Collaborate Disseminate
I’d like to better understand the threat model for passkey implementations, using a Bitwarden client or browser extension as an example.
Does Bitwarden care about the following specific FIDO2 details such as the use of ECDSA crypto, e.g. d… Continue reading How does passkey login work, and where do the private keys get shared? [closed]
The Subject Public Key Info field can have a value like ECDSA_P256 or ECDH_P256 when ECC is used.
Why is it not sufficient to specify "ECC_P256"? In other words, why is it not enough to specify just the curve parameters (like pri… Continue reading Why does the Public Key Info field in an X509 certificate for EC indicate the algorithm
Let’s assume we’re running on mbed system with internal and external RAM. Dumping external RAM is much more easier for attacker on such systems when debug ports are locked.
I’m wondering if the context passed to mbedTLS APIs carries any se… Continue reading MbedTls – keeping context private?
For a web service, I am considering generating random 25-49 recovery codes as a kind of pass that can be stored in a pass manager (no usernames).
Instead of pass(word) hashing on the server, I consider hashing the pass on the client with p… Continue reading Is pass -> [via pbkdf2] -> seed -> ECDSA key pair better than pass(word) hashing?
I’m trying to decrypt an encrypted ECDSA_secp256k1 private key generated using the OpenSSL CLI command openssl ecparam -genkey -name secp256k1 | openssl ec -aes-128-cbc -out ecdsa_priv.pem but I want to do it using pure Javascript. I tried… Continue reading How to decrypt ECDSA_secp256k1 private key from PEM format generated with OpenSSL
I have created a ECDSA key and now need to convert this to SSH2 key.
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("ECDSA");
ECGenParameterSpec params = new ECGenParameterSpec("secp384r1");
key… Continue reading Given a Java ECPublicKey ECDSA PublicKey, how can I build an SSH2 public key?
I’m signing my messages using my code below:
def sign_msg_hash(self, msg_hash: HexBytes):
signature = self._kms_client.sign(
KeyId=self._key_id,
Message=msg_hash,
MessageType="DIGEST",
… Continue reading AWS KMS to sign messages – trouble using python’s ecdsa lib when getting the verifiying key [migrated]
I’m creating a private EC key using the command openssl ecparam -name secp256r1 -genkey -noout -out k1.pem. I’m trying to import it using crypto.subtle.importKey as described in this documentation.
I.e. after running OpenSSL I have the pri… Continue reading Unable to import OpenSSL generated private key into web API crypto.subtle.importKey [migrated]
On 2022-04-19, Neil Madden published a vulnerability in the ECDSA signature verification code of the library bundled with some editions of Java, including some recent by Oracle and in OpenJDK. That became CVE-2022-21449 (I’ve yet to unders… Continue reading Ramifications of the psychic/CVE-2022-21449 ECDSA verification vulnerability
I need a CA signed ECDSA certificate for testing purposes.
I am able to generate an ECDSA certificate and key but I have never signed one.
I use OpenSSL in a Windows environment to generate certificates.
Is there any way to generate a free… Continue reading Generate CA signed ECDSA certificate