Collaborate Disseminate
I need to protect a private RSA key using a passphrase but using AES-GCM for the actual encryption.
This is normally done using various a combination of openSSL library calls. However, I now need to support using AES-GCM instead of AES-CBC… Continue reading Encrypting/wrapping a private RSA key in PKCS8 using AES-GCM and openSSL 3.20 (library not command line tool)
NET::ERR_CERT_COMMON_NAME_INVALID
This is the error that we’re getting.
And it also says that "adguard has blocked access to this page".
What’s the solution to this?
Would ssl pinning fix this issue of very few clients getting s… Continue reading NET::ERR_CERT_COMMON_NAME_INVALID adguard [closed]
OpenSSL is a full-featured toolkit for general-purpose cryptography and secure communication. The final version of OpenSSL 3.2.0 is now available. Major changes in OpenSSL 3.2.0 This release incorporates the following potentially significant or incompa… Continue reading OpenSSL 3.2.0 released: New cryptographic algorithms, support for TCP fast open, and more!
Regarding the TLS 1.3 Handshake Protocol:
When the Server sends it’s certificate, exactly how does the Client validate this?
I know at a high level the Client is verifying the data the Server sent matches what the Certificate Authority con… Continue reading What happens at a low level when authenticating server certificates?
(Disclaimer: Checked all the openssl related topics, no success).
OpenSSL version: OpenSSL 1.1.1s 1 Nov 2022
I’m trying to generate the chain of certificates, root -> intermediate -> user1,user2,user4 but OpenSSL complains in the ve… Continue reading openssl: Not able to verify 3rd in the chain with self-signed certificate [duplicate]
I’m trying to create a Kubernetes service that uses TLS (in order to be called from an admissionWebhook). Unfortunately, the service calls fails with the following error message:
certificate relies on legacy Common Name field, use SANs in… Continue reading certificate relies on legacy Common Name field, use SANs instead
I created a signature with:
openssl pkeyutl -sign -inkey rsa.key.bob -in plain -out plain.sig.bob
and to verify, Alice just needs to use Bob public key to check the authenticity of the message.
So why I have to use this (which require th… Continue reading Why in "openssl pkeyutl -verify" is needed both public and private keys? Why isn’t public key enough?
I’ve been looking around for smart cards with support for Ed25519. More specifically, I’d like to have a TLS CA with the private key on a YubiKey. The latest YubiKey 5 supports secp256k1, secp384r1, and RSA 2048 in the PIV tool for storing… Continue reading Can I Use an OpenPGP Smart Card to Sign a TLS Certificate?
I Have a confusion here.
From what I know, in TLS1.2, the Client sends Client Hello and then the Server Sends a Server Hello, Certificate(with its public key) and Certificate chain, and then a Server Hello Done.
Then, the Client sends a Cl… Continue reading TLS session keys [duplicate]
Is openssl enc considered secure enough to protect a bitcoin recovery passphrase?
An attacker might get the encrypted text and invest several thousand dollars in computing power trying to decrypt it.
The password is about 15 characters lon… Continue reading Is openssl enc safe enough for securing a Bitcoin recovery phrase?