digital-signature

Hi I am using code from this link , Can you let me know why signature is verify is not working? Java signer is using BouncyCastleProvider with SHA1withRSA , here is dotnet verify code.... using System; using System.IO; using System.Collections.Generic; using System.Linq; using System.Text; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.OpenSsl; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities.Encoders; namespace

After Adding LTV to digital signature it shows document has changed. After taking ref from this que : After LTV Certification Signature, PDF shows "Document has been Changed" I made changes in my code, It works fine with all document but for this document : https://www.sendspace.com/file/3ulwn7 - It shows Invalid signature. we are also using document signing service from global sign for same. Below code for adding LTV : public void AddLtv(string src, string dest, IOcspClient ocsp, ICrlClient crl, ITSAClient tsa) { using (PdfReader r = new PdfReader(src)) { using (FileStream fos =new FileStream

I am using swisscom digital signature service and we have a test account. Well the service requires the hash code the pdf file . We send it with DIGEST_VALUE=$(openssl dgst -binary -SHA256 $FILE | openssl enc -base64 -A) and I get a PKCS#7 response. You can decode the my signature response by using this website https://certlogik.com/decoder/ and the signature content is http://not_need_anymore I have the same problem as follow (because we use the same code) Digital Signature (PKCS#7 - Deferred Signing) / The document has been altered or corrupted since the signature was applied my response has

I am trying to digitally sign information with a private key. I know how to do this on in a desktop client application with .Net, but am not sure how to do it in ASP.Net. It would be used on an intranet using IE8. If it is done via ASP.Net, I am guessing that the private key is not sent to the server when the user types in their certificate passowrd when going to the site (https, 2-way SSL), but am not sure. If there is no way to access the client private key on the server, then how can I sign something in the browser? Can I use javascript? Edit: I guess what would be helpful to know first is

I am trying to verify digitally signed PDF document in Java. I'm using Apache PDFBox 2.0.6 to get the signature and the original PDF that was signed, then I'm using Bouncy Castle to verify detached signature(calculate the hash of the original file, verify the signature using signer's public key and compare the results). I read this article and tried to get the signature bytes and the original PDF bytes using this code: PDDocument doc = PDDocument.load(signedPDF); byte[] origPDF = doc.getSignatureDictionaries().get(0).getSignedContent(signedPDF); byte[] signature = doc.getSignatureDictionaries(

I'm updating a project for my company and there is a section where we need to digitally sign a pdf with our certificate file. In this case, I should change the script that signs this pdf using an updated library from PHP. In the old code, we were using another script to make happen that, and we had to use a .p12 file + a string. Using this old script, when you open the created pdf with Acrobat Reader DC we get the next image where you can see that says "Signed and all signatures are valid". In the new script, I'm using the next example: https://tcpdf.org/examples/example_052/ To be able to

Using a non-Microsoft compiler, I have written small application for Windows that I'd like to give away for free or sell for some trivial amount ($5 say). The program doesn't use the registry but I'd like to provide it as an installer executable (e.g. MyAppInstall.exe) created using freely available tools (e.g InnoSetup). From Signing a Windows EXE file and other sources my understanding is as follows: If I do not sign the installer, Windows will pop-up a warning dialogue box warning the user that the publisher is unknown and suggesting they should not run the software. This is undesirable. If

We have a set of COM components developed in VC++. When a reference to such component is added to a .NET project Visual Studio generates an interop assembly. We have a set of such assemblies now. While running our daily build we sign all the produced binaries with a digital signature. Interop assemblies are not signed since we don't feel we are the authors - anyone can use Visual Studio and produce the same assemblies. Should we sign the interop assemblies as well? Should we also sign them with a strong name (sn.exe utility)? What are the reasons to do so? This has been a tricky balance for