Collaborate Disseminate
I’m working on an Android application with few millions of users. The app has some financial|payment features. We have some public APIs and some authenticated ones (OAuth2). As a part of enhancing our security, we are currently using "… Continue reading Reject requests from our tampered android apps
In the Digital Signature Algorithm, is there a reason why the larger prime parameter should be an $N$-bit prime where $N$ is a multiple of 64 ?
Is this strictly necessary for proper working of the algorithm?
Perhaps the answer is no, and perhaps this is a dumb question. However I am trying to understand the underlying principles better.
My understanding of certificate signing process.
I generate a key pair.
I create a CSR. [CSR is essentially… Continue reading Is it possible to create a certificate for a key pair which I do not possess?
Disclaimer: This is a cross-post after I initially was looking for help on the Gentoo forums since I suspected some major update of my Gentoo system to be the reason behind my problem.
However, since then I found that my GnuPG setup is wor… Continue reading How can I get `gpg` to sign with certain key again (end of file error)
I’ll formulate my question in regards to timestamped PDF, but I wonder actually about the long term validation of RFC3161 tokens in general.
So, PAdES has the concept of Long Term Validation, which means (correct me if I’m wrong), that a d… Continue reading What’s the merit of storing LTV (long term validation) information for RFC3161 tokens and what happens if a TSA private key would leak?
I’m designing an app (for PC), that is intended to run on users’ machines and generate a file with some data. The user will then upload the file to the server, and I want to verify that this file has been produced by my app and hasn’t been… Continue reading Verify that data submitted by user was produced by my app
Public key is for encryption, and private key is for decryption in PKIs.
And digital signature employs the PKIs.
How to use a private key for encryption, and using public key for decryption which violate asymmetric cryptography?
from geeks… Continue reading Digital Signature uses private key for encryption, and public key for decryption? [duplicate]
I’m building an open-source notes app using electron.
I’ll be using rxdb which uses crypto-js to encrypt fields using AES-256 after getting a passphrase and using pbkdf2 to generate a key. Rxdb is a document store in the browser.
I saw a c… Continue reading How could I improve the security of my design?
I have an offline safe at a remote location that I want to give people access to at my discretion. I would like to control who and when they have access, without having to travel to the safe.
Example:
I would like "Peter" to be … Continue reading Authentication to offline device
So I want to do the following
Check the RSA public key of a https server
Make a GET request to that server
Get a response+signature from the server
I should be able to check if ANY reponse+signature pair matches the publickey.
I was able… Continue reading Check signature of an HTTPS response