Collaborate Disseminate
We are currently implementing an envelope encryption scheme in order to securely store PII data in our database. That means we will have a user- specific DEK (data encryption key), and a KEK, which will get derived from the user’s password… Continue reading Envelope Encryption: KEK management in Auto- Login case
Several people recommend only decrypting your master key on an airgapped computer to reduce the risk of having malware that can steal it. What about using an Android phone for this purpose? One could disable the radios in software, encrypt… Continue reading Using an Android phone for the airgapped GPG key signer
I have a problem. I’m a message relay and i want to prioritize user privacy as much as possible. Unfortunately, there is one issue. I can’t design my system to implement E2EE (end-to-end encryption), because the original message is always … Continue reading Encryption Master Key (KMS) vs Distributed Multiple Encryption Keys (KMS)
I’m developing a notetaking app that will store users’ note and file data encrypted in a db and on backblaze (respectively). The app will not be end-to-end encrypted but data will be encrypted in transit (with TLS) and at rest (AES256, for… Continue reading How can I use PBKDF2 to derive an encryption key from a password and then access that key later without the password (i.e. with a cookie)?
How can I increase my account balance? I am working but don’t show account balance.
I’m trying to meet a requirement where devs can log in to a server, launch, and test code without having the ability to pull (or access any ssh keys)code from the repository.
I don’t want to grant them access to push or pull from Git.
Curr… Continue reading How can I keep git ssh keys from developers in server
For example PGP keys imported to a program like Thunderbird. Is there any reason why Thunderbird, due to a rogue programmer or just a bug in the code, can’t send your private key off to a malicious actor or make copies of it once imported?… Continue reading What prevents applications from misusing private keys?
"The KeyUpdate handshake message is used to indicate that the sender is updating its sending cryptographic keys."
"If the request_update field is set to "update_requested", then the receiver MUST send a KeyUpdate o… Continue reading what should be the response of keyupdate if the initial KeyUpdateRequest is set to update_not_requested not update_requested
This is a follow-up of these two questions about using the TPM to store application’s keys. While both have great answers, there is a specific aspect I am missing:
How safe are the keys inside the TPM against another (malicious) app trying… Continue reading How safe are my app’s keys inside the TPM against other apps trying to impersonate mine?
The ssh-keygen command to generate the pair of keys files can use the -t option. According to Ubuntu Noble’s man ssh-keygen for the mentioned option, it indicates:
-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
Specifi… Continue reading OpenSSH 9.6p1: What is the best key type for the ssh-keygen command through the -t option?