I need to take a PDF, add some dynamically generated license text to it, and digitally sign the document before emailing it to the intended recipient. What's the best way to do this in PHP? My understanding of digital signage is that the content of the PDF is converted into a hash, and some property of the document is set to this value...
We produce a content management system. It's a DB-based system, used only by businesses and organizations, and never downloadable from the Internet. I.e., it's not the kind of software someone might stumble upon and wonder what it is and whether it's safe to run. Over the 20+ years our system is being sold, it's executables have never be...
Hi everyone. I am working on a project to implement digital signatures of outgoing messages and decided to use M2Crypto for that. I have a certificate (in DER format) from which I extract the keys to sign the message. For some reason I keep getting an ugly segmentation fault error when I call the "sign_update" method. Given the previo...
I'd like to build a trusted path for software development. This means that every change in to code must be signed by the author and one reviewer, before being accepted. These signatures for the changes must be verifiable at release time, or there must be some other means of making sure the repository can not have been tampered, or additi...
I have an application that requires a secure way to store its configuration. There are users that can change the configuration. I need some sort of signature scheme where I can verify that the config file has not changed with out a valid user. I had thought about using RSA, where the private key is encrypted with the users password, and ...
I'm using a web reference generated from a .wsdl file. I've also examined the Amazon web service example but couldn't get it working. Enclosed is an example of the soap request. <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"...
any ideas how to do this? ...
I'd like to capture signatures of application users with a mini-tablet/little pos signature device. I welcome any first hand experiences of which ones were good and which ones to stay away from. Off the top of my head I can think of a few features I'd like to see: USB interface Not too expensive (I don't know 100-200 dollars?) Be eas...
Hello, I'm developing a firefox extension and I'd like to provide automatic update to my beta-testers (who are not tech-savvy). Unfortunately, the update server doesn't provide HTTPS. According to the Extension Developer Guide on signing updates, I have to sign my update.rdf and provide an encoded public key in the install.rdf. There i...
Hi everyone, As you know, OAuth can support RSA-SHA1 Signature. I have an OAuthSignature interface that has the following method public String sign(String data, String consumerSecret, String tokenSecret) throws GeneralSecurityException; I successfully implemented and tested HMAC-SHA1 Signature (which OAuth Supports) as well as the PL...
Hello, it's late, I'm tired, and probably being quite dense.... I have written an application that I need to secure so it will only run on machines that I generate a key for. What I am doing for now is getting the BIOS serial number and generating a hash from that, I then am encrypting it using a XML RSA private key. I then sign the XML...
I have a C# Outlook Add-In application (VS2005 and 2003 Outlook) that reads incoming emails and strips out the attachments and the email text body for future processing. Occasionally I'll get an email that contains a digital signature. The application will fail when I try to access the mailitem.body property, throwing the following exc...
Is there a ruby way to digitally sign email messages via S/MIME? Our group uses PKI and our users are conditioned to expect digital signatures for important messages. I know I can invoke the openssl command line tool: openssl smime -sign -signer $CERT_FILE -passin pass:$CERT_PASS -in $UNSIGNED_MAIL -out $SIGNED_MAIL -certfile $CERT_...
Are there command-line tools for XML digital signing? I have found one here: http://www.codeproject.com/KB/security/xmldsiglic.aspx but it needs .NET Framework and i would prefer it to work without .NET ...
Hi , I am new to java security. I have a certificate which is signed with a self signed root certificate .Say client.pem is the signed certificate and root.pem is the root certificate. The signed certificate is embedded into the client program. When connection is made it to the server program. Ineed to verify the call is from authe...
As a means of simple security, I was previously checking the digital signature of a downloaded update package for my program against its public key to ensure that it originated from me. However, as I'm using cheap code signing certs (Tucows), I am unable to renew an existing cert and therefore the keys change every time I need to renew. ...
Is it possible to sign a MIME email (RFC 2822) multiple times using S/MIME, so that all signatures are verifiable and retrievable? ...
I don't want to see unsigned driver warnings while installing a driver, so I'm trying to digitally sign a driver using signtool, inf2cat, and a Software Publishing Certificate. Vista x64 requires the drivers to be digitally signed or it flat out rejects them, but I have managed to get Vista x64 to accept the driver, so I know I'm doing ...
We have an application that performs auto-updates. Until recently, we haven't run into any issues. However, a lot of our customers are finally upgrading to Windows 7 and running into all sorts of issues. I've been tasked with updating the installer so it works on 7 (and Vista, although it appears none of our customers use Vista). Bas...
Is it possible to delay the messagebox which asks the user to run a java applet even due it can't verify it's signature, until the Applet actually tries to access the harddrive? ...