Questions tagged [cryptography]
Cryptography provides security mechanisms that are based on algorithmic methods and not on policy enforcement. For questions on cryptographic mechanisms and their application the Cryptography SE resp. the Information Security SE are most likely more appropriate. Don't use this tag if your question is about software that uses cryptographic mechanisms but not about cryptography itself.
86 questions
5
votes
1
answer
335
views
How to interpret the refcnt field in /proc/crypto?
Here's an example /proc/crypto entry:
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
...
2
votes
1
answer
106
views
What is the difference between keyctl search and keyctl request?
I am using keyctl to load and retrieve keys for encryption/decryption for an application.
I notice I am able to retrieve the key id of an encrypted key (for example called 'datakey') which has already ...
0
votes
1
answer
92
views
Ansible access to EL9 server after it is been 'ELevated' from EL8
Thanks for taking the time and having a look,
I recently ELevated (AlmaLinux project ELevate) 3 servers from AlmaLinux 8 to AlmaLinux 9 (2 years back these same servers were Elevated from CentOS 7 to ...
1
vote
0
answers
75
views
Secret Service outside X?
I am trying to use the Secret Service (not NSA/CIA, but the Linux one, through secret-tool command) outside of X.
I managed to use it with kwalletd and with keepassxc. But kwalletd needs KDE and hence ...
3
votes
0
answers
425
views
Can't import or create keys in Kleopatra in Arch Linux using KDE (x11)
I'm still new to linux, so please give me time if you need something from me.
As the title says I cannot create new key pairs or import existing keys into Kleopatra 3.2.0.240501 (24.05.1). I've just ...
3
votes
2
answers
5k
views
Configure SSHD via Red Hat crypto-policy
I am using Rocky Linux 8 and 9 and they use the crypto-policy framework from Red Hat. Now I want to adjust some settings in the policy to forbid sshd to use some specific algorithms. But I can not ...
2
votes
1
answer
235
views
Totally Legit Signing Key <[email protected]>
I run:
gpg --list-keys
I get:
pub rsa1024 2014-01-26 [C]
<REMOVED>
uid [ unknown] Totally Legit Signing Key <[email protected]>
Can this be dangerous? What is this? ...
3
votes
2
answers
2k
views
How to convert EC public key in PEM format to DER format using openssl
With a public key as PEM, how can this be converted to DER format using openssl? Please note that this is not a x509 certificate. Also this question is about EC (ECDSA) public keys not RSA and using ...
3
votes
1
answer
486
views
Fast wideblock AES disk encryption in Linux?
I recently learned that Linux supports Adiantum as a disk encryption cipher (run cryptsetup benchmark -c xchacha20,aes-adiantum-plain64 to try it out on your system). While Adiantum is primarily meant ...
2
votes
1
answer
4k
views
openssl encrypt by specifying AES 256 key instead of passphrase
I need to encrypt some data using aes-256-ecb since a backend code expects it as a configuration. I'm able to encrypt using a key which is derived from a passphrase using:
openssl enc -p -aes-256-ecb -...
7
votes
1
answer
2k
views
Debian FIPS Certified
Is Debian OS FIPS certified? Does it support FIPS Validated Cryptographic Modules?
What I noticed is that FIPS mode can be enabled with the tool fips-mode-setup. This tool is developed and can be used ...
7
votes
1
answer
9k
views
Verifying a hashed salted password that uses yescrypt algorithm
In order to verify a password hash we can use openssl passwd as shown below and explained here
openssl passwd $HASHING-ALGORITHM -salt j9T$F31F/jItUvvjOv6IBFNea/ $CLEAR-TEXT-PASSWORD
However, this ...
1
vote
2
answers
17k
views
What is the fingerprint ssh is asking for?
$ ssh 192.168.29.126
The authenticity of host '192.168.29.126 (192.168.29.126)' can't be established.
ECDSA key fingerprint is SHA256:1RG/OFcYAVv57kcP784oaoeHcwjvHDAgtTFBckveoHE.
Are you sure you want ...
1
vote
1
answer
401
views
Won't the new nonblocking architecture for /dev/random make it less secure?
If entropy is not accounted for, and the pool doesn't block even if insufficient entropy has been supplied, isn't it potentially insecure?
21
votes
3
answers
5k
views
How can I force /dev/random to block?
For a class on cryptography, I am trying to drain the entropy pool in Linux (e.g. make /proc/sys/kernel/random/entropy_avail go to 0 and block a command reading from /dev/random) but I can't make it ...