digital-signature

I m working on one project about certificates and digital signatures in Java, but i cant understand following situation. Certificates of sender and receiver of document was valid when signature is created. But in time, when receiver received document, certificate of sender had expired. Is that valid situation, so receiver can normally verify signature, or he cant? One more question. For what is used Non-repudiation key usage? A digital signature will remain cryptographically correct even if the certificate has expired, but verification of the signature will be invalid. An electronic

I've been struggling for awhile to amend this code sample from Microsoft that shows (somewhat outdated) way how to retrieve a code signature information from an executable file. It works but it doesn't retrieve information if a binary file is dual-signed. So I did some research and tried to rewrite it to make it recognize dual-signatures that are present in many modern executables in Windows. Unfortunately there are very few (nebulous) suggestion available ( 1 ), ( 2 ), such as those to use UnauthenticatedAttributes and szOID_NESTED_SIGNATURE (whatever that means) but only to retrieve a time

I'm evaluating TurboPower LockBox library for digital signing. I've created a 1024 bit RSA key and tried to sign a 260 bytes of text with it. After changing one or two characters in the text the signature is still valid for it. Is that ok? Or maybe it's a problem with this library. Changing even one character has a crucial effect. Do I need to create a larger key? UPDATE To test the library I used the demo application that comes with it. I have generated a 1024 RSA key pair and then tried the digital signing functions. First I've tried with a real 260 bit text file and found out that I can

This question already has an answer here: how to add blank page in digitally signed pdf using java? 2 answers I am having trouble with stamping PDF documents without invalidating digital signatures. Current, I succeeded stamping a PDF. However, if the document is previously signed the signature is no longer valid. I understand why that happens, but if I use Acrobat to add text or stamp it using annotation, the signature is valid. I tried adding annotations or comments but it still invalidates the signature. Is there a way to add stamp to a PDF using iText without invalidating digital

I need to digitally sign a soap message in a client. A PEM file with both private key and certificate has been given to me. I thought to test with SoapUI. Configuration for signature is done OK in Outgoing WS Security configuration - see the picture, as well, pem is added OK in Keystore/Certificate tab, but the soap message sent to a service is not signed. Does anybody know how to solve this problem? In your SOAP Request TestStep you have a tab called Aut . (First tab on the left) There you have to add your Outgoing WSS Configuration. See screenshot: 来源： https://stackoverflow.com/questions

These two codes provide the same signature, which is expected: code1: from M2Crypto import RSA, EVP import base64, hashlib text = "some text" pkey = EVP.load_key("mykey.pem") #"mykey.pem" was generated as: openssl genrsa -des3 -out mykey.pem 2048 pkey.sign_init() pkey.sign_update(text) signature = pkey.sign_final() print base64.b64encode(signature) code2: pkey = RSA.load_key("mykey.pem") signature = pkey.sign(hashlib.sha1(text).digest()) print base64.b64encode(signature) However, if I want to "imitate" the signature algorithm, i.e. encrypting the digest with the private key, I get a different

I've been banging my head against the wall with this problem for about 20 hours now and I am probably missing something easy. However, I've gotten to the point where I think I need help. I have read dozens of explanations for how to do different parts of the problem, but I cannot figure out how to bring them all together. I have a DER-encoded detached PKCS#7 digital signature. The signature conforms to RFC 3852 (Cryptographic Message Syntax). For my project I need to step through each of the steps needed to verify a signature and be able to tell which step the verification failed on. I am

I have the exe for the project im working on signed by a digital signature which means when it asks for admin rights it shows the company name. This works very well but if you modify the exe it will still work and show unknown there instead. Is there a way to check the digital signature to see if it is valid when you run the exe to avoid modified versions running? Visual studio 2008 windows 7 Here is a sample program(it uses WinVerifyTrust function) that verifies signature, but I'm not sure that it will work under Windows 7. You should try it. Considering you already have an UAC need, wouldn't

I have a WCF service in 4.0. I need to add digital signature to the SOAP response.I am not quite sure how it actually should be done. I believe the Response should look like what is shown in the link below. https://spaces.internet2.edu/display/ISWG/Signed+SOAP+Messages Is there any place where i can get details about this? Please advice. A message contract can indicate whether the headers and/or body of the message should be digitally signed and encrypted. This is done by setting the System.ServiceModel.MessageContractMemberAttribute.ProtectionLevel property on the MessageHeaderAttribute and

Recently, i tried to generate pdf by nodejs. And i finally found the PDFKit . That library is doing well,but i need to implement the part of digital signature. But most of implementation are for JAVA or C# like iText or VersyPDF. Plz give me some suggestion...thx I am currently working on the node-signpdf npm package (at the moment of writing this answer the version is 0.0.3). A readable snippet of PDF generation and signing can be seen in the test code . I know this answer comes years after the original question but I had pretty hard time figuring all this out so hope this answer helps