Questions tagged [public-key-infrastructure]
A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). There are three main categories of PKI: Web / SSL certs, corporate networks, and Government ID / ePassport.
1,356
questions
2
votes
2
answers
66
views
Security Risks of Deriving Crypto Wallet Seed Phrases Using Deterministically Derived Salt
I'm working on a project where I want to generate a set of crypto wallet seed phrases from an existing seed phrase. The reason for this is so that using just the original seed phrase the wallet holder ...
- 21
0
votes
0
answers
82
views
NTRU - How is the master key and session key generated?
I am learning the PKC topics and would like to understand about the master and session key generation process regarding NTRU.
Let's make it a scenario, if a user wants to register during the ...
- 9
0
votes
1
answer
63
views
mTLS set up - Does it require any offline certificates exchange?
My company is exposing a few APIs to one of our partner systems (external).
We're looking at mTLS authentication here than any credentials based Auth schemes.
My understanding is,
My system (server) ...
- 101
0
votes
2
answers
55
views
Infer information of private key from public key / CSR
is it possible to infer information like: algorithm, key length, mode etc. of the private key from the public key or CSR?
- 1
0
votes
1
answer
70
views
Is Digital Signature really necessary for an open system considered by FDA's 21 CFR Part 11?
21 CFR Part 11's Subpart B for Electronic Records has a section on 'Controls for Open Systems" stating that:
Persons who use open systems to create, modify, maintain, or transmit
electronic ...
- 63
0
votes
2
answers
118
views
How to Capture Mobile API Requests in burp when Server side pinning is implemented
I recently encountered a scenario where Mobile Application is generating CSR request, call a POST API request and in response, Ask Server for certificate. Server will respond with the temporary ...
- 153
0
votes
0
answers
83
views
Is hashing a digital signature for quick (but incomplete) validation a known and/or acceptable practice?
Let's say that there's a known digital signature issued by a trusted CA.
Normally, digital signatures need to be evaluated: checked if they are expired, revoked, if there's a problem in the chain of ...
- 186
0
votes
1
answer
159
views
How are X.509 certificate revoked?
I would like to know how are X.509 certificates revoked.
That is: Say I have an X509 certificate, and I want it to be revoked for whatever reason (e.g., compromise). How do I reach out to the CA? What ...
- 103
1
vote
2
answers
100
views
Web Browser and server using ECDHE_RSA cypher suite, then what is the use of X.509 certificate public key for?
User Crover has given a very great explanation for this question:
RSA or ECDHE for x.509 certificates-what does each do?
I have one question to Crover and/or any other member.
What I understand from ...
- 11
0
votes
1
answer
125
views
Revoking a digital signature at the cryptographic level
How do I indicate that a specific document or transaction associated with a particular signature should no longer be considered valid?
I'm talking of recalling a signed document, not revoking the ...
- 2,483
2
votes
1
answer
114
views
cryptography - BitBox02 firmware signed & public key attached to firmware image for verification
Bootloader of the BitBox02 crypto wallet verifies the main application with the public keys that are attached to the firmware update itself. Next to that, there are signatures of the public keys, ...
9
votes
2
answers
2k
views
Can a powerful adversary trick ACME to generate a certificate?
As per the recent jabber.ru MITM attack:
The attacker has issued several new TLS certificates using Let’s Encrypt service which were used to hijack encrypted STARTTLS connections on port 5222 using ...
- 121
1
vote
0
answers
300
views
SSL Certificates signed by our CA show as invalid in browser
We're experiencing an issue, where SSL server-certificates issued by our own internal PKI will show as invalid in the browser, when accessing the site.
The error is NET::ERR_CERT_INVALID (Tested in ...
0
votes
0
answers
152
views
How to prevent public key tampering
I have to store a document (e.g. a JSON file) on a remote PC (that my App is running on) alongside a signature to be able to verify that this file was signed by me. I have no access to this PC nor ...
- 1
0
votes
0
answers
88
views
How do I create a certificate with subject containing Octet string?
I need to create a certificate with:
subject.attribute1: 2.5.4.3 {Common Name} UTF8String
subject.attribute2: 2.5.4.92 {tagAFI} OCTET STRING
subject.attribute3: 0.9.2342.1920.0300.100.1.1 {userId} ...
