We have been building encryption service for a while. I grew up in the world of encryption and many things just came with experience, without being spelled out. Here’s another why I believe in “hardware encryption”.
A great news – our CloudFoxy is now supported by JSignPdf 1.6.4. You can now sign PDF with eIDAS compliant smart-cards (or OpenPGP dongles) – zero drivers or configuration on user computers.
We have finally completed a GLOBAL certificate look-up table for real-time notifications in our re-designed KeyChest service. KeyChest has been using an external service to check for new certificates. This has become unsustainable due to the number of users and certificates we monitor.
If you want to see raised eyebrows, just say “unbreakable crypto”. Yet everyone assumes their use of crypto is “unbreakable”. Security experts know it’s safe to reject “unbreakable systems” out of hand, but they often rely on the unbreakability of security protocols day in, day out.
I wrote about the ROCA vulnerability yesterday. It affects Infineon security chips used in TPMs and smart cards. While it is easy to identify TPM modules and computers using them, smart cards are more difficult.
Looking back, we can find many examples of errors in the algorithms used to create encryption keys. Not very many of them, however, were found in chips designed and sold as high-security devices for email signing, verifying software integrity, VPN access, or citizen e-ID cards.
Is it really possible to design an encryption system, which is as strong as its strongest link? There is never a straight “yes” answer to this question, but we are now as close as one can get.
We have all heard about hackers stealing huge user databases with passwords as they are tempting bounties. FT, Guardian and many others create a new kind of reward – their internet encryption keys via CDNs – services speeding up web traffic.
While implementing features of the certificate planner, we have added a few handy features to the KeyChest spot checker as well. It is now much more than just a tool to check when a website certificate expires.