HTTP Basic Authentication over SSL is perfectly secure from my research. After all, using SSL (strictly TLS now) means the transport layer is encrypted and we can safely assume any information passed over this is secure and has not been tampered with. Therefore passing the username and password without generating a signature is sufficient.
No, what you ask for is impossible. You can’t modify a file without invalidating it’s signature. That’s the whole point of signing. You also can’t sign a file without having the private key to perform the signing.
The security restrictions of browsers do not allow javascript access to the system certificate keystore or smart cards. Formerly java applets could be used, but with the latest browser updates it is no longer possible. Current solutions for digital signature in browsers require the installation of a desktop software on the user’s computer. The operating … Read more
You are right, the RSA signature size is dependent on the key size, the RSA signature size is equal to the length of the modulus in bytes. This means that for a “n bit key”, the resulting signature will be exactly n bits long. Although the computed signature value is not necessarily n bits, the … Read more
You can generate a public-private keypair with the genrsa context (the last number is the keylength in bits): openssl genrsa -out keypair.pem 2048 To extract the public part, use the rsa context: openssl rsa -in keypair.pem -pubout -out publickey.crt Finally, convert the original keypair to PKCS#8 format with the pkcs8 context: openssl pkcs8 -topk8 -inform … Read more
Disclosure: I work for CISPL, Co. which develops Signer.Digital Browser Extension Browser Extension may be used to Enroll Certificate (Generate CSR) and Download Certificate in Windows Certificate Store or Smartcard or USB Token from modern browsers. Browser extension provides JavaScript API which in turn talks to host application running on local machine to do the … Read more
In-document visualisations of the signature validity have been deprecated nearly a decade ago. Adobe Reader supports them for backward compatibility reasons only but they have never been part of the iso pdf specification. The OP in a comment asked for documentation on this; this answer focuses on that. Deprecation in respect to Adobe Acrobat In … Read more
Web cryptography api does not support PKCS # 12. You can use a third party library to decode the p12 as forge https://github.com/digitalbazaar/forge#pkcs12 and load privateKey in webcrypto Reading the PKCS#12 certificate PKCS#12 is stored in DER, so first read it from a File or use a pre-stored base64 //Reading certificate from a ‘file’ form … Read more
Update Sept. 2022: 1Password supports generating and storing an SSH key for Git commit signature, recognized by GitHub. Update 2021: OpenSSH 8.2+ is available (packaged for instance in Git For Windows 2.33.1), and “it is now possible to sign arbitrary data with your SSH keys” (Andrew Ayer), including commits in Git. Andrew points to git/git … Read more
I believe what you’re looking for is CryptQueryObject. With it you should be able to pull the involved certificate out of a PE, and do any additional checks you want. By way of example, this will get you to a HCRYPTMSG. From there you can use CryptMsgGetParam to pull out whatever you want. I’d hoped … Read more