KeyChest – Getting Rid of Broken Padlocks

We all have seen it – I go to visit an interesting blog, DEFCON website, or pay for your parking on the go. But I can’t – the website or web service has an expired certificate and the “damn security wouldn’t let me do it”.

“Read More”

Encryption and Databases Are Actually Similar

We have been building encryption service for a while. I grew up in the world of encryption and many things just came with experience, without being spelled out. Here’s another why I believe in “hardware encryption”.

“Read More”

JSignPdf Now Supports Remote Signing

Category : key management , security

A great news – our CloudFoxy is now supported by JSignPdf 1.6.4. You can now sign PDF with eIDAS compliant smart-cards (or OpenPGP dongles) – zero drivers or configuration on user computers.

“Read More”

Growth Of HTTPS Public Logs (CT)

Category : https , keychest

As we have a database of all the issued public certificates, we started looking at some of the data. This is a quick note about the frequency of updates of certificate transparency (CT) logs.

“Read More”

Real-Time Certificate Info – 5,560,000,000 KeyChest Index

We have finally completed a GLOBAL certificate look-up table for real-time notifications in our re-designed KeyChest service. KeyChest has been using an external service to check for new certificates. This has become unsustainable due to the number of users and certificates we monitor.

“Read More”

Multiparty Encryption – Our Talk at DefCon 25 – August 2017

Category : security

I just found a video of our presentation at DefCon last year, which I haven’t watched since. The talk included a live demonstration connecting to a bank of smart-cards in Cambridge, UK. Organizers warned us not to do it as the network was pretty locked-down and a lot of …. interesting traffic was flowing around.

“Read More”

PDF Signing With CloudFoxy And Smartcards – Production Notes

Category : https , security

We have handed over the first deployment of our CloudFoxy (smart cards over RESTful API) for PDF signing and it is now in live use. Here are a few observations of mine about dependencies, performance, and delivery.

“Read More”

PDF Signing, eIDAS for Companies – CloudFoxy

Category : crypto , cybersec

We have implemented a solution for eIDAS USB smart cards, with no drivers on user computers. We simply access smart cards HTTPS to sign PDF documents. A solution, which can be automated, integrated with an internal IT infrastructure, and managed by a dedicated support.

“Read More”

How secure is CloudFlare “flexible SSL” option

Category : https

One would expect that when you decide to secure your web-server traffic with HTTPS, you do it for the security. Some, however, do it mostly to improve their SEO. CloudFlare flexible SSL is exactly for this.

“Read More”

Planning TLS certificate renewals – define a process

Category : https , letsencrypt , security

This text is about creating a process around planning certificate renewals. As part of our KeyChest re-design, we created a sequence of meaningful checks for TLS certificates to get them always renewed before your web services go down.

“Read More”