I want to use BIP44 HD wallet with Ed25519 curve. Does BIP 44 support the Ed25519 curve, Because I have read that BIP32 does not compatible with Ed25519 based cryptography.
BIP-0044 depends on BIP-0043, which depends on BIP-0032, which only supports secp256k cryptography in its original form. Since then SLIP-0010 defined a way to extend BIP32 with NIST-P256 and Ed25519 cryptography, so I suggest to delve yourself into SLIP-0010. Unfortunately Ed25519 does not support normal (public) derivation, only hardened derivation. So you cannot have read-only wallets or audited accounts for Ed25519-based crypto.
Related
I am currently using the BSAFE v6.0 cryptographic library for decryption and verification of digital signatures. Security parameters are a RSA-4096 key and a SHA-256 hash.
Our customer is wanting to increase security parameters to a RSA-8192 key and a SHA-512 hash. The BSAFE v6.0 library will not handle this.
It has come to my attention that a newer version of the BSAFE library is available (released in 2020). Does anyone know if that version will handle a RSA-8192 key and a SHA-512 hash?
Thanks
I was trying to connect the server with my ED25519 public key, but it seems WinSCP doesn't support it, so the question is, how can I convert the key to the one supported by WinSCP?
WinSCP supports ED25519 key since beta 5.8.1 version. Try to download this version and it should work for you.
You can use different key types if you generate new pair. You can't convert ED25519 key to RSA (for example). They are completely different and there is no way how to get one from the other.
Does anyone know how to transition authentications on NTP? I've done copious amounts of research, none being fruitful. For example, NTP currently using MD5, how do you move over to SHA1?
NTP if compiled along with OPENSSL libraries, then NTP uses OPENSSL libraries for cryptographic operations.
Then you can use different types of message digest algorithms supported by OPENSSL. This is a link which explains configuring ntp key file.
The key file where the keys will be present should be added to the /etc/ntp.conf file.
The keys to be used for generating the digest will be present under
/etc/ntp/keys . This path should be added to /etc/ntp.conf file to specify that this is the keys file.
The structure of the entry in the file will be
This is an example of the keys file
You can mention the keytype as "SHA1" to use SHA1 authentication.
Further details about the length of the digest and keys can be found here:
https://www.eecis.udel.edu/~mills/ntp/html/authentic.html
You can have multiple keys one next to the other.
SO:
first add the new key everywhere
delete the old key once it's added everywhere.
As I am doing my routine penetration testing and found the vulnerability in which OpenSSH have weak RSA-2048 and DSA-1024 keys.
So, I have downloaded the exploit for the same and got some weak keys.
Now, when I am trying to authenticate into the system using RSA private key/ Public key. It still ask me for the password.
I have used the way
ssh -i /my/keys/location user#IPaddress
But, the conceptually, while using RSA keys for the authentication, it should not ask for the password.
May be you will think that, the RSA keys are not present in authorized_keys
The keys are founded by using bruteforcing so they are present in authroized_keys.
Any comment or suggestion regarding the same are most welcome.
Regards
Recently, I have to convert an java project related to rsa/des encryption into an iOS project. The provided rsa key strings are from x.509 and PKCS8, however, security.framework only support PKCS12. I've been searching for libraries a long time, but it seems that currently there are not any objective-c libraries that support PKCS8. (I don't want to use Chilkat for some reasons)
The origin version of the project was written in C# which uses an XML string to generate RSA public/private key pair. I guess that generate rsa key pair by myself might be a better solution. Thus, my question is, are there any methods to convert rsa xml data to standard pem key format? Or there are other existing libraries that supports PKCS8?
Hubert
If you can convert the keys at compile time, you can use OpenSSL to do so that it can convert between virtually any certificate / private key formats. Then you embed the certificates in the application bundle in PKCS12.