Collaborate Disseminate
I would like to understand how certificate-based signature works, I understand the standard asymmetric key signature where one party signs using their private key, and anyone else can validate this is authentic by checking against the publ… Continue reading How does a CA-backed signature works?
We have 2 servers communicating, server A (a server that I own), and server B (server on the internet that I trust). I get some info from server B, which are FIX messages (https://en.wikipedia.org/wiki/Financial_Information_eXchange).
Serv… Continue reading Using FIX over TLS, is there a need to sign FIX mesages?
The /INTEGRITYCHECK linker option sets a flag that "tells the memory manager to check for a digital signature in order to load the image in Windows". So the general idea is that this ensures the binary is signed by a legitimate,… Continue reading What protection does the /INTEGRITYCHECK MSVC linker option offer, if a malicious file without it can simply be substituted for the authentic file?
I have 2 endpoints that are exchanging data (FIX messages), and the originating endpoint is genrating the fix files are sending them on an ecrypted channel (TLS or Stunnel). In a security audit, it was recommended that the files are signed… Continue reading are files sent in a TLS channel signed? [duplicate]
I’m developing a website and trying to use the algorithm RS256 to generate and verify the signatures of clients (JWT).
Here is how I generate a signature at the client side (I use the Python script to simulate a client):
header = {
&qu… Continue reading How does RS256 work in a website
We are looking to introduce signing of commits into our company.
Currently we are leaning towards using GPG kays, but we can consider SSH if what we want cannot be achieved with GPG.
We are using a private Gitlab instance.
What we need:
We… Continue reading Managing signed commits as an organization
Signing XML file with XAdES extension provides the X509 certificate.
What is the security point if the certificate is given? Anyone can tamper the data with its own certificate, right?
I used to work with certificate ids and have to reach … Continue reading How XAdES protects against tampering if the certificate is embedded?
In RSA signatures, Alice signs the message using her private key, and Bob verifies the message using Alice’s public key.
If an attacker has the signed encrypted message, then can they also verify the message using Alice’s public key? If ye… Continue reading Digital Signatures [closed]
We are planning on implementing encryption or digital signatures using any of the available classes provided by the Java Cryptography Architecture (e.g. KeyPair, MessageDigest, Cipher, KeyStore, Certificate, and Signature JCA APIs.).
We ha… Continue reading Java Cryptography classes – program agnostic usage
Our web application issues governmental documents for our users. Every one of those documents needs to be signed with a private key. However, because our users find it cumbersome to point their browser to their key file every time they wan… Continue reading My web application needs to have my users’ private keys to sign documents on their behalf. How do I handle that?