Homepage
Open in app
Sign in
Get started
ASecuritySite
When Bob Met Alice
Follow
Envelope Encryption — Storing Secrets in the Cloud
Envelope Encryption — Storing Secrets in the Cloud
With envelope encryption, we take our data, and then encrypt it with a Data Encryption Key (DEK). We then take the DEK and encrypt it with…
Prof Bill Buchanan OBE
Nov 28
Stop Hardcoding Your Secrets … How To Securely Keep A Secret
Stop Hardcoding Your Secrets … How To Securely Keep A Secret
I have lost count the number of code reviews that I have done where the secrets within the code are actually hardcoded into the code. The…
Prof Bill Buchanan OBE
Nov 28
HMAC in the Cloud
HMAC in the Cloud
A MAC (Message Authentication Code) is used to sign a message with a shared key. This differs from public key signing which uses a private…
Prof Bill Buchanan OBE
Nov 27
Which FIPS 140 Level Does Your Company Match To?
Which FIPS 140 Level Does Your Company Match To?
The US government defines a number of standards that many companies comply with, and one of the strongest is FIPS (Federal Information…
Prof Bill Buchanan OBE
Nov 27
Questions About Encryption Keys and the Cloud
Questions About Encryption Keys and the Cloud
If you implement cybersecurity in your company, do you know where your encryption keys are stored, how they are accessed, and who…
Prof Bill Buchanan OBE
Nov 27
Digital Signing in the Cloud
Digital Signing in the Cloud
In digital signing, we use our private key to sign for a message, and then the proof of signing is done with our public key. This happens…
Prof Bill Buchanan OBE
Nov 27
Public Key Encryption in the Cloud
Public Key Encryption in the Cloud
We are increasingly moving into the public cloud for our security, and often need to use public key encryption (asymmetric key) to encrypt…
Prof Bill Buchanan OBE
Nov 27
About ASecuritySite: When Bob Met Alice
Latest Stories
Archive
About Medium
Terms
Privacy
