How to automatically sign a message using PGP in an email?

Is there any way to sign and send a message from email server automatically…without using any desktop client to sign the message.

For Example, A wants to send a message to B. A open its email account, composes message and click on ‘send’. After pressing send button message should be automatically signed by PGP private key and deliver to B. A don’t want to use desktop client to copy message, then sign and then compose and then send…manually

Apple sign in on mobile (IOS/Android) nonce usage

I’m looking to implement Sign in with Apple on the mobile device. We have a backend api that expects to receive the id_token (once we get it from Apple). I had a question about using nonce in this flow.

From my understanding nonce are used to prevent from replay attacks. Meaning, if we have a nonce tied to a single user session we could match the nonce for that user session and prevent malicious users from re-using the id_token. In this link they recommend generating a nonce and send (the hash of the nonce) across to Apple with every authentication request.

It then says that ‘firebase validates the response by hashing the original nonce and comparing it to the value passed by Apple’. Does this mean the id_token + nonce is sent over the wire to the Firebase database where it just hashes the nonce (that we send) and makes sure it is contained in the id_token? If this is the case, couldn’t someone intercept that request and replay it? Or is it that Firebase/Database/Server is already aware of the original nonce before hand?

Regular and social sign in reauthentication for sensitive features

I’ve got a question regarding best practice in given scenario. Lets say that a web aplication has option to register user normally with email and password as credentials. It also has option with social sign in (register) .

Now OWASP advices that under Account settings, things like changing Password, Name, Address, or Credit cards should require additional input of password, even though user is already logged in.

Now this is all fine for users who registered with email and pass, but what about those that came via social network.

Obviously those users wont have password to change, but other things that are sensitive are available for changing. What should be requested from this kind of users in order to additionally authenticate themselves when changing data. They dont have passwords, so what is best approach in this case.

Thanks

*Lifetime Free Web Hosting – Sign Up Today : Hostpoco.com

For every webmaster, Who wants to start new business and looking for reliable Hosting Plan? Hostpoco is the Best Solution for it.

“Now Hostpoco is becoming first choice for Free Web Hosting in Google Search and we are always trying to give the best possible features with our services and hence most of clients are now moving with Hostpoco. Our features like max space and bandwidth perfectly suit for startups..hence we are requesting everyone to try our services once and then decide”

Free Startup plan: $0/Lifetime

• Single Domain Hosting
• 200MB Web Space
• 200MB Bandwidth
• 2 Email Accounts
• 2 Sub Domains
• FREE Auto SSL
• DDOS Protection
• 99.99% uptime
• Softacolous Supported
• Tier 1 Technical Support

Hostpoco offers you the freedom to upgrade your existing Free Web Hosting plan to Paid Unlimited Web hosting service plan and we guarantee that there wont be any type of data loss of such upgrades. You simply suppose to initiate upgrade from client area and need to pay the respective amount and new package will be assigned as soon as you done with the payment! Note: Free Hosting Package limited with quantity of 1 per account.

For more Details:https://www.hostpoco.com/

Thank you.

How much would it cost to produce a game like Battle mages: Sign of Darkness?

I have no experience in this field so I thought asking the pros would be the most efficient way to get an estimate. This is the game: (Battle mages: Sign of Darkness)

The idea is that the graphics should be more modern (better textures etc, but nothing too fancy) and maybe the combat could be improved with more units, but let’s say the core machanics would remain the same ( adding up to 1-2 new features max.)

So I assume some of the costs would be:

  • Programming the core of the game (Mechanics etc.)
  • Design (Graphics, characters etc – nothing too fancy here)
  • Voice over and story writing (we could pay less attention on this part)

You could think of this as a remaster with a new campaign. The game has 4 campaigns with 5 levels each so 20 levels in total.

Also, if one would want to buy the rights off such an old game, like to make a continuation of it (instead of a similar game) one would have to buy the rights from the publisher or? How much do you think something like this would cost?

Anyway, thanks for the help, I really love the game so If the cost is reasonable I might save some money in following years and invest in a remaster or something…

I am signing (HMAC) outgoing webhooks to allow users to verify their source, should I also sign outgoing responses?

To allow api users to verify the authenticity of outgoing webhooks, I am using a similar model to slack:

  • Concatenate timestamp and body, HMAC with pre-shared key, add timestamp and HMAC digest to headers.

  • Recipient does the same, and compares to the digest in the header.

I can either implement this exclusively on outgoing webhooks, or I can implement it as middleware that performs this process on both outgoing webhooks, and responses to requests.

Is doing the latter good practice? A good idea?

*Lifetime Free Web Hosting – Sign Up Today : Hostpoco.com

For every webmaster, Who wants to start new business and looking for reliable Hosting Plan? Hostpoco is the Best Solution for it.

“Now Hostpoco is becoming first choice for Free Web Hosting in Google Search and we are always trying to give the best possible features with our services and hence most of clients are now moving with Hostpoco. Our features like max space and bandwidth perfectly suit for startups..hence we are requesting everyone to try our services once and then decide”

Free Startup plan: $0/Lifetime

• Single Domain Hosting
• 200MB Web Space
• 200MB Bandwidth
• 2 Email Accounts
• 2 Sub Domains
• FREE Auto SSL
• DDOS Protection
• 99.99% uptime
• Softacolous Supported
• Tier 1 Technical Support

Hostpoco offers you the freedom to upgrade your existing Free Web Hosting plan to Paid Unlimited Web hosting service plan and we guarantee that there wont be any type of data loss of such upgrades. You simply suppose to initiate upgrade from client area and need to pay the respective amount and new package will be assigned as soon as you done with the payment! Note: Free Hosting Package limited with quantity of 1 per account.

For more Details:https://www.hostpoco.com/

Thank you.

Forced to sign the magical contract | Story

During the evil campaign for the big heist mission, my partner-in-crime and I were forced to sign the magical contract to serve the individual npc and patron by no means.

“During my encounter with the noble, I picked off from the noble in order to steal some coins. I succeeded on sleight of hand roll with Nat20 + 12 sleights of hands due to my Bard class with high stats on my end until something bit me. It was the book that grabbed with the tassel and it was chewing on my arm. As soon as the noble left the building. My partner attempted to remove the book but, unfortunately, it also grabbed him as well. As result, we held hands and acted like a fool when we tried to escape from it’s grasp. The very same noble approached to us and laughed at us. He gave us an offer if only we become his slaves for life and serve the patron or else we die. “

We’re looking for ways to escape from the magical contract.