digital-signature

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 6 years ago . What constitutes a "legal" digital signature for a web form (not a document)? OPTION 1 : I worked on a project where a doctor makes notes on the health of a patient. When the web form is submitted a PDF is generated and digitally signed with a digital .CER certificate and the PDF is saved to the file system.

问题 Im doing ECDSA signatures using dgst command with OpenSSL as follows: openssl dgst -sha256 -sign key.pem -out my_signature data_file which works just fine. However I read in this SO answer that it first SHA256 hashes the data_file, and ASN.1 encodes the hash before signing it. I would like to create the SHA256 hash of the data and make ECDSA sign just the raw bytes of this hash. (As this is the ECDSA signature, I cannot use rsautl as in the mentioned SO answer.) How do I achieve this using

问题 I am signing my PDF files programmatically and I would like to add the signature appearance to the PDF : what objects would I need to achieve this ? I know I have to Annotations , BBox and XObject but I don't really know in which order and if I need other things. It is really hard to debug this kind of stuff to find the right configuration so any help would be appreciated ! This is the kind of appearance I want to have : I am using Zend_Pdf to handle my files. 来源： https://stackoverflow.com

问题 I am successfully signing documents using iText. However, any time that I check the "Advanced Signature Properties" in Adobe Reader I see that the "Signature was created using Not available." My question is, how can I use iText update this piece of information to then display properly in Adobe Reader or any other PDF reader? EDIT #1: An answer suggested using the PdfSignatureAppearance class's setSignatureCreator(String signatureCreator) (API and Source). This was not successful in updating

问题 I'm having trouble verifying DSA signatures using Python/M2Crypto. The signatures are generated in Java, using standard java.security.Signature class, with Sun's crypto provider and SHA1withDSA algorithm designation. Here's some shell output: >>> pk <M2Crypto.DSA.DSA_pub instance at 0x20b6a28> >>> sig = '302c02141c4bbb218215ebfec57288059ce814dc430d849502144dd0c581bf2213aff79d17eb37c939e120a97bd2'.decode('hex') >>> data ='0501...9794'.decode('hex') >>> pk.verify_asn1(sig, data) ---------------

问题 Following this discussion it's a simple tutorial how to sign a string by using ECDSA algorithm in java without using any third-party libraries. But the question is: How can i convert the public and the private key into a string ? (Because i want to send them into a database). Can somebody help me create a simple tutorial of how to verify the message by using ECDSA algorithm in java ? at this point i need to include the signature and public key as the verification method. Here's my scenario in

问题 It may be a stupid or naive question, but: Are OAuth2 bearer tokens signed? To put it in other words: Is the consumer able to verify whether the bearer token was issued by a specific authorization server? 回答1: No. But there are efforts under way to fix this. HTTPS ensures the token was transmitted securely, but it doesn't tell you who issued the token. 回答2: Actually you have to use oauth over https which is going to be responsable of signing 来源： https://stackoverflow.com/questions/16065497

问题 I'm developing an Android application, but I want to restrict my application to only be accessible by hardware that is not running a rooted/custom ROM. I know about Android's Forward Locking content protection, but would like to double check this protection from within my app. Is there any way to get the signature of the device along with a trusted signature of the ROM using android API's so that I lock my app out from Custom ROMs? 回答1: There is no fail-proof way that I can think of, sorry.

问题 After following the "Signing a document using a smart card and PKCS#11" topic in http://itextpdf.com/book/digitalsignatures and creating a code sample similar to the provided one, the signed file signature is invalid in Adobe Reader, the signature appearance has the name of the non-repudiation certificate (i.e., the name of the eID owner) but in Adobe Reader's Signature Panel shows: The error occured while validating: I'm using a Gemalto PinPad and the Portuguese eID pteidpkcs11.dll installed

问题 A collegue and myself have been trying to understand how jwt tokens verify tokens, but from our reading we seem to be confusing ourselves. Please can someone help confirm whether my thinking is correct Tokens are signed using the private key. The signature is a combination of the header and payload encrypted using the private key and added to the jwt as the last part, the signature. In order to verify the token the receiver can replicate this process using the public key. They encrypt the