Collaborate Disseminate
Java versions 15, 16, 17, and 18 (and maybe some older versions) have a big problem, ECDSA signature verification is totally broken. The story is a prime example of the …read more Continue reading This Week in Security: Java’s Psychic Signatures, AWS Escape, And a Nasty Windows Bug
I’ve configured the following on my IOS XE device.
!
ip ssh rsa keypair-name my-4096rsa-ssh-key
ip ssh version 2
ip ssh server algorithm mac hmac-sha2-512 hmac-sha2-256
ip ssh server algorithm encryption aes256-gcm aes256-ctr
ip ssh server… Continue reading SSH Handshake on Cisco IOS XE
After generating an OpenSSH EC key on a hardware security key:
$ ssh-keygen -t ed25519-sk -C comment
Is it possible to use this key with Google Chrome SSH applet or Mosh, in particular on non-Linux machines where there is no ssh command a… Continue reading Is it possible to use an ed25519 security key with Google Chrome SSH applets?
Now that OpenSSH supports Elliptic curve security keys (since version 8.2), it’s possible to generate a ed25519-sk key on a hardware security key:
$ ssh-keygen -t ed25519-sk -C comment
This generates a public and a private key parts. How … Continue reading How sensitive is the primary key stub of an ed25519 security key (~/.ssh/id_ed25519_sk)?
In my situation my private key is in an HSM. I cannot access it for use with the various bitcoin golang libraries. Most of the functions require the private key "in-use". Although in my case, I can generate the signature later us… Continue reading How do I turn an 88 byte ECDSA public key into a 65 byte uncompressed or 33 byte compressed key for use with bitcoin
I’m working on a project with a client based on mbedtls and a server built with vsftpd.
I had basic RSA authentication working but am now upgrading to using the cipher TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256. And I am struggling to get it … Continue reading wrong curve error during TLS handshake with vsftpd
I am trying to manually verify the signature using a public key and signature but continue to fail.
When I try using AWS KMS API it works,
kms_boto3_client.verify(
KeyId=keyid,
Message=message,
MessageType=’RAW’,
Signature=… Continue reading ECDSA Signature Verification works with AWS KMS API but not when using OpenSSL
If I understand correctly section 4.2 in Jacques Stern, David Pointcheval, John Malone-Lee, and Nigel P. Smart’s Flaws in Applying Proof Methodologies to Signature Schemes, in proceedings of Crypto 2002, they describe an attack that allows… Continue reading Premeditated substitution of ECDSA-signed message by the signer
Researchers can now made software copies of Google’s “unclonable” Titan security keys – but not yet undetectably. Continue reading Google Titan security keys hacked by French researchers
I’m trying to verify that a smartcard (possibly doctored by an attacker) has access to the (ECDSA P-384) private key for which I was given a (signed) public key, in order to verify that the card is genuine. In order to do that, I should pa… Continue reading Verify signature without digest