Highest Voted 'ecdsa' Questions - IT Security Stack Exchange

40

votes

4 answers

Should I be using ECDSA keys instead of RSA?

I read on ssh.com that there are new ECDSA ssh keys that one should be using to create the public / private key pair; and that's it's a US Government Standard based on elliptical curves (probably something mathy). I also noticed that they use fewer…

ssh ecdsa

asked Apr 28 '20 at 17:32

leeand00

1,297
1
13
21

9

votes

4 answers

Recommended asymmetric algorithms for JWT?

I'm implementing JWT authentication for a new web service and am unsure which asymmetric algorithm to choose. I've searched around and haven't found any consensus or clear recommendations. According to the PyJWT docs there are a few different…

rsa asymmetric jwt ecdsa

asked Oct 01 '18 at 06:00

user3607758

93
1
3

6

votes

0 answers

How sensitive is the primary key stub of an ed25519 security key (~/.ssh/id_ed25519_sk)?

Now that OpenSSH supports Elliptic curve security keys (since version 8.2), it's possible to generate a ed25519-sk key on a hardware security key: $ ssh-keygen -t ed25519-sk -C comment This generates a public and a private key parts. How sensitive…

ecc yubikey openssh fido ecdsa

asked Jan 04 '22 at 13:15

Petr

495
2
10

6

votes

2 answers

Convert ECDSA keys (PEM, OpenSSH)

To work with ECDSA keys I am using the python-ecdsa library. Unfortunately this library can not process keyfiles properly if they are provided in the OpenSSH format. Instead I generate them in the PEM format, which the library can handle, using the…

cryptography openssh ecdsa

asked Sep 17 '19 at 14:39

766F6964

161
1
3

5

votes

2 answers

Difference in ECDSA private key format

I have two private ssh keys, - one was originally created with ssh-keygen the other one with a python script. They are supposed to be the same, however one works for authentication and the other one doesn't. After analyzing them with…

ssh key ecdsa

asked Sep 20 '19 at 07:38

Kyu96

165
1
7

4

votes

1 answer

Is it possible to fake ECDSA signatures?

Recently, I came across a reddit post claiming it was easy to mutate bitcoin signatures to generate message/signature pairs. https://www.reddit.com/r/btc/comments/9xpivk/satoshi_i_do_not_want_to_be_public_but_there_is/e9u4m50 There's even POC…

cryptography digital-signature ecdsa

asked Jan 02 '19 at 13:34

FrozenKiwi

143
4

3

votes

1 answer

GnuPG: How to create ECDSA signature?

https://www.rfc-editor.org/rfc/rfc6637 defines ECDSA for OpenPGP and https://wiki.gnupg.org/ECC lists elliptic curve support in GnuPG since version 2.1 I have version 2.2.25 and it lists ECDSA as supported algorithm: $ gpg --version gpg (GnuPG)…

gnupg ecdsa

asked Feb 26 '21 at 08:22

matthias_buehlmann

565
4
12

3

votes

1 answer

Mix and match RSA and ECDSA in TLS

Suppose TLS client and server want to communicate, authenticating both parties. They each have sufficiently trusted certificates, but one corresponds to an ECDSA private key and the other corresponds to a RSA private key, or maybe ECDSA private key…

tls rsa ecdsa

asked Sep 13 '19 at 15:37

Eugene Ryabtsev

187
6

2

votes

1 answer

SSH Handshake on Cisco IOS XE

I've configured the following on my IOS XE device. ! ip ssh rsa keypair-name my-4096rsa-ssh-key ip ssh version 2 ip ssh server algorithm mac hmac-sha2-512 hmac-sha2-256 ip ssh server algorithm encryption aes256-gcm aes256-ctr ip ssh server algorithm…

ssh rsa ecc ecdsa

asked Feb 21 '22 at 22:32

TimmayG

21
2

2

votes

1 answer

Which KEK can wrap AES, RSA and ECDSA keys securely?

If I have AES256, RSA4K and ECDSA-512 keys as CEKs, which I need to securely store, what KEK can I use to securely wrap these without reducing the bit strength? I am aware that an AES256 key can wrap RSA4K without reducing the bit-strength (RFC…

encryption aes hsm ecdsa

asked Jun 09 '19 at 04:58

mithya

123
2

1

vote

0 answers

Ramifications of the psychic/CVE-2022-21449 ECDSA verification vulnerability

On 2022-04-19, Neil Madden published a vulnerability in the ECDSA signature verification code of the library bundled with some editions of Java, including some recent by Oracle and in OpenJDK. That became CVE-2022-21449 (I've yet to understand if…

vulnerability ecdsa

asked May 10 '22 at 05:10

fgrieu

1,072
7
19

1

vote

0 answers

Is it possible to use an ed25519 security key with Google Chrome SSH applets?

After generating an OpenSSH EC key on a hardware security key: $ ssh-keygen -t ed25519-sk -C comment Is it possible to use this key with Google Chrome SSH applet or Mosh, in particular on non-Linux machines where there is no ssh command available…

chrome ecc openssh u2f ecdsa

asked Jan 04 '22 at 13:29

Petr

495
2
10

1

vote

2 answers

Premeditated substitution of ECDSA-signed message by the signer

If I understand correctly section 4.2 in Jacques Stern, David Pointcheval, John Malone-Lee, and Nigel P. Smart's Flaws in Applying Proof Methodologies to Signature Schemes, in proceedings of Crypto 2002, they describe an attack that allows…

digital-signature non-repudiation ecdsa

asked Jun 05 '21 at 21:13

fgrieu

1,072
7
19

1

vote

2 answers

How to store ECDSA public key securely in Android

I am writing an Android application that needs to verify that a request is sent from a trusted party (me). This is my current solution: Storing keys: Generate ECDSA public key / private key from a server. Store private key in server. Store public…

public-key-infrastructure android digital-signature java ecdsa

asked Mar 19 '20 at 01:48

hollaholl

13
2

1

vote

0 answers

How to authorize a subkey using a primary master key pair?

I'm using webcrypto, not PGP/GPG. I would like to use a key pair to create a "subkey" that is authorized by my primary key in a way anyone can publicly verify so I don't need to expose the primary key's private component to any web-facing…

key-management rsa web-service ecdsa

asked Jan 08 '20 at 18:06

Xeoncross

313
2
12

Questions tagged [ecdsa]