I want to use GnuPG (http://www.gnupg.org/), the open source software that is a full replacement for PGP.
The software looks great though I have never used it before.
I will be using the software to encrypt files to transfer via the web, I am not using the software for emails.
I have a few questions:
What are recommended GUI's available for windows and Ubuntu?
I want to generate a generate a key pair that is Diffee Hellman (DH/DSS) not RSA. What is the line command to do this? As well using the key length of 2048.
Once I generate my public-private key pair, how do I sign someone elses public key that I have through command line?
All of these are found in the manual.
http://www.gnupg.org/related_software/frontends.html
http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-3.html
http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-3.html#ss3.6
Related
I need a non-windows (linux or FreeBSD) way of signing a boot executable(EFI binaries) in the Authenticode PE format.
Currently there are some tools like pbsign, sbsign, uefisign, osslsigncode on *nix platforms, but the common pattern is they all need access to the private key.
My private key is in a HSM and I have a python tool that can interface with the HSM and get the output of signing a hash, with the private key in the HSM (which from my research is a step that all the PE signing tools do, though with explicit access to the private key).
Currently the HSM folks have a Thales tool for windows which works with the official Microsoft signtool on windows. But this is a lot of setup and non-portable solution. Also we need to maintain Windows Server Licences, etc.
How do I combine these steps (create an Authenticode PE file, but outsource the signing part alone to my python program) into something that can run on a *nix platform?
The HSM and its interface are non-negotiable (basically that choice is out of my hands).
Any pointers/ideas would be nice.
You could try https://github.com/ebourg/jsign which is a pure Java implementation of Authenticode signing.
How can I expand OpenSSL in Linux so that it can implement Pairing-based Cryptography? I am doing my thesis and this is the final part of it. I am guessing I need to find pairing based cryptographic libraries that can work within OpenSSL? Please help
I'd like to provision a JavaCard so that it only allows the installation of applets that are signed by a certain key. I am not sure whether this signature is part of the cap file format. I can already install a cap file from an Android device via code taken from GlobalPlatformPro. The GlobalPlatformPro README (https://github.com/martinpaljak/GlobalPlatformPro/blob/master/README.md) mentions application signing. But I am not sure this is the way to accomplish what I need to do. I am not even sure this is possible at all.
How do I need to prepare a card to only allow installation of signed cap files?
How do I create such a cap file?
I can already lock a card with a certain key, and then this key is needed to install any cap file. But this would mean that I need to distribute the key with the cap files, so it can be installed. That is not an option as it would compromise the key.
You should read the Global Platform Specification, all information is given there.
Points to look out for that should match your requirements:
Mandated DAP Verification
Delegated Management Tokens
You will still probably need to check that your Java Card supports the given feature(at least Tokens are optional for card manufacturers) and you will need a terminal software that supports this feature(which might be difficult, as it is not very commonly used).
This is continuation of my previous post (Understanding BCryptSignHash output signature).
Let me clearly state my problem:
I need to sign a data in windows application level.
I need to verify the same in linux application level and windows driver (that i have wrote).
I tried following:
Using CryptoAPI, i was able to sign in windows application level and verify in the windows driver. In linux, i tried to use simpleECDSA (http://jonasfj.dk/blog/2007/12/simpleecdsa-a-simple-implementation-of-ecdsa-in-c/) to verify the signature (generated using cryptoAPI). I was able to convert the binary key blobs from cryptoAPI in simpleECDSA but could not interpret the signature.
Using Crypto++ library, i was able to sign in windows application level and verify in linux application level but could not use the same to verify in windows driver.
Kindly let me know if there is a library available or a way that i could use the same public/private key and signature across windows application/driver and linux.
Am new to cryptography hence forgive my naiveness.
Thanks,
F
I am new to javacard programming.While working with owner pin in my javacard application, I referred that "PIN interface which is in javacard framework package does not make any assumptions about where the data for the PIN value comparison is stored".
And I want to know the following,
Can I get the exact location where my owner pin is stored? If I can how to do that? How to export my updated owner pin?
I have an applet of my javacard application. Now how can I load & install into my javacard.I know there are tools available and come with the smartcard itself. But I want to install without tool and only through apdu commands. Is there any procedure to do that? If so how to do that?
Sorry, you cannot retrieve the OwnerPIN, probably because of security reasons. You will have to implement the PIN interface yourself if you want to do that, but there are about 8 pitfalls in the implementation regarding side channel attacks and such. If you can't think of about 8 attacks, don't go there. Generally, retrieving the PIN as data is not what you should want.
Of course there is a procedure to do that: create your own GlobalPlatform API - you might want to look at open source examples though, such as gjp.
As an extreme hack, you could store the PIN in as the value of a secret key object (which are generally well protected).
Regarding the installation of applets I have a good and bad news for you:
The general process of command for installing is standardized by Global Platform, however that refers only to those commands you send to the Cardmanager-Applet.
However AFAIK there is no vendor independent standard of the Cardmanager-AID. Additionally you have to authenticate yourself to the Cardmanager applet before you can use it. On developer cards this is usually a simple key like 404142434445464748494a4b4c4d4e4f (hex) as used for example by JCOP cards for the first DES key.
Additionally this authentication key can be changed by the card owner. Therefore on non-developer cards you don't have access to the Cardmanager.