digital-signature

So, right now I'm building an API for third parties uses and I was reading about RS256 and HS256. What I understood was that diff between is that in the first one you use a public key to verify and a private key to sign, and the other one, use just one key.. So if you use RS256 if because you want to keep your secret key secure and want the client to verify the token, but what I don't understand why you would like to verify the token in the client? Because you do a post request to the server, then it sends you back a token and whenever you want to make an authorized request you just use that

In my application I need to verify whether it's signed or not. If it's signed continue the execution and exit the application if not. The signtool will be used to sign the application. Is there any C# code to do that? Here is a utility method that does it: var signed = IsSigned(@"c:\windows\explorer.exe"); ... public static bool IsSigned(string filePath) { if (filePath == null) throw new ArgumentNullException(nameof(filePath)); var file = new WINTRUST_FILE_INFO(); file.cbStruct = Marshal.SizeOf(typeof(WINTRUST_FILE_INFO)); file.pcwszFilePath = filePath; var data = new WINTRUST_DATA(); data

I realise this question may be a bit vague or I may be using incorrect terminology, that is because I am trying to get to grips with this stuff :). I have a requirement to implement digital signing of a XML message by using a dsig:Signature section. I think I understand this process; I will use a private key to sign it which will guarantee to the recipient that it was me who sent the message and that no one has tampered with it. Am I right that this is different from implementing TLS Client Certificates but the goal is the same? (because TLS is transport level, right?) Would implementing

W3C is working on a http://www.w3.org/TR/WebCryptoAPI/ to define a way to generate digital signatures, encrypton and so on from javascript. Basically defines a new object crypto inside a window object in DOM which must provide javascript with signature and encrypton features. Chrome starts to implement this object which is currently available in its javascript engine (I think in beta stage), I make some tries to generate some signatures with it an seems to work correctly, however I think the most util way to generate digital signatures with this new object is using the private keys in the OS

I have a quick question about calculating the digest of a PDF document to use for a digital signature (somewhat related to one of my earlier questions, I'm trying to figure out why you would need to know a client's certificate to create the correct digest). In Adobe's documentation about the PDF format the following is specified: A byte range digest shall be computed over a range of bytes in the file, that shall be indicated by the ByteRange entry in the signature dictionary. This range should be the entire file, including the signature dictionary but excluding the signature value itself (the