ECDSA certificates not impacted by Let’s Encrypt certificate chain change?

We received an email from Cloudflare about the upcoming Let’s Encrypt certificate chain change.
At some point, it states that "Additionally, this change only impacts RSA certificates. It does not impact ECDSA certificates issued throu… Continue reading ECDSA certificates not impacted by Let’s Encrypt certificate chain change?

Why does the Public Key Info field in an X509 certificate for EC indicate the algorithm

The Subject Public Key Info field can have a value like ECDSA_P256 or ECDH_P256 when ECC is used.
Why is it not sufficient to specify "ECC_P256"? In other words, why is it not enough to specify just the curve parameters (like pri… Continue reading Why does the Public Key Info field in an X509 certificate for EC indicate the algorithm

Is pass -> [via pbkdf2] -> seed -> ECDSA key pair better than pass(word) hashing?

For a web service, I am considering generating random 25-49 recovery codes as a kind of pass that can be stored in a pass manager (no usernames).
Instead of pass(word) hashing on the server, I consider hashing the pass on the client with p… Continue reading Is pass -> [via pbkdf2] -> seed -> ECDSA key pair better than pass(word) hashing?

How to decrypt ECDSA_secp256k1 private key from PEM format generated with OpenSSL

I’m trying to decrypt an encrypted ECDSA_secp256k1 private key generated using the OpenSSL CLI command openssl ecparam -genkey -name secp256k1 | openssl ec -aes-128-cbc -out ecdsa_priv.pem but I want to do it using pure Javascript. I tried… Continue reading How to decrypt ECDSA_secp256k1 private key from PEM format generated with OpenSSL

AWS KMS to sign messages – trouble using python’s ecdsa lib when getting the verifiying key [migrated]

I’m signing my messages using my code below:
def sign_msg_hash(self, msg_hash: HexBytes):
signature = self._kms_client.sign(
KeyId=self._key_id,
Message=msg_hash,
MessageType="DIGEST",
Continue reading AWS KMS to sign messages – trouble using python’s ecdsa lib when getting the verifiying key [migrated]

Unable to import OpenSSL generated private key into web API crypto.subtle.importKey [migrated]

I’m creating a private EC key using the command openssl ecparam -name secp256r1 -genkey -noout -out k1.pem. I’m trying to import it using crypto.subtle.importKey as described in this documentation.
I.e. after running OpenSSL I have the pri… Continue reading Unable to import OpenSSL generated private key into web API crypto.subtle.importKey [migrated]