hash – What’s the difference between digest algorithm and signing algorithm?

I’m reading rfc5652, there are different references of the two algorithm identifiers.
For example in this ASN.1 structure :

https://tools.ietf.org/html/rfc5652#section-5.3

When using RSA for signing; isn’t the digest algorithm represents the hash function used to compute the hash value, that’s encrypted using the private key?
What’s the signing algorithm in this case?

public key infrastructure – Certificate Authority generates private key for Extended Validation code signing certificate?

My company upgraded to an Extended Validation code signing security certificate, which was delivered via mail on a physical USB key, called a “token.” The token contains a private key and the digital certificate, both generated by the Certificate Authority (CA). I was surprised that the CA created the private key. It is my understanding that private keys should never be shared with a third party, including a CA. I’m used to the Certificate Signing Request (CSR) process, where a company keeps its private key private and only shares its public key.

My question: What security concerns are there with a private key being generated and initially owned by (in possession of) a Certificate Authority? Is this standard practice for EV certificates delivered on a physical token? We are told that the private key only exists on the token and there are no other copies.

Perhaps I’m missing the point. Maybe it’s more about establishing trust with a CA, and therefore we should also trust that the private key was handled correctly and that we have the only copy (E.g., why do business with them if we don’t trust them). At the same time, alerts go off because a third party had our private key. I realize that it might not be practical to create a token unless the private key is present, so maybe it’s inevitable that the CA possesses it at some point.

tls – How many keys do you use for signing and encrypting emails?

TLS: This was the easy one. I’ve seen recommendations that the outgoing mail setting should be STARTTLS, and the incoming mail setting should be TLS. That seemed to do the trick when I emailed myself and checked what Gmail had to say about it in their web client.

However, since TLS is a connection protocol, it makes sense to me that they still actively MITM anything sent through their servers. I’m imagining that even with TLS, I use their public key to send an email, they decrypt and analyze it for advertising and whatever else, and then use my recipient’s public key to encrypt that along to them? My link seems to show it’s even baked into their ToS. So, I’m trying to get the others set up.

OpenPGP: I’ve seen a lot more conflicting evidence of how many keys to use here. For example, Enigmail (apparently the de facto plugin) for Thunderbird seems to default to creating a single GPG key with its setup wizard. The OpenPGP Security settings don’t even have separate entry boxes to enter separate signing and encryption keys, but yet the Security settings tab does. Also, to quote the previous source again, it was recommended in 2011 to have separate signing and encryption keys (especially for RSA) for security reasons. But in 2015, a “duplicate” question has an answer suggesting that this isn’t the case and it’s perfectly fine to use a single GPG key for signing and encryption—regardless of the algorithm, too.

Question: Is there any security risk in using a single GPG key?

Question: Which algorithms are best to pick from, circa 2020?

Question: If you’d be kind enough (especially for others who might read your answer and are still trying to connect the dots), could you offer an example of how to do your recommendations in practice? (gpg and Thunderbird would be ideal, since I and many others with interests in privacy & security use Linux, but I’ll take whatever you have experience with) GPG is known for a high learning curve, after all.

public key infrastructure – Why not signing a certificate with more than one Certification Authority

A student asked me a good question today when I was explaining the concept of certificates chain.

As I say “if a CA is compromised by an attacker he can emit false certificates for the entities the CA is allowed to sign (e.g all the *.fr)”,
he asked me : “why not signing each certificate by more than one CA, let’s say 3, so the compromise of only one CA is not sufficient to break the trust and the likeliness to have three CA compromised is far far less than only one.”

I think the question is good. Even if it’s not currently permitted by the x509 standard, it remains a valid criticism of the current model.
I don’t see why the proposed model would not be better but maybe I miss something ?

To be effective this way will need that the 3 signatures were mandatory or that specific DNS record mentions that the certificates for this domain need 3 signatures to be valids.

Does a signing provider has my private key (digital signatures)

For my essay im writing about digital signatures. Lets talk about an advanced digital signature which works with PKI (private-public key infrastructure). For example, im using ValidSign or GlobalSign service to digitally sign my document, do they have my private key to sign the document, or is it on my own machine? Im trying to understand why I should upload my document to a signing provider, why cant I just sign it on my machine and send it to the receiver?

Hash of hash for signing a big message

Suppose that we want to sign a big message, the signature performs a hash calculation, is it insecure to hash the message before the signature meaning to double hash the message?
As after the first hash the input space is reduced than the space of the original message.

How to verify PGP signature with signing key using Enigmail in Thunderbird

I received an email like this above:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Because anyone can claim to be me. There's no validation of the user
name or email address when someone posts a comment. While I do try to
remove imposters, some may slip through. By signing my comments using
this technique, anyone can independently verify that I was the author of
the message by validating the signature.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFFxqRFCMEe9B/8oqERAqA2AJ91Tx4RziVzY4eR4Ms4MFsKAMqOoQCgg7y6
e5AJIRuLUIUikjNWQIW63QE=
=aAhr
-----END PGP SIGNATURE-----

And another email with the public key.
How can I verify if the signature is valid using the Enigmail in Thunderbird?

authentication – Missing “Signing in to Google” to Get Security Code

I am trying to sync Google Drive with MultCloud and I am asked to authenticate myself by using the “”Signing in to Google;” however, this is missing from my phone. I am unable to enter the 2FA from the authentication app in the phone.

The image below illustrates the instructions I am given: Verify it’s you
There is something unusual about your activity. For your security, Google wants to make sure it’s really you.

I am not very lucky getting effective support from Google Product Support forums, what can I do to authenticate myself through the regular authentication app or phone number

For some reason, the more ways to verify link is not listing my authenticator or phone number. This image illustrates the message I am getting

Choose a way to verify

Also, I am disabled from changing the multi-factor authentication methods from my account because I am asked for this security code from the “Log in to Google” setting which is missing from the phone (I just tried to do that, but same situation).I am not presented with other alternatives like the getting a text or the Authenticator App (I just tried that)

signature – manually signing bitcoin transaction

I’m trying to create a BTC transaction with one input and two outputs, one for change and one OP_RETURN to anchor data. And I’m doing all of that on my regtest backend. The raw unsigned transaction is

01000000018be9d0e99e74d69d915e105db1328707f713d42a894909b18a78fe68e1d8290c0000000023210340165231215a98e7a32abce9d410ecd09ac505938b25f9451defa051d591ebf8acffffffff0218ee052a010000001976a9143eb52fb0be4be87edc74848b371547f663e26c7e88ac0000000000000000226a408973d6b447bdda5312b1ef1b5509668672296301dd328d4e55317def98f165d200000000

I can then use the bitcoin rpc to sign it and it works, so I’m pretty certain that this part is correct. When I however try to sign it manually I get the error

500: {"result":null,"error":{"code":-26,"message":"16: mandatory-script-verify-flag-failed (Non-canonical DER signature)"},"id":2}

I’ve followed the steps outlined in How to redeem a basic Tx? as well as Signing a raw transaction with Python ECDSA (or OpenSSL) as well as attempted to use pybitcointools to sign the input without success.

The address and private key I use are

addr: "mmEXEzUGcMmmiLsfxxM8gB8TQSTkuR1drf"
pk:  "cTyF9pebH3kwwzUt5gzaxSDQ1DbqYfx4P1i4d1TyjtSDEeUFgYsk"

and stragely, even though the PK is the one given to me by ./bitcoin-cli -regtest dumpprivkey <addr> does not seem to match the address and I’m not sure why or what it is I need to do to it (it’s in WIF format and compressed, i.e. 0x01 appended to the end

The original TX includes the scriptPubKey of the utxo. I then double sha256 the whole raw tx (shown above) and replace the scriptPubKey part with the sigScript | pubkey using the following code:

private_key, compressed_pk = wif_to_private_key(private_key_wif)
tx = bytearray.fromhex(raw_unsigned_transaction) + int(1).to_bytes(4, 'little')

double_sha256_tx = hashlib.sha256(hashlib.sha256(tx).digest()).digest()
signing_key = ecdsa.SigningKey.from_string(bytearray.fromhex(private_key), curve=ecdsa.SECP256k1)
public_key = bytearray.fromhex(privtopub(private_key_wif))
signature = signing_key.sign_digest(double_sha256_tx, sigencode=ecdsa.util.sigencode_der) + int(1).to_bytes(1, 'little')
scriptSig = to_varstr(signature) + to_varstr(public_key)

to_varstr simply prints (len)|(data) and privtopub is the function from pybitcointools as I couldn’t figure out how to go from the compressed private key to the address manually. It’s worth noting though that the public_key here that privtoaddr from pybitcointools does not return the correct address either which might be the root cause of the issue?

I’d be grateful for any pointers or things to try

cheers
Chris

PS:
another interesting aspect is that the signed transaction I generate is a lot longer than the one generated by the signtransaction rpc call:

rpc:    01000000018be9d0e99e74d69d915e105db1328707f713d42a894909b18a78fe68e1d8290c0000000023210340165231215a98e7a32abce9d410ecd09ac505938b25f9451defa051d591ebf8acffffffff0218ee052a010000001976a9143eb52fb0be4be87edc74848b371547f663e26c7e88ac0000000000000000226a40ac4f0818b683eeeaa1fbf2f508af2fc22cc814e69025152c70d7c414ebbfc30a00000000
manual: 01000000018be9d0e99e74d69d915e105db1328707f713d42a894909b18a78fe68e1d8290c000000006b483045022100d6e538aa819f3162d5c6a0e4d9ee0323395df89e943c769d96ae939baec5c6920220083a311cb35df3c98d7a6bd0bc80d98a71fbdf8e325ba908ea4b721a4eac8bb301210343395a6e84c7f2b1d50c11f96783664a6f04d66b51befb3befcc57334e2a9abcffffffff0218ee052a010000001976a9143eb52fb0be4be87edc74848b371547f663e26c7e88ac0000000000000000226a40ac4f0818b683eeeaa1fbf2f508af2fc22cc814e69025152c70d7c414ebbfc30a00000000