digital-signature

In my application, I have a public key (represented as string), plain message and digital signature, represented as base64 encoded string, hashed with SHA256 and encrypted with RSA). Now, I need to verify digital signature. I was trying to do as follows: create SecKeyRef from NSString (taken from here ) create SHA256 digest from original message verify signature using SecKeyRawVerify function (I am trying to avoid using OpenSSL function) Additionally, my digital signature was created using Java's SHA256withRSA method. I was reading here that SHA256WithRSA appends algorithm identifier with the

I'm trying to get the original document of a signed PDF in order to compare it's hash with an stored doc. This is really easy when the document has several signatures, with acrobat reader you can go the previous revision of the document save it and that's it. Surprisingly this does not work with the first signature, where there is no straight forward way to get the original data. As it is not possible to do it with the reader I have tried programatically with iTextSharp. However although I have googled deeply I have not found how to do it. The only relevant post I found is this one but no

I'm developing WCF web service that checks if a certificate in XML signature is valid. XML is signed with qualified and valid X509 certificate. While I am running service within Visual Studio development environment X509Certificate2.Verify() and X509Chain.Build() methods return TRUE. But when I publish my service under IIS these methods return FALSE. What I am doing wrong or what is missing? Here is my validation code: public static void VerifyXml(XmlDocument xDoc) { // Create a new SignedXml object and pass it // the XML document class. SignedXml signedXml = new SignedXml(xDoc); // Find the

I would like to include git tag -v command into the deployment process to catch unsigned tags or tags signed by a non-trusted GPG key. The command returns with an exit code of 0 if the tag has a valid signature, but does not care wether the signed key is trusted or not. I don't want to resort to grepping the resulting GPG message manually I haven't tried it yet, and the documentation doesn't mention exit codes, but you could try git-verify-tag plumbing command Update Having no easy way to test this, I've reviewed the source code: https://github.com/git/git/blob