current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help

Linked Questions

5
votes
3answers
548 views

Is it safe to use same key pair to encrypt and sign? [duplicate]

Would it be easier to hack a private key by having multiple encrypted and/or signed messages from the same person than having only encrypted or only signed messages? Should I use one private key to ...
1
vote
1answer
892 views

Is using the same RSA key pair for both (signing and encryption) & (signing and encryption) a bad idea? [duplicate]

Possible Duplicate: Why should one not use the same asymmetric key for encryption as they do for signing? I'm new to IT Security. I still can't figure out why using the same RSA key pair ...
24
votes
2answers
12k views

How does RSA encryption compare to PGP?

On this answer ck says RSA and PGP are different. What you are essentially asking is how do I run my petrol car on diesel? The answer is you can't. I would be interested in a more ...
30
votes
2answers
4k views

Digital Certificate deployment: using two certs for each user?

At a large enterprise environment I have come across a deployment approach for Digital Certificates where each user is issued two (2) key pairs: One for signing documents, emails, etc. that is ...
21
votes
7answers
2k views

My company policy states I must put all passwords in a password safe shared with management. Is this secure?

As the title says, my company has a policy that all passwords to e.g. our workstations and server logins must be stored in an online safe. I won't say which one but there are some out there you can ...
32
votes
3answers
3k views

What is an SSL certificate intended to prove, and how does it do it?

If I get an SSL certificate from a well-known provider, what does that prove about my site and how? Here's what I know: Assume Alice and Bob both have public and private keys If Alice encrypts ...
8
votes
5answers
2k views

Should one sign and encrypt using the same key? The Azure Training Labs are taking this approach

I'm taking the Azure lab LoadBalancing with WCF and recognise what I have been told is bad from a security perspective, but am not sure if it applies here. Can someone look at this code and tell me ...
5
votes
3answers
2k views

Digital Signature and Verification?

AFAIK , When Alice wants to write a message to Bob -- she uses Bob's public key and encrypt the message - and then Bob - using his private key - use to decrypt it. So public key is used to decrypt ...
2
votes
4answers
2k views

Bouncy Castle - document signed by sender and only readable by receiver?

I am building an application that requires secure data transfer. In particular, the sender has a data file that needs to be sent to the receiver. It is required that only the receiver be able to read ...
3
votes
2answers
219 views

Why can I sign but not encrypt?

-edit- After following a chain of links from this question I see this is similar/duplicate of Why should one not use the same asymmetric key for encryption as they do for signing? but this question ...
1
vote
2answers
647 views

OpenSSL dgst authentication failure

I've tried to replicate the workflow presented on this blog in OpenSSL: http://farid.hajji.name/blog/2009/07/27/public-key-cryptography-with-openssl/ However, authentication seems to fail despite ...
3
votes
2answers
369 views

Is it dangerous to use the same key (RSA) for both encryption (PGP) and authentication (SSH)?

Alice wants to send an encrypted message to Bob, but she also wants to connect to Carol's server. Are there any dangers associated with using the same RSA key for both PGP and SSH (other than a lack ...
2
votes
2answers
221 views

Distributing public keys; with or without a sub-key?

Most of the public keys I am getting from friends have a sub key in addition to the pub key. For educational purposes I retrieved some public keys and came across this Linus Torvalds' key that does ...
2
votes
2answers
519 views

Practical steps for encrypting an encryption key for data stored in MySQL

So I'm working on my first project where user data is stored as encrypted using the user's password as (part of) the key. I have read many similar things about best practices, but the details seems to ...
4
votes
1answer
46 views

Is there a security risk using a Symmetric-key for both encryption and HMACing

I am proposing to use an AES key to encrypt some data to send to a third party and in a completely separate operation/flow use the same key to create a HMAC of a message to send to the same third ...