signature

Why is one of these two itext 7 signed and validated document is not valid with Adobe DC reader?

This is not an Adobe bug, it’s a feature. (And an iText bug) When Adobe performs the cryptographic validation, it will also perform additional checks to see if a signature was attacked or not. It analyses several suspects and if that analysis turns out negative, Adobe will show you an error message. This is Adobe … Read more

What are __signature__ and __text_signature__ used for in Python 3.4

These attributes are there to enable introspection for Python objects defined in C code. The C-API Argument Clinic provides the data, to assist the inspect module when building Signature objects. Introspection of C-API functions was not supported before. See the internal inspect._signature_fromstr() function on how the __text_signature__ value is used. Currently, the __text_signature__ attribute is … Read more

C++ Function Callbacks: Cannot convert from a member function to a function signature

You’re trying to pass a member function pointer as a normal function pointer which won’t work. Member functions have to have the this pointer as one of the hidden parameters, which isn’t the case for normal functions, so their types are incompatible. You can: Change the type of your argument to accept member functions and … Read more

How do you verify an RSA SHA1 signature in Python?

Use M2Crypto. Here’s how to verify for RSA and any other algorithm supported by OpenSSL: pem = “””—–BEGIN PUBLIC KEY—– MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfG4IuFO2h/LdDNmonwGNw5srW nUEWzoBrPRF1NM8LqpOMD45FAPtZ1NmPtHGo0BAS1UsyJEGXx0NPJ8Gw1z+huLrl XnAVX5B4ec6cJfKKmpL/l94WhP2v8F3OGWrnaEX1mLMoxe124Pcfamt0SPCGkeal VvXw13PLINE/YptjkQIDAQAB —–END PUBLIC KEY—–“”” # your example key from M2Crypto import BIO, RSA, EVP bio = BIO.MemoryBuffer(pem) rsa = RSA.load_pub_key_bio(bio) pubkey = EVP.PKey() pubkey.assign_rsa(rsa) # if you need a different digest than … Read more

Absolute minimum code to get a valid oauth_signature populated in Java or Groovy?

Here is my code for Flickr OAuth. NOTICE: I REFERED some logic from SignPost. It is really very tricky to generate it signature…. OK. This is just an example for generate the “oauth_signature” package oauthflickr; import java.io.IOException; import java.io.InputStream; import java.io.UnsupportedEncodingException; import java.net.URI; import java.net.URISyntaxException; import java.net.URLEncoder; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.List; … Read more

Using a PEM encoded, encrypted private key to sign a message natively

If you’re using BouncyCastle, try the following: import java.io.File; import java.io.FileReader; import java.io.IOException; import java.security.KeyPair; import java.security.Security; import java.security.Signature; import java.util.Arrays; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PEMReader; import org.bouncycastle.openssl.PasswordFinder; import org.bouncycastle.util.encoders.Hex; public class SignatureExample { public static void main(String [] args) throws Exception { Security.addProvider(new BouncyCastleProvider()); String message = “hello world”; File privateKey = new File(“private.pem”); KeyPair … Read more

Get timestamp from Authenticode Signed files in .NET

Back to the original question, I could not find managed way so ended up using pInvoke as follows: public static bool IsTimestamped(string filename) { try { int encodingType; int contentType; int formatType; IntPtr certStore = IntPtr.Zero; IntPtr cryptMsg = IntPtr.Zero; IntPtr context = IntPtr.Zero; if (!WinCrypt.CryptQueryObject( WinCrypt.CERT_QUERY_OBJECT_FILE, Marshal.StringToHGlobalUni(filename), WinCrypt.CERT_QUERY_CONTENT_FLAG_ALL, WinCrypt.CERT_QUERY_FORMAT_FLAG_ALL, 0, out encodingType, out contentType, … Read more