Collaborate Disseminate
Is their a recommended RFC standard way to sign an ECDH certificate?
Given that the ECDH Private Key is not intended for digitalSignatures it seems wrong to sign a CSR with it’s own Private Key.
It would seem logical that another trusted c… Continue reading ECDH Certificate Signing
We received an email from Cloudflare about the upcoming Let’s Encrypt certificate chain change.
At some point, it states that "Additionally, this change only impacts RSA certificates. It does not impact ECDSA certificates issued throu… Continue reading ECDSA certificates not impacted by Let’s Encrypt certificate chain change?
I’d like to better understand the threat model for passkey implementations, using a Bitwarden client or browser extension as an example.
Does Bitwarden care about the following specific FIDO2 details such as the use of ECDSA crypto, e.g. d… Continue reading How does passkey login work, and where do the private keys get shared? [closed]
The Subject Public Key Info field can have a value like ECDSA_P256 or ECDH_P256 when ECC is used.
Why is it not sufficient to specify "ECC_P256"? In other words, why is it not enough to specify just the curve parameters (like pri… Continue reading Why does the Public Key Info field in an X509 certificate for EC indicate the algorithm
Let’s assume we’re running on mbed system with internal and external RAM. Dumping external RAM is much more easier for attacker on such systems when debug ports are locked.
I’m wondering if the context passed to mbedTLS APIs carries any se… Continue reading MbedTls – keeping context private?
For a web service, I am considering generating random 25-49 recovery codes as a kind of pass that can be stored in a pass manager (no usernames).
Instead of pass(word) hashing on the server, I consider hashing the pass on the client with p… Continue reading Is pass -> [via pbkdf2] -> seed -> ECDSA key pair better than pass(word) hashing?
I’m trying to decrypt an encrypted ECDSA_secp256k1 private key generated using the OpenSSL CLI command openssl ecparam -genkey -name secp256k1 | openssl ec -aes-128-cbc -out ecdsa_priv.pem but I want to do it using pure Javascript. I tried… Continue reading How to decrypt ECDSA_secp256k1 private key from PEM format generated with OpenSSL
I have created a ECDSA key and now need to convert this to SSH2 key.
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("ECDSA");
ECGenParameterSpec params = new ECGenParameterSpec("secp384r1");
key… Continue reading Given a Java ECPublicKey ECDSA PublicKey, how can I build an SSH2 public key?
I’m signing my messages using my code below:
def sign_msg_hash(self, msg_hash: HexBytes):
signature = self._kms_client.sign(
KeyId=self._key_id,
Message=msg_hash,
MessageType="DIGEST",
… Continue reading AWS KMS to sign messages – trouble using python’s ecdsa lib when getting the verifiying key [migrated]
I’m creating a private EC key using the command openssl ecparam -name secp256r1 -genkey -noout -out k1.pem. I’m trying to import it using crypto.subtle.importKey as described in this documentation.
I.e. after running OpenSSL I have the pri… Continue reading Unable to import OpenSSL generated private key into web API crypto.subtle.importKey [migrated]