KEKS кодек и криптографические сообщения

Данная статья напоминает о проблемах X.509 PKI и реализаций ASN.1. Предлагает компактный, быстрый, детерминированный, потоковый и простой формат кодирования данных KEKS, а также криптографические сообщения для подписи и шифрования данных с поддержкой пост-квантовых алгоритмов.

https://habr.com/ru/articles/923810/

#c #go #python #keks #asn1 #x509 #openssl #криптография #pqc #hpke #pgp #cms

Building Your Own PKI with Step-CA – From Root CA to Proxmox Integration with ACME!

In this #HowTo we create an own, decentralized PKE with #stepca, enable #ACME and integrate a #Proxmox node to obtain a certificate.

#proxmox #stepca #opensource #howto #homelab #enterprise #pki #security #decentralized #x509 #certificates

https://gyptazy.com/building-your-own-pki-with-step-ca-from-root-ca-to-proxmox-integration-with-acme/

🔐 Un certificat auto-signé n’est pas une sécurité.
Il ne prouve rien, ne garantit rien, n’est reconnu par personne.

Si ton système est partagé, connecté ou critique : PKI obligatoire.

Même en test, même en préprod.

Une dette technique dangereuse, pas une “solution pragmatique”.

#cybersécurité #PKI #X509 #hygienenumerique

Are there any good alternatives to #openpgp as gerneral purpose signature and encryption protocol thing with a "web of trust" idea in the back instead of hierarchical one like in #x509 ?

#openpgp does what it should do and i like packet approach. But imo it has become too complex in its try to stay backwards compatible an beeing "too generic" ...

just to be sure I'am not looking for an alternative to sign and encrypt emails but, a framework/protocol for distrib machine 2 machine communication

What if #TLS used #PGP instead of #x509?

Nutzt du Client Authentication mit TLS-Zertifikaten?

#TLS #letsencrypt #EKU #X509

Es gab doch mal diesen Vorstoß, daß Browser- unf Betriebssystemhersteller in der EU verpflichtet werden sollen, EU-CAs für #x509 als vetrauenswürdig aufzunehmen - was ja auch jeglicher #Chatkontrolle stark in die Hände spielte...

Gibt es dazu Neuerungen? Und wie hießen die nochmal? qwacs oder so?

#tls #ca

Can’t wait for @jwildeboer ’s https://nerdcert.eu/ to take off and be included in the usual bundles like Debian ca-certificates as a big FU to Google, who mandate webbrowser-consumer-only key usages for certificates soon, and to Let’s Encrypt who are following Google mindlessly and try to argue people with these uses to death instead of standing up for people’s freedom and keep existing, working uses of SSL/TLS merely because those are not webbrowser-consumer uses.

#nerdcert #LetsEncrypt #SSL #TLS #X509 #CA

@rl_dane @ShinjiLE if you or someone else wants to help argue, the thread is at https://community.letsencrypt.org/t/do-not-remove-tls-client-auth-eku/237427 (Discourse, so JS webbrowser), I’m exhausted.

#LetsEncrypt #SSL #TLS #certificates #X509 #X509v3 #sendmail #SMTP #XMPP #Jabber

#fedihelp #fedihilfe

I am looking for a free provider of #x509 #certificates for use with #CAI #ContentAuthenticityInitiative #C2PA #ContentCredentials. #Adobe and #PixelStream seem to offer this #service, but not for #free. Basicalky something like #LetsEncrypt, only for #images.

#c2patool #Laica #nikon #freelens #truepic #zebra

#X509 Zertifikatsketten, ich hab' da mal ne Frage. Mein Serverchen friendica.sokoll.com liefert 2 Zertifikate aus: seines und das intermediate.
Das Zertifikat für den Server selbst:

❯ openssl x509 -in friendica.sokoll.com-server.pem -noout -subject -issuer
subject=CN=friendica.sokoll.com
issuer=C=US, O=Let's Encrypt, CN=E5

❯ openssl x509 -in friendica.sokoll.com-intermediate.pem -noout -subject -issuer
subject=C=US, O=Let's Encrypt, CN=E5
issuer=C=US, O=Internet Security Research Group, CN=ISRG Root X1

Jedenfalls: Müssen issuer und subject kongruent sein oder reicht es, wenn der jeweilige CN identisch ist?

If you didn’t automated #TLS #X509 certificate renewal yet, it is pretty much the time to do so.

https://www.feistyduck.com/newsletter/issue_124_certificate_lifetimes_to_shrink_to_just_forty_seven_days

MT @digicert@x.com
#TLS cert lifetimes are shrinking to 47 days by 2029. The message is clear: #automation isn’t optional anymore. As DigiCert’s Dean Coclin says, “success depends on #cryptoagility + treating #DigitalTrust as a strategy, not a set-it-and-forget-it task.” 🔐
https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days #pki #news #x509

🧊 DeadSwitch Technical Dispatch // Fortify the Flow: Proxy Frontlines & The Truth in Certificates #NGINX #ReverseProxy #CyberSecurity #SSL #X509 #LinuxAdmin #OpSec #WebSecurity #HTTPS #LetsEncrypt #DigitalCertificates #DeadSwitch #TomITCafe #EncryptEverything #TLS13 #BackendSecurity #ProxyPower #Infosec #FullStackSecurity #TechnicalWriting

http://tomsitcafe.com/2025/04/18/%f0%9f%a7%8a-deadswitch-technical-dispatch-fortify-the-flow-proxy-frontlines-the-truth-in-certificates/

Do any email sysadmin understand what's the difference between StartTLS and x509 scores in the MECSA report?
How to go from orange to green score? What requirements must the certificate have and is it possible with LetsEncrypt?

relevant links https://mecsa.jrc.ec.europa.eu/faq#section2 and https://mecsa.jrc.ec.europa.eu/en/technical#x509

#security #letsencrypt #email #sysadmin #postfix #certificate #x509 #europe #selfhosted

Use OpenSSL as a very inefficient video player by @wr

You should check out his repository for demos and a presentation covering all the funny and interesting details of X.509 parsing!

🔗 https://github.com/wllm-rbnt/trapped-by-the-CLI?tab=readme-ov-file#use-openssl-as-a-very-inefficient-video-player

🔗 https://github.com/wllm-rbnt/trapped-by-the-CLI

#openssl #infosec #opensource #x509

Who assigns #x509 #certificate #extension #OID numbers?

Heh - ich glaube ich komme jetzt langsam aus meiner #Winterstarre #winterdepri wieder raus. Nachdem ich heute Vormittag nach dem #wocheneinkauf nochmal kurz auf Nickerchen geschaltet habe, habe ich bis eben im #wochenendprojekt durchgezogen - wird auf jeden Fall wieder ein Artikel für die #heimatseite im #zwischennetz - vllt sogar ein #opensource Projekt auf #codeberg (dafür muss ich aber noch aufräumen) Thema: #tls #x509 ( #rfc1751 ) und so...

@libreoffice

The #Libreoffice Youtube channel is posting a lot of interesting talks from the "Libreoffice and #Opensource Conference 2024"

Some of them:

#LuxChat for Governments: https://www.youtube.com/watch?v=JXdMKaEXq0Q

#OpenDesk on #OpenCode: https://www.youtube.com/watch?v=rVhAltODe-M

#Education: https://www.youtube.com/watch?v=V4fkWfuFXfo

#Encrypted and #Signed Documents (UI, with #OpenPGP or #x509): https://www.youtube.com/watch?v=W-qFr8tL-LE

#Matrix #Luxembourg

TIL that #Apple does not support EC keys with 521 bits and does not support SHA512 digests for EC keys at all in #X509

This means that if your CA *or* your server certificate uses 521 bit EC keys or SHA512 in conjunction with arbitrary length EC keys, there is no way to get iOS clients to connect to your service. Not even Firefox on iOS will accept the certs. Neither will Safari on MacOS.

And I thought this was mandatory for proper #TLS 1.3 support 🤔
Any idea why Apple did this?
#cryptography