digital-signature – Page 15

Why does length of Signatures in two certificates using same Signature Algorithm sha256WithRSAEncryption is different?

Posted on October 18, 2021 by InvisibleWolf

I have this recent Wikipedia certificate issued by intermediate CA Let’s encrypt:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:95:2f:46:69:de:e4:d2:19:35:7f:f0:27:6a:fa:fe:09:cb
Signature Al… Continue reading Why does length of Signatures in two certificates using same Signature Algorithm sha256WithRSAEncryption is different?→

Key Storage and Implementation for Web App

Posted on October 17, 2021 by NEW2WEB

I’m designing an application with Security in mind. I’ve read up on Asymmetric, Symmetric and Signature keys, and have a few questions I can’t seem to find answers to.
Here are some of the assumptions I’ve made based on my readings:

For p… Continue reading Key Storage and Implementation for Web App→

Digital Signatures validity when changing Certificate Authority

Posted on October 17, 2021 by user1912383

An enterprise has its internal PKI-1 (Root CA) that issues certificates to sign document using CAdES-C (CAdES-LT); with Complete Validation Data References and revocation references.
Now this enterprise has to switch to new external PKI-2 … Continue reading Digital Signatures validity when changing Certificate Authority→

Strange keystore from payment processor

Posted on October 14, 2021 by maple_shaft

I am working on an older software for a company at the moment and in my work have been upgrading a number of libraries. The app connects to a web service hosted by the third party payment processor, and in doing so it must create a digital… Continue reading Strange keystore from payment processor→

Digital signature with Big Brother [migrated]

Posted on September 27, 2021 by User4567

I have read digital signature with Big Brother but don’t understand the sequence.

One approach to digital signatures is to have a central authority that
knows everything and whom everyone trusts, say Big Brother (BB). Each
user then choos… Continue reading Digital signature with Big Brother [migrated]→

Is DSA-1024 safe to sign package repositories ? What are the reasons?

Posted on September 25, 2021 by TimothySimon

I recently found that the latest release of a major Linux distribution (MX Linux) uses DSA-1024 in /etc/apt/trusted.gpg and in /etc/apt/trusted.gpg.d/*.gpg
It also probably uses SHA-1 as the signature algorithm (which is the most common on… Continue reading Is DSA-1024 safe to sign package repositories ? What are the reasons?→

Signing Binaries in CI/CD

Posted on September 15, 2021 by ouroboring

I’ve been considering how continuous integration/delivery environments handle code signing.
If I maintain some open source project which uses a CD environment to build binaries to ship to users, I may wish to sign the binaries which are pr… Continue reading Signing Binaries in CI/CD→

Keeping a whitelist of GPG keys on git server

Posted on September 7, 2021 by mrbolichi

Why don’t git servers (gitlab, github, etc…) allow for a whitelist of public GPG keys allowed to sign commits? For example, Alice owns a GPG key with fingerprint 0A1B2C3D while Bob’s is 4E5F0A0B.
They work together and they pass their key’… Continue reading Keeping a whitelist of GPG keys on git server→

Possible to limit an SSL certificate holder to issuing redirects?

Posted on September 7, 2021 by Max Murphy

Is it possible to issue an SSL certificate that limits the certificate holder to issuing https redirects? Or more generally, limiting the holder to issuing specified data through the secure pipe, once it has been established?
I would like… Continue reading Possible to limit an SSL certificate holder to issuing redirects?→

Docker: How to download & verify a publisher’s root key (out-of-band, distinct-domain cryptographic verification, WoT)

Posted on August 27, 2021 by Michael Altfield

For a given publisher of docker images on Docker Hub (let’s say debian), how do I download their root release/image signing key and verify its authenticity from multiple sources out-of-band from each-other?
Though it doesn’t appear to be c… Continue reading Docker: How to download & verify a publisher’s root key (out-of-band, distinct-domain cryptographic verification, WoT)→