Collaborate Disseminate
I just started using a Yubikey 5. I’ve set up GPG according to this excellent guide, and now I have 3 working ECC key pairs on my Yubikey: Sign/S :: ed25519, Encrypt/E :: cv25519, Authentication/A :: ed25519.
Now I want to use my Yubikey t… Continue reading Certify using Yubikey
I would like to know how are X.509 certificates revoked.
That is: Say I have an X509 certificate, and I want it to be revoked for whatever reason (e.g., compromise). How do I reach out to the CA? What information do I need to provide? How … Continue reading How are X.509 certificate revoked?
User Crover has given a very great explanation for this question:
RSA or ECDHE for x.509 certificates-what does each do?
I have one question to Crover and/or any other member.
What I understand from the Crover’s answer, if client (a Web Br… Continue reading Web Browser and server using ECDHE_RSA cypher suite, then what is the use of X.509 certificate public key for?
The Subject Public Key Info field can have a value like ECDSA_P256 or ECDH_P256 when ECC is used.
Why is it not sufficient to specify "ECC_P256"? In other words, why is it not enough to specify just the curve parameters (like pri… Continue reading Why does the Public Key Info field in an X509 certificate for EC indicate the algorithm
Say that I have generated an RSA keypair, which I intend to publish only for use with RSA-KEM; I can see that this is provisioned for:
The intended application for the key MAY be indicated in the key usage certificate extension (see RFC 5… Continue reading Does self-signed encryption certificate violate "no multi-use keys" principle?
I need to create a certificate with:
subject.attribute1: 2.5.4.3 {Common Name} UTF8String
subject.attribute2: 2.5.4.92 {tagAFI} OCTET STRING
subject.attribute3: 0.9.2342.1920.0300.100.1.1 {userId} UTF8String
Anyone any idea on how to do t… Continue reading How do I create a certificate with subject containing Octet string?
To this date, is there a specification or a de-facto industry standard or how applications are supposed to perform certification path building in the context of X.509? I am specifically asking about the part of the certification path build… Continue reading Certification path building for 509 certificates
Both are binary files and both can store digital certificates and private keys.
Continue reading What’s the difference between DER and PKCS#12 formats? [closed]
I have an IoT device which is failing to establish a connection with the cloud. The problem is related to the device X509 certificate (to the best of my understanding). I’ve posted a version of this question in the general stackoverflow to… Continue reading How to resolve an issue with potential mismatch between device certificate and CA certificate?
Per the OpenSSL 3.1 documentation for the x509 subcommand, the -sigopt flag allows one to pass signing options. The documentation for that flag currently states:
-sigopt nm:v
Pass options to the signature algorithm during sign operations… Continue reading openssl x509 -sigopt algorithms and options list?