Questions tagged [shared-secret]

Shared key is a piece of data, known only to the parties involved, in a secure communication. The shared secret can be a password, a passphrase, a big number or an array of randomly chosen bytes.

In cryptography, a shared secret or shared key is a piece of data, known only to the parties involved, in a secure communication. The shared secret can be a password, a passphrase, a big number or an array of randomly chosen bytes.

The shared secret is either shared beforehand between the communicating parties, in which case it can also be called a pre-shared key, or it is created at the start of the communication session by using a key-agreement protocol, for instance using public-key cryptography such as Diffie-Hellman or using symmetric-key cryptography such as Kerberos.

The shared secret or shared key can be used for authentication (for instance when logging into a remote system) using methods such as challenge-response or it can be fed to a key derivation function to produce one or more keys to use for encryption and/or MACing of messages.

To make unique session and message keys the shared secret is usually combined with an initialization vector (IV). An example of this is the derived unique key per transaction method.

It is also often used as an authentication measure in APIs.

Source : wikipedia article

48 questions

votes

4 answers

Where to find the shared secret for iOS App Store receipt validation?

I am confused on where to find the shared secret needed to verify regular In-App purchases. About one year ago I have created a server script which is call from my iOS app to verify the App Store receipt with Apples .../verifyReceipt endpoint. This…

ios receipt-validation shared-secret

asked May 10 '19 at 08:08

Andrei Herford

17,570
19
91
225

votes

3 answers

Connection to Azure Vault using MSI

I am trying to connect to my azure vault from a console application with using MSI For this vault i have added my user as the Selected Principle the code i am using to connect is var azureServiceTokenProvider = new AzureServiceTokenProvider(); var…

c .net azure azure-security shared-secret

asked Feb 28 '18 at 10:32

MicroMan

1,988
4
32
58

votes

4 answers

Java Implementation of Shamir's Secret Sharing

I tryed to implement Shamir's Secret Sharing in Java but I have some problem. When I put K>10 the secret is no more reconstructed. Who can help me? This is what i've done. What's the problem? Initially I…

java cryptography shared-secret

asked Oct 11 '13 at 21:36

Pascal NoPascensor

votes

2 answers

Can't generate App specific shared secret code

I have to implement auto-renewable in-app purchase in ios app and I have "app manager" permission to access my client's app store connect account. When I click on "app specific shared secret" then it doesn't show me an option for generating it…

ios xcode in-app-purchase app-store shared-secret

asked Apr 15 '19 at 07:17

Bert Kim

votes

1 answer

How to implement zero-downtime key rotation

I have several micro-services running in AWS, some of which communicate with each other, some of them having external clients or being clients to external services. To implement my services I need a number of secrets (RSA key pairs to sign/verify…

encryption secret-key aws-secrets-manager shared-secret

asked Jan 22 '19 at 16:29

JHH

8,567
8
47
91

votes

0 answers

How to share dynamically generated secrets between Docker containers

I have linked together a couple of Docker containers that use each others API endpoints. These API endpoints are protected by a secret and are generated on container startup. I'm looking for a safe way to share these secrets between those services…

security docker docker-compose shared-secret

asked Aug 11 '15 at 20:20

Martijn

2,268
3
25
51

votes

1 answer

Calculating an oauth signature

I am trying something a little specific, namely trying to call a REST API. I have been following these instructions. I have been very careful to ensure that I am creating the "Signature base string" correctly. They define it to be created like…

rest post oauth hmacsha1 shared-secret

asked Mar 07 '15 at 00:57

user2405469

1,953
2
22
43

votes

0 answers

Does iOS built-in security framework support ECC and ECDH?

I could find an answer from 2013 that iOS does not support ECC based encryption and a recommendation to use OpenSSL. I see at the Security Framework Reference some definitions for TLS_ECDH but it is not clear to me that ECC based is fully supported.…

ios security public-key-encryption shared-secret

asked Oct 12 '14 at 16:57

Simon

votes

2 answers

Are java.lang.Long or java.util.UUID safe shared secrets?

In order to access resources in my web service application, client applications need to provide a shared secret unique for each resource. Question is: Are Longs generated by a SecureRandom reasonably safe for this purpose (e.g. against brute force…

java long-integer uuid shared-secret

asked Feb 19 '13 at 07:26

Pascal Kesseli

1,620
1
21
37

votes

1 answer

How can you create a shared secret for IdentityServer4?

All the documentation and examples I've seen all use C# code to generate the secret, like this: new Secret("secret".Sha256()) This is fine for an initial setup and inserting into the database on startup, but what if I want to add a secret directly…

identityserver4 sha shared-secret

asked Oct 31 '19 at 21:35

cassonchris

votes

2 answers

Apple Auto-Renewable Subscriptions : Shared Secret

According to Apple iTune Connect document said that the "Shared Secret" section is in "Manage Your In App Purchases". But I could not find it. Do I have to change the iTune Connect setting to have this SECTION visible? Best Regards

itunes shared-secret

asked Feb 21 '11 at 03:02

Cp Liszt

votes

0 answers

Openshift - How to share a secret between Namespaces?

SSH Secrets are required to clone a private repo from Github in Origin. I created a project, added SSH Secrets to the build config, all went fine. Now I am creating a template, so users will create new project and use my template to deploy their…

kubernetes openshift openshift-origin shared-secret

asked Jul 23 '17 at 05:33

karthikeayan

4,291
7
37
75

votes

1 answer

Shared Secret based on Elliptic curve Diffie–Hellman with CommonCrypto

I am looking for the methods in CommonCrypto to generate the shared secret based on ECDH (Elliptic curve Diffie–Hellman). I can find proprietary implementations like this one…

ios cryptography diffie-hellman shared-secret

asked Nov 05 '14 at 05:49

Simon

votes

2 answers

Implementation to protect a 2048-bit RSA private key using a secret sharing scheme

I'm trying to protect a 2048-bit RSA private key (confidentiality & availability). I have been looking around for more information on how to do that and I'm thinking of using a secret sharing scheme (Shamir's Secret Sharing would be fine). Is it the…

encryption private-key shared-secret

asked Jan 08 '14 at 17:41

cashel

votes

3 answers

Why should I hash a random number when generating a secret?

Lots of code does something like this to generate some kind of secret: sha1(random()) Why not simply use a random number? I realize that in the past, some OS random generators weren't so great, but I'm not sure that's still true, and even if it…

security hash shared-secret

asked Apr 25 '13 at 21:50

Johannes Ernst

3,072
3
42
56

2 3 4 Next