Skip to content

Instantly share code, notes, and snippets.

View rmhrisk's full-sized avatar

Ryan Hurst rmhrisk

View GitHub Profile
View WEB PKI CA Revenue.md

WebPKI CA Revenue

Company Year Amount
BuyPass 2015 They reported revenue of 192 million Norweigan Krones in 2015; using today's exchange rate, this is about $23 million US dollars.
Quovadis 2016 WISeKey reported QuoVadis (whom they acquired) had revenue of $18
@rmhrisk
rmhrisk / WebCrypto Support.md
Last active July 12, 2019 07:42
WebCrypto Support as of May 4th 2017
View WebCrypto Support.md

Edge image

Safari image

Chrome image

Firefox

@rmhrisk
rmhrisk / fedor ping.md
Last active November 24, 2016 09:19
fedor ping.md
View fedor ping.md
Ryans-MBP:room_react_skylink rmh$ ping google.com
PING google.com (216.58.193.78): 56 data bytes
64 bytes from 216.58.193.78: icmp_seq=0 ttl=55 time=6.156 ms
64 bytes from 216.58.193.78: icmp_seq=1 ttl=55 time=5.830 ms
64 bytes from 216.58.193.78: icmp_seq=2 ttl=55 time=7.903 ms
64 bytes from 216.58.193.78: icmp_seq=3 ttl=55 time=7.963 ms
64 bytes from 216.58.193.78: icmp_seq=4 ttl=55 time=6.510 ms
64 bytes from 216.58.193.78: icmp_seq=5 ttl=55 time=4.856 ms
64 bytes from 216.58.193.78: icmp_seq=6 ttl=55 time=6.755 ms
View The PDF is dead, long live the PDF.md

PDF was initially released over 23 years ago, it solved a very important problem. How could you provide an electronic equivalent to paper?

As a standard, like most things evolved over decades, it’s actually pretty awful. The specification reads like it was designed by an army of people who seldom spoke and had no long term plan.

That said, it is without a doubt still one of the most important file formats on the web. Its issues are a direct result of the era it was designed in, open standards were far from the norm, the desktop was king, and the internet was primarily used for email.

A lot has changed since then, but PDF itself, though it has had more features added to its specification, has not materially changed much. Some of the larger issues with the format include:

  • They are often bloated large documents making them slow to download and render,
  • The layout is generally fixed and not responsive making them awkward to read on a mobile device,
View How to flush your OCSP cache.md

OSX

sqlite3 ~/Library/Keychains/*/ocspcache.sqlite3 'DELETE FROM ocsp;'

Windows

certutil -URLcache * delete

Linux

dirmngr --flush

@rmhrisk
rmhrisk / The things that use WebCrypto.md
Last active October 7, 2016 23:49
What things use WebCrypto?
View The things that use WebCrypto.md

WebCrypto is relativley new but it is already used in some very popular services, some of which include:

Description
openpgpjs Uses WebCrypto to protect email.
1Password Teams 1Password for Teams uses WebCrypto to make sharing passwords easy.
@rmhrisk
rmhrisk / Web Crypto and Web Application Security Basics.md
Last active July 12, 2019 07:42
Web Crypto and Web Application Security Basics
View Web Crypto and Web Application Security Basics.md

If you are going to be using Web Crypto in your application you better also get the basics of Web Security in your application taken care of. This is a list of resources that are useful when looking at the security of a web application.

TLS

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both frequently referred to as "SSL", are cryptographic protocols that provide communications security over a computer network.

Resources

@rmhrisk
rmhrisk / Progressive Web Applications, Isomorphic Javascript and Web Crypto.md
Last active June 3, 2020 08:41
Progressive Web Applications, Isomorphic Javascript and Web Crypto
View Progressive Web Applications, Isomorphic Javascript and Web Crypto.md

A Progressive Web Appplication uses modern web capabilities to deliver an app-like user experience, these applications are sometimes built as isomorphic web applications. In these cases, much of the code that runs on the client also runs the server.

This combination of approaches and the various technologies that make them possible are being used to build a new class of web applications that can often come together quicker and in many cases are indistinguishable from native applications.

So much so, thanks to Electron, you can often wrap these web applications as "native applications". These web-native applications look great too, if you use Slack or Visual Studio Code you know what I am talking about.

I believe Web Crypto is a great addition to this toolchain. With the Web Crypto these applications can incorporate strong,

@rmhrisk
rmhrisk / Web Crypto is Everywhere.md
Last active October 31, 2018 15:17
Web Crypto is Everywhere!
View Web Crypto is Everywhere.md

We do security-oriented development in Javascript on both the server (Node) and in the browser and strive to share code whenever possible. This led us to build a few different libraries based on Web Crypto, the first of which was PKIjs.

The first commit to PKIjs, our PKI library for browsers based on Web Crypto, was in February of 2014. When we started this project Web Crypto was basically only supported by Chrome. Today that picture has changed a lot and all major browsers support it to varying degrees.

Using Web Crypto made sense to use as the cryptographic library for this project for a few reasons, one of the largest being the risks associated with Javascript based cryptography.

Though browser support for Web Crypto has improved significantly there are still a [few rough edges](https://www.boxcryptor.com/de/blog/post/bui

View WebPKI Business Sales.md

WebPKI and Digital Signature related M&A + Investment + Public Offerings

  • This was inspired by Matt Suiche's great post on cyber security M&A related activity; there is some overlap but not much.
  • This is all public data.
  • I have also intentionally excluded sales of WebPKI key material, not only are these prices not public but they are usually very special cases that are in-essence impossible to compare effectively.
  • I have also included HSMs, Smart card, Digital signatures and CA related software companies in this list as it seems relevant.
Purchased Purchaser Date Price Structure Notes