Collaborate Disseminate
Using a yubikey for SSH is pretty difficult: https://github.com/drduh/YubiKey-Guide. I mean, I can totally understand every concept in the tutorial, but I’d like it to be very very simple. Just an elliptic curve inside the yubikey and I co… Continue reading Is there an extremely easy way to use SSH with an yubikey?
How do GPG smart card devices (such as a Yubikey) handle large GPG operations? Such as signing binary programs.
My first 2 pet theories are:
There’s some way to chunk up GPG operations or use some magic to stream data into and out of the … Continue reading How do GPG smart card devices handle large GPG operations?
I have a Yubikey 5 Series and would like to use it to encrypt a file, so that a physical presence of my Yubikey would be required to decrypt it.
I know you can save a PGP key onto Yubikey and use it for this purpose. However, I am planning… Continue reading Can I use Yubikey to encrypt a file without PGP?
When explaining the concept of signing a message, often it is presented as "encrypting with your private key", so that somebody who has the public key can "decrypt" the signature and verify it. However, PGP signatures (… Continue reading PGP "real" encryption with private key
Basically, the SafeZone library doesn’t sufficiently randomize the two prime numbers it used to generate RSA keys. They’re too close to each other, which makes them vulnerable to recovery.
There aren’t many weak keys out there, but there are some:
So far, Böck has identified only a handful of keys in the wild that are vulnerable to the factorization attack. Some of the keys are from printers from two manufacturers, Canon and Fujifilm (originally branded as Fuji Xerox). Printer users can use the keys to generate a Certificate Signing Request. The creation date for the all the weak keys was 2020 or later. The weak Canon keys are tracked as CVE-2022-26351…
Continue reading Breaking RSA through Insufficiently Random Primes
I was given a PGP encrypted file, and have been told I can decrypt it using a public key. I don’t think that will work.
Can anyone that knows for sure how PGP works confirm that what I’ve been told is not achievable ?
How I’ve done PGP in … Continue reading PGP – Use Public key to Decrypt ? (or how that is totally wrong)
I’m wondering if there are any known vulnerabilities that are common among web of trust models that limit the degree to which they can be trusted.
For example couldn’t someone offer a bribe to have their fraudulent key signed? If the bribe… Continue reading Web of trust authentication vulnerabilities? [closed]
When verifying a pgp signed message using GnuPG, one gets an output similar to the following:
gpg: Signature made Fr 07 Jan 2022 13:42:21 CET
gpg: using RSA key 610B4AFF906E6890EEDC797201E99CB6C034BC3B
gpg: is… Continue reading Exact meaning of RSA key in `gpg –verify` output
I want to create a secure messaging application such that you don’t have to trust the server.
Register with username and password. ->
Generate a pair of PGP keys (RSA). ->
Encrypt the private key with the password. ->
Hash the pa… Continue reading Prevent server MITM attack
Consider a situation where Alice and Bob don’t know each other, and Alice sends some data to Bob and provides a PGP digital signature. Bob obtains Alice’s public key, and successfully verifies that the key was used to sign the data, etc, b… Continue reading PGP: how does the owner of a public key generate the fingerprint?