Collaborate Disseminate
I am thinking about using a vps on a hosting provider that does not offer cloud services like kms, or vpc on for example AWS for a webapp. The webapp will need to encrypt some sensitive data in the database.
When comparing the vps and vpc,… Continue reading Is handling keys with vps without kms secure?
I have a web application created with Flask in python that uses asymmetric encryption using RSA, the private key is generated from the user’s password and is only stored in a cookie on the user’s device, so even I as the person who has acc… Continue reading Asymmetric encryption and data sharing
We want to wrap / encapsulate
a symmetric key with an asymmetric keypair,
a symmetric key with a symmetric key,
a private key with a symmetric key.
In each case, we’d like to allow several keys to be wrapped / encapsulated with the same … Continue reading How to use (py)NaCl/libsodium for key wrap, key encapsulation
I have done a lot of research on this topic but am still missing this key information.
What security mechanism is implemented to make sure the private key is not stored verbatim in memory? I assume it has to do with some salt or struct to … Continue reading How are private keys stored in memory for OpenSSL since Heartbleed?
For good reason, companies trust in encryption, blockchain, zero trust access, distributed or multi-party strategies, and other core technologies. At the same time, companies are effectively hiding the keys that could undermine all these protections un… Continue reading Why companies can no longer hide keys under the doormat
When you use a Content Delivery Network (CDN) and want to enable HTTPS, you need to import your certificate there. So you should provide your Private Key to the CDN. Is this secure? I mean CDN can log all of my traffic including my user’s … Continue reading Is sharing private key with CDN dangerous?
I’ve written an application in NodeJS which essentially only performs a login:
You send your username/password, and you retrieve an JWT (JSON Web Token).
Those tokens are being signed by a private key. Using HMAC, these tokens can be verif… Continue reading How do you share private keys for signing e.g. JWTs inside Docker-Containers?
Is it possible for an app binary to sign content generated by the app such that a verifier can confirm the data was indeed generated by a specific version of the app?
For example:
A mobile app from a trusted publisher generates a sequence … Continue reading Is it possible for an app to sign data it generates so that the data can be guaranteed to come from the app? [duplicate]
I have a task to create the 3-level RSA key hierarchy (with wolfTPM library), where keys of the 2nd and the 3rd levels are imported keys.
Here are the steps that I follow:
Generate a primary key on the TMP.
Generate a secondary key extern… Continue reading The 3-level hierarchy of keys in TPM 2.0
I have a private S3 bucket. I want a user from an external organisation to have access.
I have added a user in IAM. How does this external user get notified and how do I share credentials?
The secret key, at a minimum, should not be shared… Continue reading After creating an AWS user for S3 access with access key and secret key, how do I share these with the user?