digital-signature

问题 I'm trying to understand if and how I should validate a PAdES signature with an embedded timestamp. This embedded timestamp is obtained from a timestamp authority (TSA). If the signature includes crl file or ocsp response, we should generally first validate the chain of certificates from the signature is not expired nor revoked at the date corresponding to this timestamp. As the timestamp from a TSA is also signed, I'm trying to figure out if I should also validate the chain of certificates

问题 I'm writing both a server and an Android client application. The Android client sends measurements to the server. In order to ensure the data integrity, a digital signature is appended to each measurement. Since I need everything to be Gson-compatible, storing the public key itself is not possible. I'm storing the G, P, Q and Y factors instead. Here's a snippet from the request class: public PublicKey getPublicKey() { try { DSAPublicKeySpec keySpec = new DSAPublicKeySpec(publicKeyY,

问题 I've searched everywhere but cannot find an answer. I am using flowplayer and amazon s3 with PHP. The link works in the browser if I copy and paste but it appears flowplayer doesn't like query strings. I tried replacing the html entities then url encoding it. I just tried url encoding it. I just tried removing the & and replace with & etc. None of these worked. My goal is to play a url signed video from amazon s3 using flow player. I know I have no code to display because none of it is 'right

问题 We're trying to validate the digital signature of a Dutch government agency (UWV Verzekeringsbericht) including the authenticity of the file. Adobe Acrobat Reader is able to validate this file correctly. With a small proof of concept application we're able to verify the authenticity of various kind of digitally signed PDFs: import com.itextpdf.text.pdf.AcroFields; import com.itextpdf.text.pdf.PdfReader; import com.itextpdf.text.pdf.security.PdfPKCS7; import org.bouncycastle.jce.provider

问题 Read through the following references: iText Digital signature white paper, and C# examples. (specifically chapter 4) For those interested, another great and concise summary of the PDF signing process. CAPICOM documentation. Online examples / questions here and on iText mailing list archives, such as here and here. Hashing code: BouncyCastle.X509Certificate[] chain = Utils.GetSignerCertChain(); reader = Utils.GetReader(); MemoryStream stream = new MemoryStream(); using (var stamper =

问题 With signtool I can create a PKCS#7 file with the following command signtool sign /p7 <output dir> /p7co 0 /tr <ts server> /td SHA256 /f <pfx file> /p <pass> /a myfile.zip I get a slightly larger file signed file with .p7 appended. I can then verify it with signtool verify /p7 myfile.zip.p7 But what is the recommended way to verify the signature with code and then extract the data? The WinVerifyTrustEx function works fine with PE files, but doesn't like P7 files. It returns 2148204800 ("No

问题 I am a beginner in DocuSign API programming. I have a .cshtml page for create envelope for sending to customer. When I try to create envelop from DocuSign API it shows error message like: Page number not specified in tab element. Page Number or AnchorTabItem missing for tab \"SignHere\"." Please see my HTML and code below. Html <span> <br /> <br /> <span><b>SIGNATURE:</b></span> <span style="color:white;">pleasesignhereBP</span> <br /> <br /> <span><b>DATE:</b></span><span style="color:white;

问题 I signed file with my digital signature, how can i read this signature from this file? Signature is trusted (Globalsign) . Encryption RSA/SHA1. Signed file is .exe 回答1: First, you need to specify what kind of certificate you're dealing with. If you are talking about a CLI assembly, then you might be dealing with StrongName signatures, which are entirely different beasts designed to prevent name collisions in the CLR's global assembly cache. It sounds more like you want to read Authenticode

问题 This question was migrated from Cryptography Stack Exchange because it can be answered on Stack Overflow. Migrated last year . I'm developing an application based on OpenSSL version 0.9.8a API and I need to verify an RSA signature (4096 bit RSA key) using an RSA public key pubkey . This is my code: const EVP_MD* md = EVP_get_digestbyname("SHA512"); if (!md) { return false; } if(EVP_DigestInit_ex(ctx, md, NULL)<=0) { return false; } if(EVP_DigestVerifyInit( ctx, NULL, md, NULL, pubKey)<=0) {

问题 Is there a built in procedure to digitally sign an HTTPS request with client's SSL private key in .net? Also, is there a built in procedure to verify the digital signature against an SSL certificate? Or do I have to roll my own? Or is there a third party library? The data that I want to sign is normal HTTP form request. For example I'm providing this address to deduct balance of a card: https://myserver/deduction The client will post an HTTP form to that address with data like card