Collaborate Disseminate
I have environmental constraints where the cyber and safety functions are segregated such that safety operations are handled by one unit and cyber operations such as firewall, HIDS, secure storage etc. are handled by another unit that is s… Continue reading double hashing for code signing and verification
Our project is to apply digital signature to PDF, so each user should have their own key pairs and a certificate. To keep key securely, we plan to purchase HSM, but from what I understand HSM have a limited number of keys that it can store… Continue reading HSM High Volume Keys
Below is the link to download putty:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
As you can see, beside each download link, there is hyperlink called "signature", and clicking it downloads a file.
putty-64bit-… Continue reading Digital signature on downloads
From what I know about QES, they come on smart cards and USB tokens and are password protected. When a site asks you for a client certificate, you need to have it plugged in and enter the password when prompted. Same when a desktop app tri… Continue reading How do Cloud-based services provide Qualified Electronic Signatures?
Linus mentioned in 2009 that "Signing each commit is totally stupid".
Has the common view evolved on this subject since then ? Doesn’t it protect against someone usurping your identity to commit something into your git repo ?
Tha… Continue reading Git Signing commits in a private repo
What hash based digital signature algorithms exist that have reasonably small signature sizes?
By reasonably small, I mean not much bigger than what you would get with a 256-bit ECDSA (which I believe has a signature of about 64 bytes). … Continue reading What hash based digital signature algorithms exist that have reasonably small signature sizes? [migrated]
this is my first post here in the area of security and encryption. I will try to be succinct, and let you know that I am not an expert in security.
Context: My client (visitor) has an X509 certificate installed on his machine, containing… Continue reading mTLS Client Authentication by Signing Arbitrary Message using Browser
I have followed this and this video. Following is my understanding.
Before sending a request/response, sending-host (could be server or client) generates a pair of asymmetric cryptographic keys, then takes hash (called Digest) of the pack… Continue reading Is my understanding of Digital Certificates, Digital Signatures and their role in security of flowing traffic correct
Imagine this scenario
A StackExchange user sends you a PGP-encrypted message
You decrypt the message and discover that you are being blackmailed
You report the message to the admins but they are unable to view the content
In this situati… Continue reading How can I prove the content of a PGP-encrypted message to a third party?
When I open up my macro-enabled office files (i.e., .docm, .xlsm, .pptm) that contain signed macros as a Zip file, I see the following three files which I assume contain the digital signatures for the macro:
vbaProjectSignature.bin
vbaPro… Continue reading Parse VBA Macro Digital Signature