Collaborate Disseminate
Imagine the following scenario:
We have Bob that wants to send a message to Alice. Both have a public/private key. Bob uses his private key to sign the digest (hash of the message) with it’s private key, and sends along it the plain text m… Continue reading How does a digital certificate prove authenticity?
I’m not understanding how does Sendgrid verify that’s it’s me who’s sending them the HTTPS request on their webhook endpoint.
Specifically, in their docs they show how to obtain their public key (to verify that I’m connected to sendgrid) b… Continue reading mTLS on webhooks
When I do openssl verify -CAfile signer.crt -untrusted signed.crl I get an unable to load certificates, which I don’t understand as both openssl x509 -in signer.crt -inform PEM -text -noout and openssl crl -in signed.crl -inform PEM -text … Continue reading openssl verify: "unable to load certificates" error
I’m signing my messages using my code below:
def sign_msg_hash(self, msg_hash: HexBytes):
signature = self._kms_client.sign(
KeyId=self._key_id,
Message=msg_hash,
MessageType="DIGEST",
… Continue reading AWS KMS to sign messages – trouble using python’s ecdsa lib when getting the verifiying key [migrated]
When I use secret key which only one server know for symmetric encryption done with XChaCha20-Poly1305, is any benefit to use signing aswell? As long as only one server knows the secret, doesn’t it also work as a signature? Are there any d… Continue reading Does signing make any sense when encrypting with secret key is used?
Is there an online tool which allows users to verify that an armoured, detached PGP signature for a file is valid?
The closest thing I found was PGPTool.org, which is quite nice but unfortunately does not cater for detached signatures.
I’m… Continue reading User-Friendly PGP Verification tool [migrated]
I have a gpg key linked to my identity and real email address. I also use github with their private email functionality "id+username@users.noreply.github.com", which I set as my git email. The purpose is to avoid bots doing data … Continue reading Do git commit signatures reveal key uid if different from git email?
Context:
I’m filling my taxes and my country requires me to upload certain documents from my employer to verify the numbers I give to the government. These documents are "digitally signed", like so:
Now, before I use these certi… Continue reading What exactly happens when I "validate" a digital signature?
Considering an HMAC algorithm: it shall guarantee integrity and authenticity. I don’t understand what authenticity means: that signature could be generated by anyone having the shared secret key (non repudiation is not supported in symmetr… Continue reading I don’t undertand the meaning of ‘Authenticity’ property [migrated]
The link here, https://www.openssl.org/docs/manmaster/man7/Ed25519.html, contains C-code that works just perfect to sign a message using Ed25519 in a C/C++ program.
But I just can’t find any corresponding code to verify a signed message.
A… Continue reading Code sample (OpenSSL – EVP) of verifying signed Ed25599 content