I purchased an authenticode certificate from a well known provider. Now I want to strong name an assembly and later on digitally sign it. This is what I've done so far: Extracted public key from pfx by running sn.exe -p keypair.pfx key.snk Checked both "Sign the assembly" and "Delay sign only" checkboxes on project properties signing...
I'm looking for a way to sign some data in C++ code which will then be sent to a PHP script for verification and processing. I want to use the OpenSSL module there, namely the *openssl_verify* function so I need something compatible with that. The application will be only for Windows so CryptoAPI might be fine but looking at the samples...
I am dealing with a particularly paranoid group of users who might want their contributions to my web site to be signed (e.g. with a GPG key) before submitting. While I could show them a "snippet" to copy and paste into their GPG tool, having the browser do this would certainly be nicer. With the JS performance of recent browsers, I'm ...
I have an application that records data from a manufacturing process on a periodic basis (various sample rates, minimum of 1 sec, the usual max is 10 min or more). The customer would like to know if the data has been altered (changed in place, records added to, or records deleted from). The data is recorded as a binary record. There c...
So I have a WCF service where I have various parts of the service contract with a ProtectionLevel of Sign. I set the credentials on the client side by choosing a certificate from the certificate store. This is fine. However .... Does this client certificate need to be in the 3rd party certificate store on the server for this to work? ...
I'm developing an application with plugins. I have a separate API assembly with all the API interfaces. The main application dynamically loads the plugins from dlls: object pi = Assembly.LoadFrom(plugin.AssemblyPath) .CreateInstance(plugin.ClassName); and then i'm casting it to the actual plugin type: IPlugin pluginIns...
There is a way to create packages, add some parts and sign it with a X509Certificate. I would also like to add a timestamping signature to the package. If the certificate expires or gets revoked the signature should remain valid if the package parts have been timestamped before the expiration/revokation. P.S. I'm using the System.IO...
Hello you iPhone guys, I have been using your knowledge that you share on stack overflow through my various Google Searches regarding iPhone development. Thank you for the same. But now I need your active help. Well I have been trying to create a final build for an application that my company is developing for a third party client. I h...
I would like to rewrite this php digital signing function into Delphi code. function SaySig() { $privKeyFilePath = "c:\temp\myrsakey.pem"; $data = "sign this string"; $fp = fopen($privKeyFilePath, "r"); $priv_key = fread($fp, 8192); fclose($fp); $privatekeyid = openssl_get_privatekey($priv_key); openssl_sign($data, $...
Using Java 1.4.2 with unlimited jurisdiction policy files installed. I have a class that has been successfully signing and verifying. However, now I've changed the keys and suddenly verification is failing. Keys were generated with: openssl genrsa -aes256 -out production_private.pem 2048 openssl pkcs8 -topk8 -nocrypt -in production_p...
I have a server (RoR app) sending information to a client (a Ruby Sinatra app) and I need a way for the client to be certain the data has come from my server, rather than an evil third party. The client has to login to the server before anything will be sent back the other way so the server could reply to the login with a shared key use...
I would like to use OpenSSL in C++ to digitally verify signed data. Here is what I want to do: use the openssl command line to sign a file, with my private key. send the data to the program the program will verify the signature (public key stored internally), and will check if it's correct Also I would like to add ablity to encrypt/...
In Outlook 2007, I have written an Application_ItemSend handler which needs to turn off digital signing for selected messages, even though signing is normally on by default for all messages. How can I activate/deactivate signing for MailItem objects? ...
I have just got my code signing certificate from StartSSL and am trying to sign our installer. The signing process goes well and I get an installer exe that Windows no longer complains about being from unknown publisher. This is great! However I tried to make sure that the timestamping also works as advertised so I moved my PC date to ...
I uploaded my application to Market and then downloaded it to my phone. Now I'm unable to use debug keystore which is used by default by Eclipse ADT Plugin (Re-installation failed due to different application signatures) and when I'm trying to setup own keystore in Eclipse->Windows->Android->Build->CustomDebugKeystore, I'm unable to ente...
I have a web service on an insecure network that needs authorization. I wish to implement it over HTTP, instead of HTTPS, at the same time evading man-in-the-middle and sniffing attacks. I need only one key for the client and the server. The client calls a server function, and the server can authenticate whether this client is right, ...
I am signing packets in some Java code and I want to verify the signatures on a C server. I want to fork openssl for this purpose (can always use library functions later... when I know openssl can verify the signatures); however, it's failing to do so: openssl dgst -verify cert.pem -signature file.sha1 file.data all it says is "unab...
I am trying to sign some X509 certificates. My root private key is an ECDSA secp384r1. I am using bouncy castle. What seems to happen is that when generating the certificate signature, the Signature class used is unable to understand my ECDSA key. The code that generates is as follows: X509V3CertificateGenerator v3CertGen = new X50...
I have a few variables that must be stored on the client side. As usual anything on client side can be tampered. I would like to sign a few variables and verified them when the data is sent back to the server. At the moment i think they are 5 64bit vars. On the server i would like to sign those 5 variables, then ensure the signature is ...
What I do: Publishing .Net 3.5 application via VS, or msbuild (whatever), and now I need to insert to the published application separate directory (Modules - not added as a reference to the project - our project architecture does not allow this). So I'm copying the folder to published location then runs mageUI.exe select the application ...