big sur – Is it safe to encrypt the VM Volume on recent macOS versions?

big sur – Is it safe to encrypt the VM Volume on recent macOS versions? – Ask Different

gnupg – Why does ECC not have an encrypt capability in GPG, but RSA does?

I’m attempting to establish a process for setting up a new GPG identity for myself and my threat model.

Much of it is following guides which I believe are still considered best practices:

These schemes seem to be advocating for:

  1. Setup an offline primary key that only has the “Certify” capability
  2. Create an online subkey with capabilities: “Sign”
  3. Create an online subkey with capabilities: “Authenticate”
  4. Create an online subkey with capabilities: “Encrypt”

The above guides are using RSA-4096, but based on my other readings it seems like using ECC with curve 25519 is as secure, but requires less space to store and less energy to use, so I’d like to go with that.

I was playing with the tools in a temporary GNUPGHOME, and I was able to setup an ECC primary key, but when I sent to generate the “encrypt” subkey, I noticed there didn’t seem to be an encryption capability:

Possible actions for a ECDSA/EdDSA key: Sign Certify Authenticate 
Current allowed actions: Sign Certify 

   (S) Toggle the sign capability
   (A) Toggle the authenticate capability
   (Q) Finished

But if I use RSA, it seems like it is an option:

Possible actions for a RSA key: Sign Certify Encrypt Authenticate 
Current allowed actions: Sign Certify Encrypt 

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

I wasn’t able to find much online about why this is.

For reference my gpg version information is as follows:

gpg (GnuPG) 2.2.20
libgcrypt 1.8.7

Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

In summary, my question is:

  • Why does RSA have an “encrypt” capability but ECC doesn’t.
  • Is having one primary key and 3 subkeys for each functionality still best practice?
  • Should I generate an RSA subkey with an “encrypt” capability as a workaround?

encryption – How to encrypt whole website source code which made in CodeIgniter framework? Is this possible to encrypt whole website source code for the security

Developing a application in CodeIgniter framework. Project requirement is that after development is over all the source code should be encrypted. How to achieve this and when need modification how to decrypt it so can modification can be done. This is done for the security purpose and which is the best secure method?

output should be like = XcB66ijatBSzzBrYubtxozKlLNA3LfjP9mXBxIVU8b7Zd5gwasR7LeMRrUVZn/Ra4/4tp/

source code :

<?php

class Upload extends CI_Controller {

        public function __construct()
        {
                parent::__construct();
                $this->load->helper(array('form', 'url'));
        }

        public function index()
        {
                $this->load->view('upload_form', array('error' => ' ' ));
        }

        public function do_upload()
        {
                $config('upload_path')          = './uploads/';
                $config('allowed_types')        = 'gif|jpg|png';
                $config('max_size')             = 100;
                $config('max_width')            = 1024;
                $config('max_height')           = 768;

                $this->load->library('upload', $config);

                if ( ! $this->upload->do_upload('userfile'))
                {
                        $error = array('error' => $this->upload->display_errors());

                        $this->load->view('upload_form', $error);
                }
                else
                {
                        $data = array('upload_data' => $this->upload->data());

                        $this->load->view('upload_success', $data);
                }
        }
}
?>

encryption – What is the best way to encrypt extremely sensitive and important data

I assume that the threat that you are trying to mitigate is the threat of someone (e.g. the cloud service provider or an attacker) that has gained access to the encrypted file being able to decrypt the file. AES256 is the strongest encryption that we have at the moment. Nearly all modern secure protocols (e.g. TLS, Signal, SSH, OpenVPN, etc.) rely on AES at their core. So, you’ll want to use AES.

Then, the strength of the key is vital. You can derive a key from a password using a key derivation function. But, any key derived from a password will at most be as strong as a random key generated by a CSPRNG. So, you might want to simply use a CSPRNG to create a random 256-bit key.

linux – Does Microsoft Official RDP Program end to end encrypt data?

Yes, RDP supports encryption between client and server. Remember how it asks for certificate trust when you first connect, and complains when common name in the certificate doesn’t match hostname you entered? This is it.

In general, you use MS AD Certificate Services to issue certificates for server. Then, because AD CA certificates could be distributed to all domain computers, connections from those computers will verify server’s certificates successfully and automatically. The dialog should not appear in this case. This is how it is intended to work.

If you enter IP address of a server to connect to instead of its FQDN, or connect from outside network via address translation, or connect from a computer which doesn’t have CA certificate, this verification is impossible and the confirmation dialog appears.

FreeRDP asks for this confirmation too, showing the details of the remote presented certificate at first connection, and it maintains the list of “confirmed” servers in .config/freerdp/known_hosts2 file, much like ssh client does.

tls – Why can’t tls1.2 server use certificate’s private key to encrypt ‘server finish’, and send if after ‘server hello’?

The Server Finished message does not contain anything relevant. It’s merely a test/validation to ensure the Server has generated proper Session Keys.

By encrypting a hash of the transcript of the handshake and sending it to the Client, the Client is able to validate that the Server has the correct Session Keys, and that both the Client and Server “saw” the same handshake records.

The Client does the same in the opposite direction with the Client Finished.

If you changed this mechanism, you’d need to add another mechanism to validate the Server has the proper session keys.

And, having the Server encrypt it’s Certificate record to the Client would only serve one purpose: Proves the Server has the matching Private Key… but that is already proven because the Server signs it’s Server Key Exchange record.

So in the end, your suggestion would take away a necessary step, and add an unnecessary step.

network – File transfer service through server that is not P2P, encrypt files without letting the server know its contents

A file transfer tool, that works through a middle man server, as the following diagram:

enter image description here

Client A uploads a file to the server, Client B has websocket events that a file is transferring and starts downloading available chunks of the given file.

I would like to encrypt the files without letting the server ever know the file’s contents or how to open it, means the private key must not be known by the server.

But is this even possible? How can I let Client B know of the key that opens the encryption Client A performed?

✅ MH Unlimited Web Hosting 2$/Month (SSD, Let’s Encrypt SSL, Softaculous – Paypal,CC,ETH) | Proxies-free

Mayo Host is affordable web hosting provider since 2015. MH offers URL=”https://mayohost.com/web-hosting.php”]best affordable web hosting in the world[/URL]. MH web hosting plans includes all the bells and whisltes of modern web hosting like Let’s Encrypt SSL, MySQL/MariaDB databse, CloudLinux, Softaculous for one click WordPress installation etc. Today we bring exclusive hosting plans like unlimited space plan. Details are follow:

☁ Opal Plan – 4.8$/Year

  • 500MB Disk Space
  • Unlimited Domains
  • Unlimited Bandwidth
  • Unlimited Sub Domains
  • Unlimited Email Accounts
  • Unlimited MySQL Databases
  • Unlimited FTP Accounts
  • More Info | Order Now

☁ Emarald Plan – 9.6$/Year OR 1.2$/Month

  • 1GB Disk Space
  • Unlimited Domains
  • Unlimited Bandwidth
  • Unlimited Sub Domains
  • Unlimited Email Accounts
  • Unlimited MySQL Databases
  • Unlimited FTP Accounts
  • More Info | Order Now

☁ Painite Plan – 24$/Year OR 2$/Month

  • Unlimited Disk Space
  • Unlimited Domains
  • Unlimited Bandwidth
  • Unlimited Sub Domains
  • Unlimited Email Accounts
  • Unlimited MySQL Databases
  • Unlimited FTP Accounts
  • More Info | Order Now

Payment Methods
We accept PayPal, Credit Card, BitCoins, LTC, BCH & ETH, PerfectMoney other cryptocurrencies.

Reviews
Hosting Reviews: https://hostmayo.com/reviews-awards

Connect with US
If you have any questions, please feel free to contact us at
admin@hostmayo.com or you can Skype us @ hostmayo

Follow Us Tweeter @hostmayo || Facebook HostMayoServers – || Discord [Mayo] || Hosting Affiliate Program

 

partitioning – Encrypt partition for use in Ubuntu + Windows

I have a machine with dual boot Windows 10 / Ubuntu 20.04.
I would like to set up a new HDD (1 partition) dedicated for documents and other data – which I would like to have have encrypted, but accessible from both operating systems.

I presume that the preferred format for this partition is NTFS. But which way is currently most advisable for encryption, that is supported by both OS’es?

encryption – How to encrypt http traffic in an offline enterprise network?

Deploy the application with a digital certificate that is trusted by all of the client systems. That way, you can just use HTTPS to perform the encryption.

The best way to do this is by setting up your own internal certificate authority (CA) within the network, and then installing the root CA certificate on all the clients.

But if it’s a small one off project, you could just manually install the specific certificate on the client systems.

DreamProxies - Cheapest USA Elite Private Proxies 100 Cheapest USA Private Proxies Buy 200 Cheap USA Private Proxies 400 Best Private Proxies Cheap 1000 USA Private Proxies 2000 USA Private Proxies 5000 Cheap USA Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies Proxies123.com