Hi,
> > Private and public key are still used. The patch stil uses
> > certificates and TLS, it only replaces the check certificate of the
> > peer's certificate against the CA with a hash check (certificate
> > pinning if you want).
> >
> > So basically instead of saying that you trust all certif
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 24/05/18 14:46, tincanteksup wrote:
> As --ec-curve remains undocumented I presume that is because its
> implementation is not yet completed ? So I decided to send this email for
> confirmation or, if this problem is not known, to inform you of i
On 24/05/18 12:17, Arne Schwabe wrote:
>
>>> When you sign a certificate you are actually singing the hash of the
>>> certificate. So you essentially are saying: "This certificate with the
>>> hash xxxyyy is trusted by my CA". Traditionally we used the MD5 of the
>>> certificate, then SHA1 and now
I have come across the use of --ec-curve on the Forum a couple of times
but, as it is undocumented and does not appear to work, I did not pay
that much attention ..
Now, it turns out that --ec-curve is supported by current release v246,
so I decided to look more closely at the problem.
The short
>> When you sign a certificate you are actually singing the hash of the
>> certificate. So you essentially are saying: "This certificate with the
>> hash xxxyyy is trusted by my CA". Traditionally we used the MD5 of the
>> certificate, then SHA1 and now SHA256 which we signed. (See the weak md5
>>
