Ryan Hurst
Ryan Hurst
Reopening this issue so people can use it to discuss the topic.
We will need logs. We will also need to understand the scenario that results in two users accessing the smart card concurrently better. In what user context does each interaction...
FYI : We maintain a few WebCrypto polyfills: https://github.com/PeculiarVentures/webcrypto-liner/blob/master/BrowserSupport.md https://github.com/PeculiarVentures/node-webcrypto-ossl https://github.com/PeculiarVentures/node-webcrypto-p11 Our focus is test coverage and compat, you can see some of the tests here: https://peculiarventures.github.io/pv-webcrypto-tests/ WebCrypto-liner would be...
We will need logs. Fortify caches the handle provided by the Yubikey middleware, not passwords. It is strange that it appears that the Yubikey is being loaded through Windows and...
To help debug issues like this in the future we have updated the user interface to show which cryptographic provider is in use. As you can see under the subject...
I like the simplicity of the JSON list but it does fall over, probably, when you are doing micro shards, for example, there is nothing stoping you from doing a...
You can concert the key to an PKCS8 with a command similar to this: openssl pkcs8 -topk8 -v2 aes-256-cbc -out key.pem -in inkey.pem
Tangentally related you may find this post interesting: https://unmitigatedrisk.com/?p=543
@tomato42, thank you for your detailed report on the vulnerability of @peculiar/webcrypto package 1.4.3 to the Marvin Attack, and I apologize for the delayed response. Your findings regarding the side-channel...
My apologies, I shared that link in a hurry. You're right; it was for the PSS wrapper code, but the answer remains the same, we just call Node's crypto libraries....