Collaborate Disseminate
I’m designing an app (for PC), that is intended to run on users’ machines and generate a file with some data. The user will then upload the file to the server, and I want to verify that this file has been produced by my app and hasn’t been… Continue reading Verify that data submitted by user was produced by my app
Public key is for encryption, and private key is for decryption in PKIs.
And digital signature employs the PKIs.
How to use a private key for encryption, and using public key for decryption which violate asymmetric cryptography?
from geeks… Continue reading Digital Signature uses private key for encryption, and public key for decryption? [duplicate]
I’m building an open-source notes app using electron.
I’ll be using rxdb which uses crypto-js to encrypt fields using AES-256 after getting a passphrase and using pbkdf2 to generate a key. Rxdb is a document store in the browser.
I saw a c… Continue reading How could I improve the security of my design?
I have an offline safe at a remote location that I want to give people access to at my discretion. I would like to control who and when they have access, without having to travel to the safe.
Example:
I would like "Peter" to be … Continue reading Authentication to offline device
So I want to do the following
Check the RSA public key of a https server
Make a GET request to that server
Get a response+signature from the server
I should be able to check if ANY reponse+signature pair matches the publickey.
I was able… Continue reading Check signature of an HTTPS response
I have an Android 11 device and many of my apps and system apps use MD5withRSA or SHA1withRSA as signature algorithm by default.
Why should I take my apps SHA256withRSA or SHA512withRSA? Are there any advantages, if so what are they? Are t… Continue reading Why should I go to SHA512withRSA signature for my Android apps?
I am learning TLS handshake and find client/serve will negotiate a cihpersuite during client/server hello.
Usually, the last part of a ciphersuite is a hash algorithm, like SHA256 in ECDHE-ECDSA-AES128-SHA256. The second part of a ciphersu… Continue reading What is the relation between "signature_algorithms" handshake extension and TLS ciphersuite
I’m curious about what data actually gets signed when I sign a git commit or tag? Is it simply the commit message and metadata?
How could I manually duplicate the signature, use gpg instead of git?
Continue reading When I sign a git commit, what is my signature actually based on?
Suppose a student takes an exam at home. Since home-exams are prone to cheating, the student wants to be able to prove that he/she did not cheat. So the student puts cameras in the room, which videotape the room during the entire exam. Now… Continue reading Is it possible to make a video that is provably non-manipulated?
I’m implementing a service that makes signs and sends transactions at the end of the day, this acts as a crypto exchange. The service creates for every new user a key pair (Private key with its public key). The user can deposit his funds t… Continue reading It’s secure to store private keys in AWS Secret Manager?