Collaborate Disseminate
John Gamble, Director of Product Marketing, Corelight FireEye’s threat research team has discovered a troubling new supply chain attack targeting SolarWind’s Orion IT monitoring and management platform. The attack trojanizes Orion software updates to d… Continue reading Finding SUNBURST Backdoor with Zeek Logs & Corelight
While I am checking the fields of X.509 I’ve noticed there is field called public key parameter and its value is 05, what is the use of this field? I have searched and did not find a clear answer for that.
Continue reading What is the meaning of public key parameter in the X.509 certificate?
An external application (B) requires a SAML token to allow users who log into my application (A) to access it directly without having to log in again. This access is not built yet. My organization has an existing SSL certific… Continue reading Can an SSL certificate be used to generate a SAML token
Scope
Currently we are developing a backend REST API which is consumed by handful of MVC applications. In this case we are talking only about server-server communication and the API won’t be consumed by any user directly. Th… Continue reading What’s the state-of-the-art approach to secure a backend API?
I am currently building an ASN.1 parser which supposed to decode X.509v3 certificates and epoch files in ASN.1 DER format. The parser is working well apart from one issue which I couldn’t seem to get.
If I decode the DER for… Continue reading ASN.1 encapsulated BITSTRING type in openSSL
I am developing an embedded devices FW updates (not connected to the internet) and I am using code-signing certificates in order to verify the FW update issuer identity (the FW update is signed with our private key). I implem… Continue reading Verification and authentication flow for X509 code-singing certificate
We are preparing a new PKI service and in connection with that we are building chain of trust.
The Root CA certificate will contain CP extension with anyPolicy OID and intermediate CA certificate will contain in CP extension customOID and CPS url. We are planning to use the same information in end entity certificate CP extension as in intermediate CA certificate.
The chain is Root CA -> Intermediate CA -> end entity.
Before deployment we would like to test it. What is the practice of using custom OID in test certificates CP extension? Should we assign some group of test OIDs and prepare simple test certificate policy? Should we include also test CPS? Or it does not make sense at all?
I have the following bytes array storing a certificate chain (DER encoded):
3082020B3081F4A003020102020500A95AEE5F300D06092A864886F70D01010B0500301C311A301806035504031311544C532050726F6F6620526F6F74204341301E170D313730333136… Continue reading At which offset is the public key in an DER encoded certificate chain?
This question already has an answer here:
Why is it fine for Certificates above the end-entity certificate to be SHA1 based?
2 answers
… Continue reading Why Signature Hash Algo SHA-1 still uses for X509 by GeoTrust [duplicate]
I can view the certificate using
openssl s_client -showcerts -connect www.masaood.com:443 </dev/null
I can view the public key of a RSA, but cannot find any information for DHE:
openssl s_client -showcerts -conne… Continue reading How to get public prime from DHE from TLS v1 DHE-RSA x.509 certificate?