Collaborate Disseminate
I know that there are two approaches, one with local capsulated storage, such as USB token or smartcard, and the other with cloud-based key vault. Both are secured with a PIN that has to be entered in the client requesting authentication. … Continue reading What is the most secure hardware option for the use of personal eIDAS compliant QES in the EU?
I’m building an identity service using PKI and MTLS for authentication where users are supposed to be able to sign data e.g. a json string or a document.
Where I am now
I have implemented working MTLS using AWS ACM PCA as Private CA and KM… Continue reading Help understanding PKI MTLS and digital signature architecture
I want to know the use cases of DAA (Direct Anonymous Attestation) in the real world.
Continue reading Is there any use case of DAA (Direct Anonymous Attestation) in TPM?
I’m building an identity service and have successfully managed to implement MTLS authentication using x509 client certificates to identify the user.
However, we also want the user to be able to sign some data.
At the moment we’re signing t… Continue reading Can/should a x509 client auth certificate be used to sign data?
I’m building an identity service using PKI and MTLS for authentication.
I use AWS ACM PCA for private certificate authority and AWS KMS for key pairs. I use the private key created by KMS to sign the Certificate Signing Request that’s sent… Continue reading Do I need different certificates for MTLS and Signing data?
Is it possible for an app binary to sign content generated by the app such that a verifier can confirm the data was indeed generated by a specific version of the app?
For example:
A mobile app from a trusted publisher generates a sequence … Continue reading Is it possible for an app to sign data it generates so that the data can be guaranteed to come from the app? [duplicate]
Before key exchange, since there is no encryption, an attacker can copy certificate section of http request and create a new http request with his own ip address. After that, attacker can create a secure communication with client. To preve… Continue reading Why can’t MITM attacker steal SSL certificate and behave like a server before key exchange? [duplicate]
As you know Multi party computation (MPC) allows creating signature using private key shards and these key shards do not leave devices where they are stored.
Imagine that currently some HSM device stores private key and signs some data.
Wi… Continue reading Effect of increasing number of HSM devices used for MPC signing
I know much has been written on this topic, but I am still stuck on some on the details of TLS handshake and I would like to have a better understanding of what happens. I’ve been using several sources to learn more, but my basic outline… Continue reading Confusion Regarding TLS Handshake and Key Exchanges
Is it possible to unpack an application and re-pack it with changes and make it work on Android 11 ? I read that on Android 11 you have to sign the apk with schema v2. I did it but the app gives me an error when I try to install it.
Continue reading Apk android with signature scheme v2 [migrated]