15,252 questions
1
vote
0
answers
37
views
Why does EVP_PKEY_derive_set_peer cause a segmentation fault when using a peer public key reconstructed from BIGNUM in OpenSSL 3?
I'm using OpenSSL 3.0 EVP_PKEY in C to perform Diffie-Hellman key exchange. I generate Alice's and Bob's key pairs. I extract Bob's public key as a BIGNUM and try to reconstruct an EVP_PKEY for Bob's ...
- 627
-4
votes
0
answers
47
views
Make PBKDF2-based brute-force delay layer more time-accurate across hardware? [closed]
I’m building a two-layer time-lock:
Inner: RSA time-lock puzzle (sequential squaring) calibrated to target seconds.
Outer: PBKDF2 “index search” delay: random index in [0, max_index), per-index PBKDF2 ...
-3
votes
0
answers
114
views
Is kyber supported in bouncycastle for C# [closed]
SO I am trying to compile code found at https://trailheadtechnology.com/quantum-safe-cryptography-in-net/
After loading the bouncy castle crypto package I still get errors which seems to tell me kyber ...
0
votes
0
answers
70
views
Signing JWT not working: An exception of type 'System.MethodAccessException' occurred
I'm trying to sign a JWT with a key that is stored in an Azure Keyvault using the keyvault as signer, in a way that the actual private part of the key never leaves the keyvault.
I've come-up with the ...
- 11.5k
1
vote
0
answers
61
views
RSA based certs failing during TLS after removal of RSA-PSS ciphers from ClientSignatureAlgorithm
For FIPS mode, I added ClientSignatureAlgorithm in opensslcnf.txt. This change was done for FIPS mode using the crypto-policies package.
The support ciphers for ClientSignatureAlgorithms are same as ...
2
votes
1
answer
293
views
Does this function result in uniformly distributed integers?
Recently, on a project, I encountered the need for uniformly distributed integers within an arbitrary range [a, b] from random bytes, a problem that is quite common and is usually solved using ...
- 21
2
votes
0
answers
59
views
Using OpenSSL provider to delegate TLS_PSK_WITH_NULL_SHA256 key operations to TZ or TPM
I am developing software that uses OpenSSL for implementing a TLS client. I am developing it in the C++ language, to run in Linux for ARM 64-bit.
I intend to use the cipher TLS_PSK_WITH_NULL_SHA256.
...
- 1,569
5
votes
1
answer
156
views
Encrypting and decrypting with AES returns System.Byte[] [duplicate]
Using AES in C# I wrote two static methods for encryption and decryption.
Encrypt:
static byte[] Encrypt(byte[] plaintext, byte[] Key, byte[] IV)
{
byte[] encrypted_data = null;
using (Aes ...
- 41
0
votes
1
answer
155
views
Decrypting data from stream without knowing data size
Assuming we know the key and the IV for the data we're getting from the stream, is it possible to decrypt it within stream? I encrypted the same message three times and then decrypted it all at once, ...
- 53
1
vote
0
answers
161
views
Why is my crypto.getRandomValues() base36 ID generator producing duplicates despite 2.8 trillion possibilities?
Here is the function:
export function generateId(): string {
const chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
let result = "";
const randomArray = new Uint8Array(8);
...
- 193
1
vote
1
answer
84
views
Azure container app crashing while computing hash for large files
I have a piece of code deployed in Azure Container Apps that primarily copies the file from the staging Azure blob storage to the final Azure blob storage and computes the SHA256 hash.
However, I have ...
- 151
1
vote
2
answers
99
views
pycryptodome decryption (aes-128 cbc) is yielding incorrect result
I have simple code to encrypt and decrypt as follows...
(1) To encrypt:
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
from Crypto.Hash import SHA256 as sha256
def sha(text):...
- 12k
1
vote
0
answers
65
views
How to know a security provider supports a specific keysize without trying to init?
The Cipher states that Java platforms require to support following transformations and keysizes.
AES/CBC/NoPadding (128)
AES/CBC/PKCS5Padding (128)
AES/ECB/NoPadding (128)
AES/ECB/PKCS5Padding (128)
...
- 22.3k
0
votes
0
answers
55
views
ADKG-based threshold ECDSA signature recovers different address per transaction—how to compute aggregate `r` and signature parameters?
Background
I’m implementing Asynchronous Distributed Key Generation (ADKG) over secp256k1 so that N nodes collectively hold a threshold private key. After DKG each node has a secret share. To sign an ...
- 121
3
votes
0
answers
135
views
Python requests library refusing to accept correct verify certificate
The following application performs a basic HTTP GET request against https://google.com, retrieves the peer certificate and saves it in PEM format into a file called cert.pem.
After that it attempts ...
- 3,307