Amarjeet Shukla

SSH keys are cryptographic key pairs used to authenticate users and systems to SSH servers without passwords. Here's how they work, which algorithms to use, and where key management fails at scale.

NIST SP 800-57 defines how cryptographic keys should be managed throughout their lifecycle: generation, use, rotation, and destruction. Here's what it recommends, what crypto-periods mean, and how it applies to certificate and key management.

FIPS 140 defines security requirements for cryptographic modules (HSMs, software libraries, hardware tokens). Here's what the levels mean, when you need it, and what FIPS compliance actually requires operationally.

The CA/Browser Forum voted to reduce maximum TLS certificate validity to 47 days by 2029. Here's the timeline, what it means for your infrastructure, and how to prepare before it's enforced.

A digital signature proves who created a message and that it hasn't been modified. Here's how signing works with RSA and ECDSA, where signatures are used in PKI, and where verification fails.

Certificate Transparency requires all publicly-trusted certificates to be logged in append-only public logs. Here's how CT works, what SCTs are, and how to monitor CT logs for unauthorized certificates issued for your domains.

NSA's CNSA 2.0 mandates quantum-resistant algorithms for national security systems by 2030-2033. Here's what the requirements are, which algorithms to adopt, and how to plan your migration.

RSA is the most widely deployed asymmetric algorithm, used in TLS certificates, code signing, and key exchange. Here's how the math works, what key sizes to use, and why RSA is being replaced by ECC and post-quantum algorithms.

Key lifecycle management covers every stage a cryptographic key passes through: generation, distribution, use, rotation, archival, and destruction. Here's how to manage keys properly and where lifecycle gaps create risk.

Machine identity management is the discipline of issuing, tracking, and rotating cryptographic credentials for every non-human entity in your infrastructure. Here's what it covers, why it's growing exponentially, and where organizations lose visibility.