Collaborate Disseminate
There is an embedded platform which requires signing binary executable file for them to be loadable onto CPU from flash. Signed executable consists from signature (first 40 bytes) and unsigned executable concatenated together. Unsigned exe… Continue reading How to identify digital signature and sign executables with it? [migrated]
I have some basic questions regarding eIDAS and ‘Advanced Electronic Signatures’.
Say, if I create a product under my company Acme Inc that offers a simple electronic signature where I sign every completed document digitally with a digital… Continue reading Does a signature service provider level digital certificate for electronic signature comply with eIDAS requirement for Advanced Electronic Signatures?
I’m working with an HTTPS API that requires me to include a Signature header, the signature is calculated as codeBase64(hmacWithSha384(key, body)). I’m wondering if it provides any real-life benefits or if it’s just security theatre, as op… Continue reading Do `Signature` headers have real benefits?
When we want to send a message from A to B with confidentiality and non repudiation. I want answer and reasons for both the technique
1)
Why First Encrypt then sign is better ?
2)
Why First sign then Encrypt I’d better than 1)
I am trying to develop a scheme for publishing a message to a group of recipients. Any recipient needs to be able to verify who the message was sent by.
There may be tens of messages generated each second, and the senders may be low power,… Continue reading Write message that can be verified by any member of a group
In this Help Net Security interview, Thorsten Hau, CEO at fidentity, discusses the legal validity of qualified digital signatures, demonstrating their equivalence to handwritten signatures when backed by robust identity verification. Opting for certifi… Continue reading The misconceptions preventing wider adoption of digital signatures
In a test document with a digital signature, I have received a number of digital signatures.
I would now like to use that document (defining a number of owners of a property) vis-a-vis an authority.
After the procedure, I know who has sign… Continue reading How do you use a digitally signed document vis-a-vis a government agency [closed]
Using ecryptfs, a fine file-system encryption mechanism on Linux.
After the filesystem is setup with ecryptfs (ecryptfs is an overlay of the actual filesystem, like ext4. Files and directories name and content are encrypted ; names are ASC… Continue reading ecryptfs: What would happen if we entered the wrong passphrase and continued like that? Can we prevent encryptfs from accepting a wrong passphrase?
How can an end-user manually/locally update the code signature for an extension?
A Google Chrome extension broke 1 year ago due to Google Chrome’s new code signature. Users received errors like "can’t verify the identity of your web b… Continue reading How can I update an browser extension to use Google’s new code signature?
If I have a Java thin client app that connects to a server, and I want to protect my client from a malicious use, so I want to implement a sort of signature.
Now the struggle is, if I want to sign the client files, I need to have the keys … Continue reading How to provide signature for a thin client app?