Collaborate Disseminate
Many projects offering binaries, also offer hashes (e.g. SHA256) of those binaries, wither as .ASC files, or directly on the web page near the binary. This isn’t to protect against network-caused corruption, as that’s ensured by the TCP pr… Continue reading What’s the point of providing file checksums for verifying downloads?
I read alot regarding RSA encryption/DH key exchange/digital signatures and the whole TLS protocol.
There’s something i am missing regarding the public key signatue validation.
Let say some website has a certificate signed with its private… Continue reading What prevents me from using a some server’s public key and impersonate another server [duplicate]
I’ve read a lot of articles on the PKI and digital certificate topics because it’s very rare to find one article covers all the aspects; also the topic is confusing at the beginning, (this beautiful question is my last reading: How do cert… Continue reading How is public key included in the CSR?
I know it is possible to use RSASSA-PKCS1-v1_5 with client certificates in TLS 1.3.
But what about the other way around: using RSASSA-PSS with client certificates in TLS 1.2?
Is it possible to use RSASSA-PSS signed certificates with TLS 1…. Continue reading RSASSA-PSS with certificates in TLS 1.2 [migrated]
I am new to GPG so I may be going about this all wrong. I have some files I would like to encrypt symmetrically using AES256, but I want to sign them with my GPG key. I need to automate this process however so I’m using –batch and I pas… Continue reading How to pass both passphrase and password in GPG signed symmetric encryption?
We are considering to build a Windows application that is split in 2 parts:
one Windows service
some Add-Ins for Microsoft Office, Microsoft Management Console (MMC) and PowerShell.
Additional info:
The service and the Add-Ins are digit… Continue reading How to authenticate an Add-In on interprocess communication?
Two questions on signatures.
I am trying to understand the various types of "trust signature". The man page says, "For more information please read the sections “Trust Signature” and “Regular Expression” in RFC-4880."… Continue reading Validity, Owner Trust, Trust Signatures & Certification Level
In the SSH spec, Section 7.1, key exchange algorithms are distinguished based on whether they require an "encryption-capable" or a "signature-capable" host key algorithm.
If I understood their details correctly, the wel… Continue reading Examples of SSH key exchange algorithms requiring encryption-capable host keys
There’s something I don’t understand about signatures in Google Maps APIs.
The documentation says "We strongly recommend that you use both an API key and digital signature, regardless of your usage". In this case we are talking a… Continue reading What’s the purpose of signatures in Google Maps APIs?
I am working on an application where the general approach is signing most response payloads with HMAC, but there are a couple of endpoints that return text/event-stream in the response. What is the common approach in such cases?