Collaborate Disseminate
I’m trying to understand the exploitability of the padding oracle attack, which enables someone to decrypt and encrypt the contents without knowing the encryption key.
Can encrypted data with the first block, be decrypted by the app that … Continue reading Padding Oracle Attack – Decrypting First Block with Static IV [migrated]
I am new to digital signatures. I read many problem statements, solutions, and documents but nothing came to my rescue.
Payment Message (Text) needs to be digitally signed with the following specs as per the payment system mandate.
The ha… Continue reading Payment Gateway rejecting Digitally Signed Payment Message
When I open up my macro-enabled office files (i.e., .docm, .xlsm, .pptm) that contain signed macros as a Zip file, I see the following three files which I assume contain the digital signatures for the macro:
vbaProjectSignature.bin
vbaPro… Continue reading Parse VBA Macro Digital Signature
This website claims that (emphasis added):
In PKCS#7 SignedData, attached and detached formats are supported… In detached format, data that is signed is not embedded inside the SignedData package instead it is placed at some external loca… Continue reading What is the PKCS#7 detached signature format?
I’m writing a parse tool to extract each field of P12 file in C language, OpenSSL is too huge for my project.
After reading PKCS# series documents and ASN.1 documents, I understand the basic parse step.
I use OpenSSL to generate a self-sig… Continue reading How to Parse P12 File
So OpenSSL can calculate a hash value for X509 certificates that uniquely identifies this certificate:
https://www.openssl.org/docs/man1.0.2/man1/x509.html (argument -hash or -subject_hash)
now, if I have a CMS file (https://www.rfc-editor… Continue reading OpenSSL: how to get matching subject_hash from a CMS SignerInfo?
The RFC3161 (https://www.ietf.org/rfc/rfc3161.txt) specification states
3. Transports
There is no mandatory transport mechanism for TSA messages in this
document. The mechanisms described below are optional; additional
optional … Continue reading What header & footer to use when storing RFC3161 token in PEM format
I want to share AES key using RSA. What is the recommended/widely used format for encrypting the AES key and its attributes with the public key? I know that PKCS#7/CMS enveloped-data allows encrypting any key with its attributes using a ce… Continue reading Key Exchange using RSA public key without a certificate
Which Cryptographic Message Standards are recommended to ensure cryptographic agility in the future and good adapotion trough different programming languages (.NET and Go)?
(PublicKey with authenticated symetric encryption)
I doesn’t want … Continue reading Whch Cryptographic Standard ensures cryptographic agility and good adapotion
Assuming, I had a ciphertext along with its decrypted plain text result but not the IV or the Secret Key. (keep in mind that the text was encrypted with AES/CBC/PKCSPadding7).
How would I go about changing specific characters in the cipher… Continue reading How to alter text that was encrypted with AES CBC using PKCSPadding7 [migrated]