The reason is the base64url encoding. The three parts of a JWT are all base64url encoded. Base64 encoding transforms the input data to a 6-Bit representation, mapped to a set of 64 ASCII characters. If you have 3 bytes source data (24 bits), the base64 encoded result is 4 characters long, each character representing a … Read more
Disclaimer: although, it is not a straight answer to your question, but may contain directions for you to get the right way depending on a business requirements. There are two major issues in your question. One of them I tried to discuss in comments, but may need to explain. Let’s try to analyze your initial … Read more
You can try one of these publicly accessible RFC 3161 compliant time-stamping services: https://freetsa.org Supports HTTP, HTTPS and TCP transports and has other features http://time.certum.pl http://dse200.ncipher.com/TSS/HttpTspServer http://tsa.safecreative.org 5 free requests per day (may not be valid as root CA is ‘test’) – Safe Creative TSA is no longer active http://zeitstempel.dfn.de http://tsa.tecxoft.com Requires registration http://timestamp.comodoca.com/rfc3161 http://sha256timestamp.ws.symantec.com/sha256/timestamp … Read more
If anyone wants to debug release build using Android Studio, follow these steps: Set build variant to release mode. Right click on app in left navigation pane, click Open Module Settings. Go to Signing Tab. Add a signing config and fill in information. Select your keychain as well. Go to Build Type tab. Select release … Read more
There are a number of issues in your code. First of all your code mixes different iText signing API generations. There is the older API generation which requires you to work very near to the PDF internals, and there is the newer (since version 5.3.x) API which is implemented as a layer over the older … Read more
LTV (Long Term Validation) and PDF signatures The term LTV-enabled 4 Profile for PAdES-LTV 4.1 Overview Validation of an electronic signature requires data to validate the signature such as CA certificates, Certificate Revocation List (CRLs) or Certificate status information (OCSP) commonly provided by an online service (referred to in the present document as validation data). … Read more
After some research, recurring to the OpenSSL documentation and exploring the Origami solution, i built the code below, and managed to insert a locally generated signature/certificate into a pdf document. Now I just need to figure out how to use this with an external generated certificate (check version 2 below, where i solved it). I’ve … Read more
Apparently a lot of people ran into the same problem. After investigating source code of the class Signature, I came to conclusion that Microsoft aimed to help us. There is hardcoded prefix “ds” in the method LoadXml(). So, it is possible to generate signature, then add namespace prefix “ds” to it, load modified signature back … Read more
A common mistake is to try to decrypt using the public key.
I guess what you say is you know the key pair before hand and want to sign/verify with that. Please see the following code. import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.Signature; import sun.misc.BASE64Encoder; public class MainClass { public static void main(String[] args) throws Exception { KeyPair keyPair = getKeyPair(); byte[] data = “test”.getBytes(“UTF8”); Signature … Read more