digital-signature

I am looking for sample code (or libraries) that can help me validate digital signatures for Windows PE files (.exe, .dll, .cab, .etc) on non-Windows platforms using C++. I am looking for a platform-independent approach. Thanks! You could check at WINE's WinVerifyTrust implementation for a full programmatic way. And, actually, here is a good link How to verify executable digital signatures under Linux? that complains about WINE implementation (that was back in 2008), and thus, explains the process in a quite "portable" way, provided you have something similar to OpenSSL available in your

For an electronic prescription system, that runs on the browser and that requieres personal signature by the professional, we are using a Java applet to sign the XML request, that then is sended to a WS, using a smartcard. But since version 42, Chrome is disabling by default NPAPI support , and in future versions next to September 2015 it will be completely disabled and then applets won't be usable at all. At Chrome NPAPI deprecation page points to WebCrypto and TLS as alternatives. But it seems that WebCrypto has leaved out of scope the support of smartcards , and it seems that TLS is only

After a jar is signed and the -tsa option was used, how can I validate that the time stamp was included? I tried: jarsigner -verify -verbose -certs myApp.jar But the output does not specify anything about the time stamp. I'm asking because even if I have a typo in the -tsa URL path, the jarsigner succeeds. This is the GlobalSign TSA URL: http://timestamp.globalsign.com/scripts/timstamp.dll and the server behind it apparently accepts any path (ie. timestamp.globalsign.com/foobar), so in the end I'm not really sure my jar is time stamped or not. Just spent the last 2 hours looking for this issue

I am trying to digitally sign a XML document using SHA256. I am trying to use Security.Cryptography.dll for this. Here is my code - CryptoConfig.AddAlgorithm(typeof(RSAPKCS1SHA256SignatureDescription),"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); X509Certificate2 cert = new X509Certificate2(@"location of pks file", "password"); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.Load(@"input.xml"); SignedXml signedXml = new SignedXml(doc); signedXml.SigningKey = cert.PrivateKey; signedXml.SignedInfo.SignatureMethod = "http://www.w3.org/2001/04/xmldsig-more#rsa

I need to create digital signature of some XML data with a client certificate(smart card) using web browser. Usually I used to do it with a java applet executing on the client side. The benefit being multiplatform in terms of OS and browsers. However this option is getting increasingly harder and harder to implement and support in the long term. Virtually all browsers require some sort of action in order to execute such applet, code signing with a trusted certificate is almost mandatory nowadays, new manifest attributes and so on. Well there is nothing wrong with some extra layer of security

I have an XML like this <?xml version="1.0" encoding="utf-8"?> <foo> <bar> <value>A</value> </bar> <bar> <value>B</value> </bar> <baz> <value>C</value> </baz><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http

I have generated the following token and am trying to verify the signature with http://jwt.io I have also attached the contents of my jwks endpoint that should have all the details I need to verify. So my question is: how do I get this to say signature valid on the jwt.io website? Am I missing some transformation on the certificate chain parameter? Here is the spec for jwks for reference. eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9

I am relatively new to PKI, certificates and all related stuff. As far as I understand in public-key cryptography one encrypt with a public key and decrypt with a private key. Only one private key can correspond to any public key but the opposite is not true. Is it correct? Or is it one to one mapping? So, the way digital signature works is that the content of a certificate is hashed and then "signed" with a private key. The signature is verified then with the corresponding public key. So, here is where I get confused. What is the difference between encrypting a message with a public key and