Collaborate Disseminate
Is there a cryptographic primitive that allows pubkeys to delegate authority to each other without preserving the whole chain?
I’m considering an authorization scheme where all authentication is based on pubkeys. For example, a single acti… Continue reading Cryptographic primitive for delegating authority to another pubkey recursively
I am designing a cloud based PKI infrastructure which issues and manages TLS certificates for telemetry devices and data server. Each customer will install multiple telemetry devices and a data server in his/her premise. Data server collec… Continue reading Trust segregation in PKI
Let’s assume that I am logging into my Gmail account from my browser using my username and password. I know that my input will be encrypted using Google’s private key and the only one who can decrypt it is Google’s server. So Google’s serv… Continue reading Man in the middle attack on response from server [duplicate]
Would the configuration described below violate any Security Technical Implementation Guides (STIGs)?
WebAPI Consumer
WebAPI Service
Production Environment (WebAPI Consumer Production Private Key)
Production Environment (WebAPI Con… Continue reading Would the configuration described below violate any Security Technical Implementation Guides (STIGs)?
PIN-pad smartcard readers (class 2) for secure PIN entry exist, but I have only seen them for smartcards (that come in a card form factor) and they are both a PIN-pad and a card reader. Is there something analogous for USB security tokens … Continue reading Using USB Security Token with PIN-Pad for Secure PIN Entry [closed]
I need to check revocation status of the certificate. It always ends with the error that the revocation status couldn’t be verified because it could not find the CertPath that establishes a key that can be used to verify the revocation sta… Continue reading Check certificate revocation status in Spring-WS [closed]
When you use a Content Delivery Network (CDN) and want to enable HTTPS, you need to import your certificate there. So you should provide your Private Key to the CDN. Is this secure? I mean CDN can log all of my traffic including my user’s … Continue reading Is sharing private key with CDN dangerous?
I’m building an identity service using PKI and MTLS for authentication where users are supposed to be able to sign data e.g. a json string or a document.
Where I am now
I have implemented working MTLS using AWS ACM PCA as Private CA and KM… Continue reading Help understanding PKI MTLS and digital signature architecture
I’m building an identity service and have successfully managed to implement MTLS authentication using x509 client certificates to identify the user.
However, we also want the user to be able to sign some data.
At the moment we’re signing t… Continue reading Can/should a x509 client auth certificate be used to sign data?
I’m building an identity service using PKI and MTLS for authentication.
I use AWS ACM PCA for private certificate authority and AWS KMS for key pairs. I use the private key created by KMS to sign the Certificate Signing Request that’s sent… Continue reading Do I need different certificates for MTLS and Signing data?