digital-signature

问题 How can I verify a DSA signature in C#? Given: the message text, a signed digest (typically ASN.1 DER format), the public key (in a signed X.509 certificate, PEM or DER format) I've tried a number of approaches, but haven't had any success: OpenSSL.NET: various strange errors with the library; I've got an open thread running with the author over on SourceForge but haven't been able to resolve this yet. Microsoft .NET API: can't unpack the DER signature for comparison. A DSA signature is 40

问题 i need to digital sign my XML messages in JAVA: The resulting XML signature should have the following format: <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </Transforms> <DigestMethod Algorithm="http:/

问题 I'm building a web application that most allow the user to digitally sign PDF documents with certificates installed in the client machine. The document, once signed, should be posted back to the server, where it will store the signed version. The server is running Classic ASP/ASP.NET Where should I go? 回答1: I actually built a system just like this into our web application. Here are some links I found tremendously helpful in doing so: http://www.codeproject.com/KB/vb/Digital_Signatures.aspx

问题 After Adding LTV to digital signature it shows document has changed. After taking ref from this que : After LTV Certification Signature, PDF shows "Document has been Changed" I made changes in my code, It works fine with all document but for this document : https://www.sendspace.com/file/3ulwn7 - It shows Invalid signature. we are also using document signing service from global sign for same. Below code for adding LTV : public void AddLtv(string src, string dest, IOcspClient ocsp, ICrlClient

问题 I am trying to verify digitally signed PDF document in Java. I'm using Apache PDFBox 2.0.6 to get the signature and the original PDF that was signed, then I'm using Bouncy Castle to verify detached signature(calculate the hash of the original file, verify the signature using signer's public key and compare the results). I read this article and tried to get the signature bytes and the original PDF bytes using this code: PDDocument doc = PDDocument.load(signedPDF); byte[] origPDF = doc

问题 Using a non-Microsoft compiler, I have written small application for Windows that I'd like to give away for free or sell for some trivial amount ($5 say). The program doesn't use the registry but I'd like to provide it as an installer executable (e.g. MyAppInstall.exe) created using freely available tools (e.g InnoSetup). From Signing a Windows EXE file and other sources my understanding is as follows: If I do not sign the installer, Windows will pop-up a warning dialogue box warning the user

问题 I have a PDF which has been signed by 2 people (by Eid). I'm trying to retrieve this information but I'm unable so far. This is what I have so far: namespace ConsoleApplication1 { class Program { static void Main(string[] args) { string workingFolder = Environment.GetFolderPath(Environment.SpecialFolder.Desktop); string inputFile = Path.Combine(workingFolder, "Tax Return.pdf"); PdfReader reader = new PdfReader(inputFile); Console.ReadLine(); } } } If I inspect 'reader' during runtime I can

问题 Currently Iam creating a digital and electronic signature using apache pdfbox. Recently i came to know the vulnerabilities in digital and electronic signature like Universal Signature Forgery (USF), Incremental Saving Attack (ISA) and Signature Wrapping (SWA). Does PDFBox takes this care automatically or do we need to enforce additionally in code to take care of this 回答1: On the attacks themselves To start with, the attacks mentioned have been developed in a master thesis ("Security of PDF

问题 Currently Iam creating a digital and electronic signature using apache pdfbox. Recently i came to know the vulnerabilities in digital and electronic signature like Universal Signature Forgery (USF), Incremental Saving Attack (ISA) and Signature Wrapping (SWA). Does PDFBox takes this care automatically or do we need to enforce additionally in code to take care of this 回答1: On the attacks themselves To start with, the attacks mentioned have been developed in a master thesis ("Security of PDF

问题 I would like to include git tag -v command into the deployment process to catch unsigned tags or tags signed by a non-trusted GPG key. The command returns with an exit code of 0 if the tag has a valid signature, but does not care wether the signed key is trusted or not. I don't want to resort to grepping the resulting GPG message manually 回答1: I haven't tried it yet, and the documentation doesn't mention exit codes, but you could try git-verify-tag plumbing command Update Having no easy way