashing algorithm
RFC3161 specification (https://www.ietf.org/rfc/rfc3161.txt) section 4. "Security Considerations" states:
1. When a TSA shall not be used anymore, but the TSA private key has
not been compromised, the authority’s certifi… Continue reading RFC3161: should tokens for which intermediate certificates were revoked without ReasonCode be deemed invalid?
I have the following X509 certificate in PEM format:
—–BEGIN CERTIFICATE—–
MIIHsTCCBZmgAwIBAgIQKopxYDq6VHRa7GfyxvV6hjANBgkqhkiG9w0BAQsFADCB
tzELMAkGA1UEBhMCQ0gxHjAcBgNVBGETFVZBVENILUNIRS0yMjEuMDMyLjU3MzE+
MDwGA1UEChM1QnVuZGVzYW10IGZ1… Continue reading OpenSSL: how to download full certificate chain
So, RFC5816 https://www.ietf.org/rfc/rfc5816.txt changes the specification of RFC3161 https://www.ietf.org/rfc/rfc3161.txt
RFC3161 specifies the ‘version’ field in TSTInfo to be set to 1
Why does RFC5816 not change the value of this field?… Continue reading Why does RFC5816 not change the version number defined in RFC3161
If I have a Timestamp token, then the signing certificate for the token is identified via the ESSCertID (for RFC3161 tokens) or the ESSCertIDv2 (for FC5816) of the signing certificate, which is the SHA-1 (in the case of ESSCertID) or some … Continue reading OpenSSL cli: how to extract ESSCertID or ESSCertIDv2 from SignerInfo of timestamp token