Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [cryptography]

63 questions
3
votes
2 answers

how is a website certificate file cryptographically readable by windows?

I have a .crt file signed by a CA. I cat the file to see that it is ascii text. Yet when I double click on the .crt file in windows, it opens it up and somehow displays all the information that's inside of it. Is windows automatically trying all of…
Alexander Bird
  • 431
  • 2
  • 7
  • 14
3
votes
1 answer

Strong Cryptography in Solaris Zone

I'm trying to setup a Kerberos KDC on a Solaris zone but ran into a bit of a problem with the Cryptographic Framework on Solaris 10 even though the packages for strong encryption (SUNWcry & SUNWcryr) are installed the stronger keys seem only to be…
Marcel G
  • 2,269
  • 15
  • 24
2
votes
1 answer

smart card for UAC only

I'm in the process of configuring USB Yubikeys as a smart card for our company so that staff can elevate to an admin account (added to the computer's local administrators group) by simply inserting the key and typing a PIN. If possible I would like…
captcha
  • 578
  • 5
  • 16
2
votes
2 answers

Integrating Apache with PKCS#11 device via engine_pkcs11 and OpenSSL

I have problem with mod_ssl exactly with SSLCryptoDevice directive. When I run command "openssl engine" returns all available engines including pkcs11 (libengine-pkcs11-openssl), but When I set SSLCryptoDevice pkcs11 in mod_ssl configuration and I…
t4nk566
  • 23
  • 4
2
votes
1 answer

Linux Kernel setup: is it good idea to enable everything in Cryptographic API?

There are several implementations for some algorithms, which use CPU instructions which may or may not be available on current system. Is it good idea to just enable (in kernel, not as modules) all of them - i.e. is fastest implementation available…
Powerman
  • 575
  • 1
  • 4
  • 12
2
votes
2 answers

ssl communication handshake question

During SSL communication, the server sends its certificate to the client for authentication. Optionally, the client could send its certificate too, for client authentication. My question is, does the server (or client) send the entire chain to the…
user76678
  • 349
  • 3
  • 5
  • 16
2
votes
3 answers

How to make OpenVPN use VIA Padlock on OpenBSD?

I've bought a VIA based router for the only purpose to run OpenVPN on it. Unfortunately it seems that Padlock is not used. Here is the important part from dmesg: OpenBSD 4.8 (GENERIC) #136: Mon Aug 16 09:06:23 MDT…
leto
  • 261
  • 2
  • 5
  • 11
2
votes
4 answers

Creating a DSA Signature from the Linux command line

I'm looking for a Linux/Unix command-line tool to create a DSA signature from a given file/data and a private key. I know about the xmlsec1 tool. But I would like something simpler. It seems that OpenSSL provides this function as a developer…
mparaz
  • 159
  • 1
  • 7
1
vote
1 answer

How to make sure TLS is using AES 256

I am trying to establish a secure TLS connection between my system and a third party API. Third party mandates that I have to use AES 256 for all communication, Now I have installed a X509 certificate on my root machine store. How I can make sure…
None
  • 113
  • 1
  • 8
1
vote
1 answer

Windows Server 2008 R2 - Cryptographic Operators group issue

I have a problem similar to this question: Windows 7 “Cryptographic Operators”. I am attempting to add a cryptographic rule. When I get to the step to set the cryptographic algorithms I get an "Access is Denied" message stating I need to be a…
user4616559
  • 11
  • 3
1
vote
3 answers

How is a self-signed certificate different from a certificate signing request?

From the wiki page for a Certificate signing request: In Public Key Infrastructure (PKI) systems, a Certificate Signing Request (also CSR or certification request) is a message sent from an applicant to a Certificate Authority in order to apply for…
mbigras
  • 289
  • 1
  • 3
  • 11
1
vote
1 answer

IIS RC4 vulnerability Windows Server 2012 R2

I need to disable insecure cypher suites on a server with Windows Server 2012 R2 to pass a PCI vulnerability scan. From the research I've done it seems this is to done in IIS with some registry updates, and I've compiled a list and ran…
caesay
  • 315
  • 2
  • 3
  • 9
1
vote
1 answer

TLS-PSK vs TLS-PKI

I have read that once TLS-PSK encryption is about equally secure as TLS-PKI. The level of security by both depends on the data entered to configure the encryption. Could you please confirm this? Here are the points I am interested in: What is the…
Bunkai.Satori
  • 117
  • 2
  • 10
1
vote
1 answer

Does my SSL cert have anything to do with or say about the symmetric session key?

The answer found on this server fault thread is my jumping off point for this general topic: https://serverfault.com/a/313558 ... and this question can be thought of as a follow-up to that answer. Does my SSL cert have anything to do with or say…
87535
  • 11
  • 1
1
vote
3 answers

How to create a digital signature and verify it through a server

I am trying to find out a way to create a digital signature for the employees of my company and place it in a server from where they can retrieve them and attach it with any digital document (Office or Adobe document) and the receiver can verify it…
sk1
  • 111
  • 1
  • 3
1
2
3 4 5