Collaborate Disseminate
I have an Android 11 device and many of my apps and system apps use MD5withRSA or SHA1withRSA as signature algorithm by default.
Why should I take my apps SHA256withRSA or SHA512withRSA? Are there any advantages, if so what are they? Are t… Continue reading Why should I go to SHA512withRSA signature for my Android apps?
I am learning TLS handshake and find client/serve will negotiate a cihpersuite during client/server hello.
Usually, the last part of a ciphersuite is a hash algorithm, like SHA256 in ECDHE-ECDSA-AES128-SHA256. The second part of a ciphersu… Continue reading What is the relation between "signature_algorithms" handshake extension and TLS ciphersuite
I’m curious about what data actually gets signed when I sign a git commit or tag? Is it simply the commit message and metadata?
How could I manually duplicate the signature, use gpg instead of git?
Continue reading When I sign a git commit, what is my signature actually based on?
Suppose a student takes an exam at home. Since home-exams are prone to cheating, the student wants to be able to prove that he/she did not cheat. So the student puts cameras in the room, which videotape the room during the entire exam. Now… Continue reading Is it possible to make a video that is provably non-manipulated?
I’m implementing a service that makes signs and sends transactions at the end of the day, this acts as a crypto exchange. The service creates for every new user a key pair (Private key with its public key). The user can deposit his funds t… Continue reading It’s secure to store private keys in AWS Secret Manager?
Say you want to prove that you received a certain message from someone.
This can be difficult because many messaging apps (like facebook messenger) allow the sender to delete messages on the recipient’s end.
Of course, you could screenshot… Continue reading Proving authenticity of a message from a message app in case of deletion
When downloading files (mainly software/installers) from pages in browsers, sometimes it comes also with a cryptographic hash or a signature to verify the authenticity of a file against data manipulation (example below).
Why there isn’t … Continue reading Why there is nothing that automatically checks signatures of files downloaded in browsers? [duplicate]
Given 2 entities, A and B:
A has a public key( x ) and a private key( x* ).
B has a A’s public key hash( let’s call it h(x) ).
A has to prove ownership of x* to B.
How could this be achieved, considering the fact that B is not allowed to s… Continue reading Private key Proof of Ownership [closed]
I was reading this wikipedia article on Keysigning: https://en.wikipedia.org/wiki/Keysigning and I then came across this discussion Stack overflow about message signing with RSA: https://stackoverflow.com/questions/454048/what-is-the-diffe… Continue reading Keysigning and digital message signatures: are they the same thing?
So, I have been working on my own project for which I have been looking into certificates and such. While browsing reddit I found a game which I can launch the exe file, expecting to get a Windows 10 warning message, such as occurs for mos… Continue reading How does this unsigned exe launch without the windows 10 SmartScreen warning?