digital-signature | 易学教程

How to digitally sign a pdf using iText?

阅读更多关于 How to digitally sign a pdf using iText?

问题 How do i sign a pdf using iText ? I'am going through this LINK but didn't understand about my_private_key.pfx. Do i really need a certificate for digital signature ? Please clarify me. Thanks in advance. 回答1: The document you mentioned in the question is good. You have to create digital signature files. This link has a tool that uses PKCS files and sign PDF documents. It claims to use iText, so you should able to understand the steps. source code here 回答2: hope this ll help you public class

Tutorial of ECDSA algorithm to sign a string

阅读更多关于 Tutorial of ECDSA algorithm to sign a string

问题 Can you help me to find a simple tutorial of how sign a string using ECDSA algorithm in java. But without using any third-party libraries like bouncycastle. Just JDK 7. I found it difficult to search a simple example, I'm new to cryptography. import java.io.*; import java.security.*; public class GenSig { /** * @param args the command line arguments */ public static void main(String[] args) { /* * Generate a DSA signature */ try { /* * Generate a key pair */ KeyPairGenerator keyGen =

Where to get Certificate for digitally signing PDFs?

阅读更多关于 Where to get Certificate for digitally signing PDFs?

问题 I'm working on a Java application that uses iText to digitally sign PDFs that will be made available online. I have been able to sign the documents with a test cert I obtained from GlobalSign and it works great. The test cert is part of GlobalSign's "DocumentSign for Adobe PDF". The reason I had to use this cert is so that my cert chains back to the Adobe Root CA, which to my knowledge (and I could be wrong) is the only CA that is trusted by Adobe Reader out of the box. I tried regular SSL

How to validate a SAML signature value

阅读更多关于 How to validate a SAML signature value

问题 I have a customer who is sending a Security key. The encryption they are using is triple DES. Every Assertion they send has a signature value which needs to be validated to give them necessary privileges. Can you give me a sample code which does this? 回答1: Encryption and signing are two different animals. Triple DES is a symmetric key method (same key used for encryption and decryption). Digital signatures, on the other hand, use asymmetric keys (private/public key pair), where the signature

Verifying RSA Signature iOS

阅读更多关于 Verifying RSA Signature iOS

In my static Library I have a licence file. Which I want to make sure has been generated by myself (and has not been altered). So the idea was to use an RSA Signature from what I've read. I've looked on the internet and this is what I came up with: First: Generating the private keys and self signed certificates with the information I found here . // Generate private key openssl genrsa -out private_key.pem 2048 -sha256 // Generate certificate request openssl req -new -key private_key.pem -out certificate_request.pem -sha256 // Generate public certificate openssl x509 -req -days 2000 -in

When should I use SHA-1 and when should I use SHA-2?

阅读更多关于 When should I use SHA-1 and when should I use SHA-2?

In my c# application, I'm using RSA to sign files before being uploaded on the database of my company by the person who is uploading and here I have to choose SHA-1 or SHA-2 for computing the hash. As any other component in programming, I know that there must be a "use this here" and "use that there" for the two of them. So, When this? and when that? EDIT: My question is: What is the difference regarding performance? and not regarding security, as I already know that SHA-2 is more solid secure than SHA-1. In this Link a comparison between different types of SHA-2 noting when to use SHA-512 and

Keystore from digital signature e-token using java

阅读更多关于 Keystore from digital signature e-token using java

How to create the keystore from digital signature e-token? How crate the path of keystore? How to sign with the keystore in any document using java application? Cryptographic hardware devices can usually be interfaced via PKCS#11 API. You will need PKCS#11 library (.dll on Windows or .so on Unix) acting as a "device driver" which gets usually installed along with the software provided by the device vendor (consult your e-token documentation for the exact library location). You have mentioned "keystore" in your question therefore I guess you are using JAVA language and you can use SunPKCS11

What do I need to know about XML Signatures to get SAML working?

阅读更多关于 What do I need to know about XML Signatures to get SAML working?

问题 At work we have a web app that we'll need to interface with another company's web app using Single Sign On validated by SAML. Our web apps are written in PHP, and it's obviously irrelevant what language choice the other company is using. Nonetheless, I've needed to write a simple API that this other company can send SOAP requests to with SAML requests, and generate back a SAML response. I've been writing it from scratch for three reasons: 1) there don't really seem to be many options for SAML

android verify signature of file with .der public key

阅读更多关于 android verify signature of file with .der public key

I'm trying to verify the signature of a file. I followed these instruction to generate a certificate: // generate a private key with size of 2048 bits openssl genrsa -out private_key.pem 2048 // derive a public key from the above private key openssl rsa -in private_key.pem -out public_key.pem -outform PEM -pubout // iOS will not import PEM encoded data so it needs to be converted to DER encoded data openssl rsa -pubin -inform PEM -outform DER -in public_key.pem -out public_key.der // generate a self-signed certificate for testing openssl req -new -x509 -key private_key.pem -out test_cert.pem

Understanding RSA signing for JWT

阅读更多关于 Understanding RSA signing for JWT

问题 I'm implementing a sign in system with the help of the JWT (JSON Web Token) scheme. Basically, after a user sign in / login, the server signs a JWT and passes it to the client. The client then returns the token with each request and the server verifies the token before sending back a response. This is pretty much how you would expect it, but I'm having some problems with the logic of the process. From all the mathematical articles I've read, it seems that RSA signing uses asymmetric keys for