Collaborate Disseminate
The company I work for is developing a digital signature application very similar to DocuSign, but we aim to make our signatures EIDAS compliant.
For the first version we aim to do the same thing DocuSign does with its basic signing proces… Continue reading EIDAS compliant advanced digital signature in company name
I’m wondering about the correct steps when you want to download Firefox from their server and validate it has not been tampered with.
Assume you download the latest Firefox tar-bz2-package from https://download.mozilla.org with wget. Is th… Continue reading How to verify the downloaded Mozilla Firefox binary? [duplicate]
File hosting service Dropbox has confirmed that attackers have breached the Dropbox Sign production environment and accessed customer personal and authentication information. “From a technical perspective, Dropbox Sign’s infrastructure is largely… Continue reading Dropbox says attackers accessed customer and MFA info, API keys
I am using TPM to to encrypt and sign my data. But since I am not security expert, I need to come to you guys 😀
I am developing this app to verify file content. I already has this part sorted out with TPM. But now comes the tricky part. I… Continue reading How to securely store signature file
21 CFR Part 11’s Subpart B for Electronic Records has a section on ‘Controls for Open Systems" stating that:
Persons who use open systems to create, modify, maintain, or transmit
electronic records shall employ procedures and control… Continue reading Is Digital Signature really necessary for an open system considered by FDA’s 21 CFR Part 11?
I’m doing some development work on an untrusted computer. I’d like to sign my commits I make from it, but I don’t want my personal PGP key to touch this computer. Or maybe I’m using a PGP smart card and I can’t present it to the computer b… Continue reading Is it possible to sign Git commits on a different computer?
I use various Linux machines where I like to sync some config and other important files. This is a security risk, as an intruder on one machine could easily modify some script that would be propagated to the other machines automatically.
T… Continue reading multiple machines sync without single point of failure
Let’s say that there’s a known digital signature issued by a trusted CA.
Normally, digital signatures need to be evaluated: checked if they are expired, revoked, if there’s a problem in the chain of trust. However, if these aspects are a g… Continue reading Is hashing a digital signature for quick (but incomplete) validation a known and/or acceptable practice?
I only use two programs VSCode and Electron Fiddle for my crypto assets and token projects. Lately I’ve been getting the same Java processing errors,
at internalCompileFunction (node:internal/VM:73:18
at wrapSafe (node:internal/modules/cjs… Continue reading IDE VSCode JavaScript [closed]
I just started using a Yubikey 5. I’ve set up GPG according to this excellent guide, and now I have 3 working ECC key pairs on my Yubikey: Sign/S :: ed25519, Encrypt/E :: cv25519, Authentication/A :: ed25519.
Now I want to use my Yubikey t… Continue reading Certify using Yubikey