Collaborate Disseminate
If you have a client-side script (e.g client.py) communicating with a server-side script (e.g server.py). Using SSL certificates the identity of the server is automatically verified.
But how do you verify that the code of server.py isn’t t… Continue reading Validate server-side code using hash?
(I likely didn’t use correct keywords, but I was not able to have a complete info about below question).
Working on a IoT device, capable to connect to our own server, using MQTT and HTTPS connections, both utilizing TLS handshake. We want… Continue reading Which server CA to use for device fleet management?
I have to store a document (e.g. a JSON file) on a remote PC (that my App is running on) alongside a signature to be able to verify that this file was signed by me. I have no access to this PC nor does this PC have access to the internet. … Continue reading How to prevent public key tampering
My organisation, say Acme, is building an e-signature platform where global businesses sign up and use the platform to send out e-signature requests. And when signers in a particular e-sign request sign the document, Acme must digitally si… Continue reading How to feasibly digital sign high volume documents with CA issued digital certificate?
In eIDAS Remote Qualified Signatures, but also in other Remote-Signature Solutions, the cryptographic keys are held by the Remote Signature Provider. The user uses some method, e.g., a smartphone app, to allow the creation of a signature.
… Continue reading Remote eIDAS Qualified Signatures: Control of Signature Activation Data
There is an embedded platform which requires signing binary executable file for them to be loadable onto CPU from flash. Signed executable consists from signature (first 40 bytes) and unsigned executable concatenated together. Unsigned exe… Continue reading How to identify digital signature and sign executables with it? [migrated]
I have some basic questions regarding eIDAS and ‘Advanced Electronic Signatures’.
Say, if I create a product under my company Acme Inc that offers a simple electronic signature where I sign every completed document digitally with a digital… Continue reading Does a signature service provider level digital certificate for electronic signature comply with eIDAS requirement for Advanced Electronic Signatures?
I’m working with an HTTPS API that requires me to include a Signature header, the signature is calculated as codeBase64(hmacWithSha384(key, body)). I’m wondering if it provides any real-life benefits or if it’s just security theatre, as op… Continue reading Do `Signature` headers have real benefits?
When we want to send a message from A to B with confidentiality and non repudiation. I want answer and reasons for both the technique
1)
Why First Encrypt then sign is better ?
2)
Why First sign then Encrypt I’d better than 1)
I am trying to develop a scheme for publishing a message to a group of recipients. Any recipient needs to be able to verify who the message was sent by.
There may be tens of messages generated each second, and the senders may be low power,… Continue reading Write message that can be verified by any member of a group