Questions tagged [keys]

For questions regarding encryption keys

26 questions
20
votes
2 answers

REST API security: HMAC/key hashing vs JWT

I just read this article that is a few years old but describes a clever way of securing your REST APIs. Essentially: Each client has a unique public/private key pair Only the client and the server know the private key; it is never sent over the…
smeeb
  • 4,820
  • 10
  • 30
  • 49
6
votes
2 answers

Right way to spread secret keys between microservices

I have a few services that sign some data with an asymmetric cryptography algorithm (like RSA). I need to spread some secret (private) keys between all instances of the service. I've found a few ways to do that: Share keys as configuration (looks…
6
votes
2 answers

What is a good way to keep track of strings for dictionary lookups?

I am working through the Windows 8 app tutorial. They have some code about saving app data like so: private void NameInput_TextChanged(object sender, TextChangedEventArgs e) { Windows.Storage.ApplicationDataContainer…
Justin
  • 259
  • 1
  • 6
5
votes
4 answers

How does SSL relate to the Public Key Infrastructure?

How does SSL relate to the Public Key Infrastructure?
JHarley1
  • 701
  • 3
  • 8
  • 13
4
votes
1 answer

How do large corporations store API keys?

When FaceBook or Google give me an API key, are they just storing it in a database? Unlike a password, where you can hash and salt it before putting it in the database, it seems to me that a key needs to be stored as-is (or else in a reversible…
Birrel
  • 259
  • 2
  • 5
4
votes
3 answers

Is this a good solution for deactivating key value pairs?

A (relatively) simple CRUD application on which I work has a lookup table which holds key-value pairs, some of which have child key-value pairs. These are used mainly in drop-down lists on the application front end. Currently there is a RowStatus…
atamata
  • 141
  • 4
3
votes
6 answers

Is it smart to store application keys, ids, etc directly inside an application?

I have heard some say it isn't but they never suggest an alternative. Is this true? UPDATE Is it possible to store this external from application and have it called?
Edward
  • 2,149
  • 4
  • 19
  • 24
3
votes
6 answers

How to define a natural id in database?

There are a lot of manuals. I am trying to create an database to hold information of these documents. But, there is a small problem. How can I give meaningful id to the manuals? Are there any standard or logic behind the giving meaningful id to the…
user12278
2
votes
1 answer

How to store private ssh keys for my application?

I 've a pair of private and public ssh keys, which I'm using in encrypting and decrypting my JWT. So I'm creating and signing my JWT with my private key and shared the public key with the client who then use it to decode the JWT. Now, I'll be…
megamind79
  • 29
  • 2
2
votes
2 answers

How should I access a third party API which requires a key?

I am accessing a third-party API. It requires a key, which is the same key for all of my users. Currently, my application includes that key in the client-side code, and calls the third party API directly. So any user can decompile my code, and…
Evorlor
  • 1,440
  • 2
  • 16
  • 22
2
votes
1 answer

How to encrypt communication without hard coding key in client?

I've found description of vulnerability here. The kankun smart socket device and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP. An attacker on…
2
votes
1 answer

What alogrithm is used on the smart cards for the DNSSEC Trusted Community Representatives?

I've been doing some reading about DNSSec and am interested in the algorithm that they chose to use when splitting the trusted key up between the 7 Trusted Community Representatives (TCR). I unfortunately can't find any information about the…
Aidos
  • 125
  • 1
  • 7
1
vote
0 answers

Which 'Fkey' can I safely use in a cross-platform application?

I'm developing a text editor and start to think about key bindings. Which F key (F1, F2, F11, etc.) should I use in my application, assuming that I want OS X users to be able to use it as well? I don't want to bind keys that are already used in…
atrefeu
  • 119
  • 1
1
vote
2 answers

Composite Id based on another Aggregate root?

An Aggregate Root should always have a unique ID within the bounded context. Typically the examples one finds use a GUID for this to ensure global uniqueness. However consider a bounded context for a Chat. In this case I deem messages and chats as…
udnes99
  • 59
  • 6
1
vote
1 answer

Geolocation client side requests: Key and ID storage

I'm developing a small web-app to help users manage shopping lists. One of the required features is the ability of the application to notify the user if a shop of the same category is near him/her. To do so I'm using Foursquare API. Said API…
MFranc
  • 113
  • 3
1
2