Questions tagged [key-management]
Key management involves the entire key life-cycle: generation, exchange, storage, safeguarding, use, vetting, revocation, replacement and retirement.
861
questions
1
vote
1
answer
26
views
what should be the response of keyupdate if the initial KeyUpdateRequest is set to update_not_requested not update_requested
"The KeyUpdate handshake message is used to indicate that the sender is updating its sending cryptographic keys."
"If the request_update field is set to "update_requested", ...
- 41
4
votes
2
answers
214
views
How safe are my app's keys inside the TPM against other apps trying to impersonate mine?
This is a follow-up of these two questions about using the TPM to store application's keys. While both have great answers, there is a specific aspect I am missing:
How safe are the keys inside the TPM ...
- 113
1
vote
0
answers
58
views
OpenSSH 9.6p1: What is the best key type for the ssh-keygen command through the -t option? [duplicate]
The ssh-keygen command to generate the pair of keys files can use the -t option. According to Ubuntu Noble's man ssh-keygen for the mentioned option, it indicates:
-t dsa | ecdsa | ecdsa-sk | ed25519 |...
- 121
0
votes
0
answers
117
views
How does ransomware store their decryption keys? [duplicate]
I've recently got into cyber security and really got into malware, more specifically, ransomware.
While studying some of the strongest ransomware ever (example: WannaCrypt, CryptoLocker, etc...) I've ...
0
votes
1
answer
101
views
Unique SSH Keys With Identical Password?
I'm a one man shop. All I care about is having my workstations and server stolen. I plan on running a couple dozen VMs on my server, mostly Linux.
Question is, obviously having unique passwords for ...
- 1
0
votes
1
answer
93
views
Would there be any utility for multiple clients sharing the same TLS session key?
I was wondering if there is any utility for multiple hosts sharing the same TLS session key. I have come across proxies and the way they intercept TLS connections is to make the client accept its ...
- 1
0
votes
0
answers
87
views
What are the effective open-source methods for storing and managing encryption keys in a language-agnostic manner when an HSM is unavailable?
When HSMs are not accessible, we often need alternative methods for securely storing and managing encryption keys
What open-source options exist for effectively managing encryption keys in a language-...
- 1
0
votes
0
answers
77
views
Rotate or replace EMV keys?
I would like to better understand the mechanism of rotation of EMV keys used for payment cards.
Assuming that it intends to provide a rotation of the keys used for the production cards:
just recycle ...
- 11
1
vote
0
answers
130
views
How to safely use dm-crypt as overlayfs uper partition?
Context
I'm working to make an embedded devices safe against physical access. (publicly accessible device and can be easily stolen)
I already made the following action :
secure boot is enabled on cpu,...
- 111
2
votes
1
answer
223
views
API key embedded in clients: how to defend against over-usage?
I am new to client-side development and I have a naive question. Right now, I'm using Google APIs (the map ones). If I want my client-side application / webapp to display a map, I would include ...
- 157
2
votes
2
answers
212
views
Full disk-encryption key vs password
I need to set up full disk encryption on my linux laptop.
Questions:
Does an encryption key on a USB pendrive protect against rubber-hose cryptanalysis?
Is it true that the key on a pendrive is ...
- 131
0
votes
0
answers
107
views
Stateless Key Management
I'm looking into the differences between stateful and stateless key management. I understand that stateful key management means that I have a database that tracks my keys, and can become very large. ...
0
votes
1
answer
440
views
What does it mean to store secret keys as an "environment variable" as opposed to hardcoded in the source code?
I see why it is obviously bad to store a secret key and client ID in the source code for a web application. However, how do you go about the alternative? Surely, that information has to be stored ...
- 123
0
votes
1
answer
325
views
How to avoid performance issues with envelope encryption when using separate DEK's for each piece of data?
Posted this first on stackoverflow but was suggested to repost it here.
I am planning on using envelope encryption for data stored in a database in a multi-tenant solution. Envelope encryption suggest ...
0
votes
1
answer
602
views
Consequences of stolen TLS private key
My understanding is that, when you connect to an HTTPS website, the communication is encrypted via asymmetric encryption, therefore private and public keys play a role there. My assumption there is ...
- 103