asymmetric – Page 2 – WindowsTechs.com

Does public key cryptography provide any security advantages, or even just a different security model, over symmetric cryptography?

Posted on June 12, 2023 by David Davidson

Lets say Bob wishes to communicate with Alice.
Alice’s public key is useless to Bob unless he can prove that the public key came from Alice. To do this, Bob and Alice can establish a secure channel to exchange Alice’s the public key, but t… Continue reading Does public key cryptography provide any security advantages, or even just a different security model, over symmetric cryptography?→

How does JOSE/JWE make use of ECDH when encrypting/decrypting messages?

Posted on May 7, 2023 by ceaaj

My goal is to use JWE with hybrid encryption (ECDH+AES) for exchanging sensitive data with another party. However, the example code I can find for various Java libraries doesn’t match my understanding of how ECDH or asymmetric encryption w… Continue reading How does JOSE/JWE make use of ECDH when encrypting/decrypting messages?→

Practicalities, implementation, and weaknesses of simple symmetric encryption for plain text files

Posted on March 26, 2023 by user291052

For about 20 years, I’ve been using gnupg to encrypt a plain-text file containing my passwords. (The actual per-site passwords are generated using a hash function.) It’s worked OK for me, but gnupg is a very heavy-weight system that’s real… Continue reading Practicalities, implementation, and weaknesses of simple symmetric encryption for plain text files→

Is SRP/PAKE equivalent to an asymmetric crypto challenge?

Posted on March 14, 2023 by Dolda2000

As an amateur cryptographer and professional slowpoke, I just learned about SRP (and other PAKE protocols), and my thoughts immediately wandered to asymmetric crypto challenge protocols, like WebAuthn(/Passkeys/FIDO/CTAP, whatever the name… Continue reading Is SRP/PAKE equivalent to an asymmetric crypto challenge?→

Is it possible to generate a read-only key for a symmetrical encryption (AES)?

Posted on March 13, 2023 by Koray Kaya

I am working with hardware that can only encrypt with AES. The problem with this is that the message must be publicly verifiable on the blockchain, without the encoding key being exposed. This is the textbook use-case for asymmetrical keys… Continue reading Is it possible to generate a read-only key for a symmetrical encryption (AES)?→

Does jwt with asymmetric algorithm have a bad performance?

Posted on February 21, 2023 by Yves

I’m using Envoy as the gateway of my micro-service backend.
Envoy provides me the JWT mechanism, which means that with the help of a public key, Envoy can validate tokens generated with a private key.
It works as expected. However, my coll… Continue reading Does jwt with asymmetric algorithm have a bad performance?→

Asymmetric encryption in case of multiple parties

Posted on February 14, 2023 by Berlin Brown

For the consumer of the API to send and receive, encrypt and decrypt into that same API, wouldn’t the client consumer also have to have the same public and private key as the server that provides the API?
Let’s say the private key for the … Continue reading Asymmetric encryption in case of multiple parties→

Using asymmetric encryption as authentication over HTTP?

Posted on January 30, 2023 by David Fischer

I’ve read questions targeting the usage of basic authentication over HTTPS. Since the connection is already secure, except e.g. a compromised certificate, communication should be rather safe.
But I work in a research project where HTTPS mi… Continue reading Using asymmetric encryption as authentication over HTTP?→

What is the best way to protect public keys sitting on server against MITM attack with this zero-trust & end-to-end secure structure? [closed]

Posted on January 24, 2023 by RobbB

This one is a handful to describe. I’ve got on offline first stricture, server is only used for client database sync. This is a zero-trust structure. I don’t care how secure my BaaS provider is, how secure my server is or who my threat act… Continue reading What is the best way to protect public keys sitting on server against MITM attack with this zero-trust & end-to-end secure structure? [closed]→

Key management: Can I delete private key in asymmetric encryption?

Posted on January 7, 2023 by vbuser2004

If using asymmetric encryption, such as ES256, is there a reason why a private key could not be discarded after signing some data?
For example with a JWT, or a file hash use for audit at a later date, is keeping the private key necessary? … Continue reading Key management: Can I delete private key in asymmetric encryption?→