signing

On App Engine, I need a p12 file to create signed URLs: https://developers.google.com/storage/docs/accesscontrol#Signing-Strings Google does not describe what are best practices about keeping this file. Can I use the WEB-INF directory to store the file? It would then be part of the source code and kept together with the password to open it. What are best practices here? Or other approaches? -- What about performance? Is it efficient to load the file over and over again? Does App Engine automatically cache the file across calls (on the same instance)? Or will I need to load the file once using

I'm trying to sign some data using SecKeyRawSign but I keep getting a -4 errSecUnimplemented. That seems strange since the documentation states that it is available in iPhone OS2.0 and later. Has anyone been able to use this function? If so, are there any tricks involved? ~Nate If you're having this problem, most likely it is because the private key you generated isn't actually being saved into the keychain. I figured this out when stopping and restarting the application and signing the message wasn't working. So here are my methods to make this work. This one generates the key pair - (void

I'm trying to add the signing time attribute to a file that I am signing using SignedCMS. private byte[] signFile(byte[] fileContent, X509Certificate2 verificationCert) { ContentInfo contentInfo = new ContentInfo(fileContent); SignedCms signedCMS = new SignedCms(contentInfo); CmsSigner cmsSigner = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, verificationCert); Oid signedDate = new Oid("1.2.840.113549.1.9.5"); //oid for PKCS #9 signing time signedDate.Value = DateTime.Now.ToString(); CryptographicAttributeObject cryptoAtty = new CryptographicAttributeObject(signedDate); cmsSigner

The Android system has a flag called "Unknown Sources" that allows it to install applications from non-market sources. If I sign my application as described on the android developer website (i.e. with a certificate that is created using the private keys I got from google), and decide not to publish my application on the android market, but host it on my own site. Will this application be considered a non-market by the android system ? Will it still install with the "Unknown Sources" option turned off ? "Unknown Sources" allows for the installation of applications via download links (.apk files

I have just got my code signing certificate from StartSSL and am trying to sign our installer. The signing process goes well and I get an installer exe that Windows no longer complains about being from unknown publisher. This is great! However I tried to make sure that the timestamping also works as advertised so I moved my PC date to 2012, after my code signing certificate expiration date. This supposedly should not make any difference but when I run the same installer exe I now get the same nasty "unknown publisher" warning. Looking at the properties of the exe in the Digital Signatures tab

I am wondering what files should be digitally signed? I'm not talking about strong naming assemblies, but about digitally signing files so that it is possible to determine if they have been tampered with. I read the following post . The author states that all installer files should be signed as well as the main program executable - that sounds reasonable, but what about other files and applications? I know that ClickOnce applications have their manifest signed, not sure about the installer itself, but as the manifest contains some file hashes, I guess that it's not necessary to sign anything