Collaborate Disseminate
If I sign JWT (as per JWS spec) with a private key, the receiver of JWT will want to validate the signature and they need public key to do that.
The public key can be "baked" into the app validating or it can be retrieved from an… Continue reading Why is JWT claim x5t (thumbprint) useful?
I apologise in advance if this is a dumb question. But this seems like one of those straight forward things that are so straight forward that its not even mentioned and I am not getting it.
Perhaps I am too used to the simplistic client / … Continue reading How does JWE secure the Content Encryption Key
I have a very unusual set of requirements for a cryptographic system and hope someone can help me. My requirements are:
Asymmetric: A private key is needed to sign, and a public key is used for verification.
Very short signature size: The… Continue reading Forgable and unconfidential short-term signature
My company is exposing a few APIs to one of our partner systems (external).
We’re looking at mTLS authentication here than any credentials based Auth schemes.
My understanding is,
My system (server) needs their public certificate.
Their s… Continue reading mTLS set up – Does it require any offline certificates exchange?
is it possible to infer information like: algorithm, key length, mode etc. of the private key from the public key or CSR?
Continue reading Infer information of private key from public key / CSR
For the symetric keys it is recommend that the same key should not be used to encrypt large number(2^32) of cipher blocks to avoid the key-exhaustion risk.
Curious to know whether the asymmetric key also has such a risk? i tried to searc… Continue reading Key Exhaustion Risks in Symmetric and Asymmetric Cryptography [migrated]
Through reading the WebAuthn spec and related MDN docs, I understand that unlike "certificate signing requests", FIDO/Passkey can have various different attestation formats and verification methods/algorithms during public-key cr… Continue reading Will sky fall if I don’t verify `AuthenticatorAttestationResponse`?
I’m making a web app where users will upload sensitive data (private financial records), so I want to encrypt one column in one table that holds the value.
If I understood correctly, I need to use a public key approach (instead of symmetri… Continue reading How to implement public key encryption for a webapp?
I am trying to understand some concepts such as DH problem and its variants. I have the following question from the book I read. (note that I translated the question from my language to english)
Assume that two parties are using DH to mak… Continue reading which DH protocol is safer in communication with given condition? [migrated]
Disclaimer: I am very new in this area and working to understand internet security by myself.
On the internet, I have found some public keys belonging to some web pages. I see that RSA is used in those pages, and I know that the private an… Continue reading Understanding RSA public keys in web pages [closed]