Hi, We have to transfer binary data using web service stack and in the process we have to sign web service requests/responses. The main question is: what is the prefered way to do this? Should we use MTOM and WS-Security? From ISSUE CXF-1904 I have concluded that there are issues when one uses MTOM and WS-Security. CXF and axis2 use ...
Hi, I'm developing WCF web service that checks if a certificate in XML signature is valid. XML is signed with qualified and valid X509 certificate. While I am running service within Visual Studio development environment X509Certificate2.Verify() and X509Chain.Build() methods return TRUE. But when I publish my service under IIS these met...
I'm trying to find a way to script (preferably in Perl) - a check to see if an .exe or .dll is digitally signed - if anyone has an easy direction to point me, I'd appreciate it. ...
I pretty much a complete neophyte at this signature business so I don't know if what I'm asking is nonsense or not. Anyway, here goes... I want to send an out of band message (don't worry about how it gets there) to a program I've written on a distant machine. I want the program to have some confidence the message is legit by attachin...
Hi all, I'm trying to get my head around wcf and have a test scenario where i want to recieve an unsigned SOAP message process it and return a signed SOAP message, where the body is signed. Therefore, how do i add a public/private key pair to the WCF service for it to utilise in signing? Secondly, how would i add a digital signature t...
I was trying to validate an XML signature. The validation according to this tutorial works fine. But I also tried to a second approach. To verify it with the verify method of the Signature class I extracted the signature and the certificate from the xml file, and I did the following: public static boolean checkSignedFile(byte[] ...
I am using RFID tags to store some data which will then be read by a 3rd party. I need to include a digital signature (or some variation) along with the data so that the 3rd party can verify the authenticity of the tag. Straightforward enough. But the problem is that I am constrained by the RFID tag's 32-byte memory array. My applicati...
I'm new to java and I have a problem very similar to this.. suppress a digital certificate when prompted. I have full control over the environment. Any possible solutions? Expert Exchange question ...
I'm trying to verify a file that was signed by hashing with SHA-1 and encrypting the hash with an RSA private key. Obviously I'm using the RSA public key to verify. The key is in DER format. The signature verification works correctly using Java's Signature class. The openssl command I'm trying (and the result) is: ~/Downloads...
I'm working on a Java application that uses iText to digitally sign PDFs that will be made available online. I have been able to sign the documents with a test cert I obtained from GlobalSign and it works great. The test cert is part of GlobalSign's "DocumentSign for Adobe PDF". The reason I had to use this cert is so that my cert chains...
I have an application that records data from a manufacturing process on a periodic basis (various sample rates, minimum of 1 sec, the usual max is 10 min or more). The customer would like to know if the data has been altered (changed in place, records added to, or records deleted from). The data is recorded as a binary record. There c...
Hello, I'm signing some data on a .net-based smartcard and trying to verify that signature in a java environment - but without success. Smartcard (c#): RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(1024); // In a different method, rsaParams.Exponent and rsaParams.Modulus are set rsaProvider.ImportParameters(rsaPa...
I'm trying to use the DSACryptoServiceProvider class with C# to create two DLLs: one will have the ability to verify and create digital signatures, the other will just be able to verify. Basically, I'm trying to create a private/public key pair and save they keys accordingly (to a file). I'm running into problems when using ExportParame...
How can I verify a DSA signature in C#? Given: the message text, a signed digest (typically ASN.1 DER format), the public key (in a signed X.509 certificate, PEM or DER format) I've tried a number of approaches, but haven't had any success: OpenSSL.NET: various strange errors with the library; I've got an open thread running with...
After a jar is signed and the -tsa option was used, how can I validate that the time stamp was included? I tried: jarsigner -verify -verbose -certs myApp.jar But the output does not specify anything about the time stamp. I'm asking because even if I have a typo in the -tsa URL path, the jarsigner succeeds. This is the GlobalSign TSA U...
I need to digitally sign some text in python using a private key stored in a .pem file. It seems like M2Crypto is the preferred way to do that these days, so that's what I'm using. I think I get most of it, but I'm confused about how to configure padding. To be specific, I need to verify the signature in an iPhone app, using a padding ...
Is there any Windows API to know a file has digital signature attribute? Thanks in advance. ...
Hi all, I'm looking for a way to add a watermark/text overlay to a PDF document that contains a digital signature. Currently we've licensed PDFlib which does a great job of handling the overlays, but the problem is the current process will lose/wipe-out a digital signature added using Adobe's PDF creator software. I'm aware that modif...
I'm developing a software in Ruby on Rails that saves information about documents that requires fisical signatures. The idea is do it all digital including the signature. How could I do that? Do I have to save a hash in the database? EDIT: Well, I mean Digital Signature ...
Using Acrobat 9, if I sign a PDF using a self-signed certificate and then edit the PDF after I sign it, Acrobat will inform me that there is a valid signature on the document but that the document also has unsigned changes. If I then sign the PDF again and look in the signature panel, it will show the first signed revision with a valid s...