Collaborate Disseminate
I am planning on making a basic groupchat application only for me and my colleagues. It needs to be as secure and anonymous as possible without leaving any fingerprints. Already existing applications cannot be trusted.
This is how I would … Continue reading Implementing a anonymous encrypted peer-to-peer chat [closed]
My general understanding is that in server-only TLS, the connection establishment proceeds like so:
Client opens a TCP connection to the server, passing SNI and other data such as supported ciphers/etc.
Server sends back its certificate c… Continue reading How much data is signed during TLS handshakes?
Our product stores voucher data in a database.
These voucher data can be retrieved with our app to display a voucher that can be used for payments.
Obviously, these voucher data are extremely sensitive because who ever gets access to them … Continue reading Asymmetric crypto algorithm for encryption with hardware token
I am trying to develop a scheme for publishing a message to a group of recipients. Any recipient needs to be able to verify who the message was sent by.
There may be tens of messages generated each second, and the senders may be low power,… Continue reading Write message that can be verified by any member of a group
My understanding is that, when you connect to an HTTPS website, the communication is encrypted via asymmetric encryption, therefore private and public keys play a role there. My assumption there is that I, the user, own the private key.
My… Continue reading Consequences of stolen TLS private key
Sorry for the basic question, I’m still wrapping my head around the ins and outs of SSL and asymmetric encryption. In order to better test my understanding, I was considering the following thought experiment:
Given a CA is responsible for … Continue reading Could a trusted CA pretend to be me and run a MITM? [duplicate]
Alice has a password that she would like to use for decryption. Alice isn’t able to store any other information, but she has access to any program/mechanism you choose.
How can she create an encryption key for Bob, so Bob will be able to e… Continue reading Create encryption key from decryption key (password)?
I know it’s possible with ECDSA. How bout RSA?
Continue reading Can we extract public key from signature created by RSA? [migrated]
Lets say Bob wishes to communicate with Alice.
Alice’s public key is useless to Bob unless he can prove that the public key came from Alice. To do this, Bob and Alice can establish a secure channel to exchange Alice’s the public key, but t… Continue reading Does public key cryptography provide any security advantages, or even just a different security model, over symmetric cryptography?
My goal is to use JWE with hybrid encryption (ECDH+AES) for exchanging sensitive data with another party. However, the example code I can find for various Java libraries doesn’t match my understanding of how ECDH or asymmetric encryption w… Continue reading How does JOSE/JWE make use of ECDH when encrypting/decrypting messages?