Skip to main content
We’ve updated our Terms of Service. A new AI Addendum clarifies how Stack Overflow utilizes AI interactions.
Unix & Linux

Questions tagged [cryptography]

Ask Question

Cryptography provides security mechanisms that are based on algorithmic methods and not on policy enforcement. For questions on cryptographic mechanisms and their application the Cryptography SE resp. the Information Security SE are most likely more appropriate. Don't use this tag if your question is about software that uses cryptographic mechanisms but not about cryptography itself.

86 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
5 votes
1 answer
341 views

Here's an example /proc/crypto entry: name : md5 driver : md5-generic module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : shash ...
asizo's user avatar
  • 61
2 votes
1 answer
121 views

I am using keyctl to load and retrieve keys for encryption/decryption for an application. I notice I am able to retrieve the key id of an encrypted key (for example called 'datakey') which has already ...
ani's user avatar
  • 123
0 votes
1 answer
94 views

Thanks for taking the time and having a look, I recently ELevated (AlmaLinux project ELevate) 3 servers from AlmaLinux 8 to AlmaLinux 9 (2 years back these same servers were Elevated from CentOS 7 to ...
Stefan Lelieveld's user avatar
  • 21
1 vote
0 answers
77 views

I am trying to use the Secret Service (not NSA/CIA, but the Linux one, through secret-tool command) outside of X. I managed to use it with kwalletd and with keepassxc. But kwalletd needs KDE and hence ...
Luis A. Florit's user avatar
  • 519
3 votes
0 answers
440 views

I'm still new to linux, so please give me time if you need something from me. As the title says I cannot create new key pairs or import existing keys into Kleopatra 3.2.0.240501 (24.05.1). I've just ...
TheBros47874's user avatar
  • 41
3 votes
2 answers
5k views

I am using Rocky Linux 8 and 9 and they use the crypto-policy framework from Red Hat. Now I want to adjust some settings in the policy to forbid sshd to use some specific algorithms. But I can not ...
Lucas's user avatar
  • 2,955
2 votes
1 answer
243 views

I run: gpg --list-keys I get: pub rsa1024 2014-01-26 [C] <REMOVED> uid [ unknown] Totally Legit Signing Key <[email protected]> Can this be dangerous? What is this? ...
Ohumeronen's user avatar
  • 218
3 votes
2 answers
2k views

With a public key as PEM, how can this be converted to DER format using openssl? Please note that this is not a x509 certificate. Also this question is about EC (ECDSA) public keys not RSA and using ...
code2535's user avatar
  • 31
3 votes
1 answer
494 views

I recently learned that Linux supports Adiantum as a disk encryption cipher (run cryptsetup benchmark -c xchacha20,aes-adiantum-plain64 to try it out on your system). While Adiantum is primarily meant ...
JanKanis's user avatar
  • 1,451
2 votes
1 answer
4k views

I need to encrypt some data using aes-256-ecb since a backend code expects it as a configuration. I'm able to encrypt using a key which is derived from a passphrase using: openssl enc -p -aes-256-ecb -...
isah's user avatar
  • 123
7 votes
1 answer
2k views

Is Debian OS FIPS certified? Does it support FIPS Validated Cryptographic Modules? What I noticed is that FIPS mode can be enabled with the tool fips-mode-setup. This tool is developed and can be used ...
Milica's user avatar
  • 71
7 votes
1 answer
9k views

In order to verify a password hash we can use openssl passwd as shown below and explained here openssl passwd $HASHING-ALGORITHM -salt j9T$F31F/jItUvvjOv6IBFNea/ $CLEAR-TEXT-PASSWORD However, this ...
MasterOfTheHouse's user avatar
  • 195
1 vote
2 answers
17k views

$ ssh 192.168.29.126 The authenticity of host '192.168.29.126 (192.168.29.126)' can't be established. ECDSA key fingerprint is SHA256:1RG/OFcYAVv57kcP784oaoeHcwjvHDAgtTFBckveoHE. Are you sure you want ...
john stark's user avatar
  • 29
1 vote
1 answer
402 views

If entropy is not accounted for, and the pool doesn't block even if insufficient entropy has been supplied, isn't it potentially insecure?
2080's user avatar
  • 121
21 votes
3 answers
5k views

For a class on cryptography, I am trying to drain the entropy pool in Linux (e.g. make /proc/sys/kernel/random/entropy_avail go to 0 and block a command reading from /dev/random) but I can't make it ...
John Phillips's user avatar
  • 213
2 votes
1 answer
407 views

Unable to negotiate with 129.107.56.23 port 22: no matching key exchange method found. Their offer: Diffie-hellman-group-exchange-sha1,Diffie-hellman-group14-sha1,Diffie-hellman-group1-sha1
Pooj's user avatar
  • 21
0 votes
0 answers
755 views

As seen from var/log/messages when i xdg open is triggered from the browser: Aug 14 11:01:43 centos org.gnome.Shell.desktop[1833986]: FIPS violation detected at crypto/evp/digest.c:219, reason: SHA-1 ...
munish's user avatar
  • 8,237
0 votes
1 answer
132 views

Allmost all documentation I've found about debian package signing omit the topic of crypto algorithms entirely, and the few I've seen touching the topic mention only RSA, and in one case, DSA. gpg ...
foo's user avatar
  • 133
1 vote
1 answer
122 views

For performing some results comparison, I was searching online for usages of 'gpg' command with hardware crypto extensions enabled/disabled (eg. AES-NI and ARM NEON), but found none. Instead I find a ...
Sunanda Roy's user avatar
  • 11
1 vote
1 answer
1k views

I try to prepare an nvme for encryption, so i first follow this post on SO. But the speed of dd is really really slow (less than 100 mb/s). I see there is new option to speed up dm-crypt on kernel 5.9 ...
reyman64's user avatar
  • 183
3 votes
3 answers
8k views

Suppose I try to verify the checksum of a file using: echo '760382d5e8cdc5d0d079e8f754bce1136fbe1473be24bb885669b0e38fc56aa3 emacs-26.1.tar.gz' | \ sha256sum --check If the file is corrupt and the ...
Flux's user avatar
  • 3,318
0 votes
1 answer
496 views

I'm using wpa_supplicant to set up a MACSEC secure wired channel. On an Ubuntu x86 system, this works. But on an Arm64 Alpine system, the MKA appears to succeed and the interface is set up, but no ...
Tom's user avatar
  • 563
1 vote
0 answers
177 views

So far I was able to get outguess installed on my Ubuntu distribution running under WSL by running sudo apt-get update and then sudo apt-install -y outguess Both commands worked fine. After, I tried ...
PK268's user avatar
  • 11
7 votes
4 answers
28k views

I need to perform the following Java snippet using OpenSSL from the command line: private byte[] hmacSha256(byte[] key, byte[] payload) throws GeneralSecurityException { Mac mac = Mac....
Stefano's user avatar
  • 251
0 votes
2 answers
136 views

Recently I enabled gpp emails option in facebook. Then they sent me a test mail to check whether I'm able to decrypt that or not. So first I downloaded there public key from Here and imported in my ...
Nikhil Badyal's user avatar
  • 131
2 votes
1 answer
8k views

This is the command I used to encrypt the files on my Mac around 2017. I don't know if my Mac was running High Sierra at the time or not, because I am usually late to the party when it comes to ...
Cb32019's user avatar
  • 121
0 votes
2 answers
368 views

I would like to implement a token solution for USB devices. So I need to encrypt a token with a private key and use the public key to decrypt it. So far so good. The problem comes from the fact that I ...
Rig0L's user avatar
  • 41
0 votes
1 answer
2k views

I am on an RHEL 7.5 and I would like to disable weak crypto algorithms (i.e. CBC-based ciphers, weak MACs, etc.). Hence, I modified /etc/ssh/sshd_config, especially the lines starting with ciphers and ...
user1192748's user avatar
  • 145
0 votes
3 answers
2k views

Lubuntu version: 20.04 I am trying to ssh to a cluster using fab but it returns an error. I am adding a screenshot showing the traceback . I am not able to install cryptography through terminal by ...
Nauman Sohail's user avatar
  • 15
1 vote
0 answers
45 views

The fscrypt document says: Because of the requirements to retain support for efficient directory lookups and filenames of up to 255 bytes, the same IV is used for every filename in a directory. ...
Cyker's user avatar
  • 4,572
2 votes
2 answers
2k views

I would like to disallow certain ciphers for OpenSSH in Fedora. I've read that Fedora overrides settings in sshd_config with its crypto policies. I'd like to edit those. My first idea would be to ...
markonius's user avatar
  • 387
0 votes
1 answer
31 views

I have a dir from 2002 encrypted with CryptFS which uses FiST. In theory I can probably install a virtual machine running a GNU/Linux distribution from 2002, compile FiST and CryptFS - if I can find ...
Ole Tange's user avatar
  • 37.6k
0 votes
0 answers
1k views

File command shows that the file is of any type of ELF, Text, Ascii, source code. Is any there any command or tool to identify the possible encryption algorithm for a given String? or to find possible ...
Ashish Pawar's user avatar
  • 161
1 vote
0 answers
1k views

I have a set of keys that authenticate me to some external server. They all use a root CA that's not installed in common distributions. I am validating if the external server responds, using a Docker ...
Ondra Žižka's user avatar
  • 961
1 vote
1 answer
231 views

I am working on a prototype, and I'm new to Linux Kernel Development. I see that the Linux Kernel has a crypto module, but I am not sure if it supports Asymmetric Encryption such as RSA.
Gary Drocella's user avatar
  • 141
2 votes
1 answer
3k views

I installed a kernel source from the official Linux kernel repository (http://www.kernel.org/pub/linux/kernel/v4.x/linux-4.15.tar.bz2) and I recompiled it with some needed options to support the ...
melmansuri's user avatar
  • 77
3 votes
1 answer
1k views

scrypt is a password-based key derivation function that can be tuned to use a large amount of memory. I want a command-line interface to calculate the key given my own values for parameters: password,...
wjwrpoyob's user avatar
  • 460
1 vote
1 answer
6k views

error: storage size of 'ctx' isn't known EVP_CIPHER_CTX ctx; I am getting this error with openssl -1.1.1. Compared openssl-1.0.* and openssl-1.1.1 and this EVP_CIPHER_CTX struture has not been made ...
user avatar
1 vote
0 answers
314 views

I have critical data, let's say machine learning code, GPG keys,... etc. I would like to create a workstation that will work somewhere else- in someone else's premises. I don't have concern that ...
Kamil's user avatar
  • 1,521
2 votes
1 answer
377 views

How do I know, which Kernel modules in the Cryptographic API will be beneficial on my system? How can I see, if I have software, which will use the Kernel API? For example I use often RSA, but will ...
Jonas Stein's user avatar
  • 4,338
2 votes
2 answers
4k views

I feel like this is so obvious that searching on the Internet doesn't show any results about my problem. I'm looking at the root password in /etc/shadow, which looks something like: $6$Etg2ExUZ$...
Andrés's user avatar
  • 31
1 vote
1 answer
1k views

I read about Cryptoloop and I wonder where can I use it? I understand that: Cryptoloop is a Linux kernel's disk encryption module that relies on the Crypto API, which is a cryptography framework ...
simon's user avatar
  • 121
2 votes
0 answers
376 views

Can anyone point me to a bash tab autocomplete for the java keytool command? Learning & writing this seems not simple, and I presume that someone has felt this pain before.
Frischling's user avatar
  • 173
1 vote
1 answer
6k views

When you run the command openssl enc -ciphers a list of supported ciphers is printed. In more recent versions of the OpenSSL utility the ciphers -id-aes256-wrap, -id-aes256-wrap-pad, and -aes256-wrap ...
Pete's user avatar
  • 191
0 votes
1 answer
463 views

How secure is relying on the default screen lock in linux? What stops an attacker for just plugging a device that bruteforces the passord check? How secure should be my linux account password?
qleguennec's user avatar
  • 111
0 votes
2 answers
2k views

I am interested in setting up my computer with full disk encryption, and as I understand, the /boot partition is the only tricky part of the process. Namely, I can encrypt the /boot partition and ...
popovicu's user avatar
  • 101
22 votes
2 answers
26k views

I’m having fun with OpenSSH, and I know the /etc/ssh directory is for the ssh daemon and the ~/.ssh directory is for a particular user. Both directories contain private and public keys: But what is ...
Kavish Gour's user avatar
  • 343
2 votes
1 answer
1k views

I have CentOS 7 and Apache and the Haproxy load balancer with SSL support. How to make the server compliant to FIPS 140-2? From CHAPTER 10. FEDERAL STANDARDS AND REGULATIONS | redhat.com I got the ...
user avatar
0 votes
1 answer
847 views

I'm considering switching from Windows Server to Ubuntu Server. One of feature that I can't figure out is - what should I use instead of NTFS Encryption (EFS). So, basically, what I need: 1) This ...
Dmitry Gusarov's user avatar
  • 101
2 votes
0 answers
126 views

I started with kaslr.c and found that it uses kaslr_get_random_long() defined in kaslr.h and implemented in lib/kaslr.c where it possibly uses RDRAND (Intel's hardware PRNG), a timestamp, and at ...
Usi's user avatar
  • 153

1
2