Help required on Encryption and Signing.

Hello All,
Client:
Client is having his own Private key and the public key of the Server.
Server:
Server is having his own Private key and the public keys of all the clients.
When a client wants to send a document to the server with both encryption and signed,
then he will encrypt the document with the server's public key and then sign the encrypted document
with his own Private key.
And then sends it to the server.
When the server receives the signed object from the client, he has to verify the signature with
the public key of the client and he has to decrypt the document with the Pirvate key of the server.
How can we verify the signature?
By just saying,
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initVerify(kp.getPublic());
boolean verifies = sig.verify(realSig);
where "realSig" is the signed object.
In this case i am unable to verify the signature. Even if i succeeded here in verifying the signature,
how do i decrypt the signed object.
My question is,
When the client sends signed object to server, does he sends anything else along with it?
Say for example if he sends the encrypted document along with the signed object then if i say,
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initVerify(kp.getPublic());
sig.update(cipherText);
boolean verifies = sig.verify(realSig);
where "cipherText" is the encrypted document.
In this case i am able to verify the document and since i will have the encrypted document
along with the signed object i will decrypt this using the Private key of the server.
So is it must and should that i need to send the encrypted document everytime along with the signed object to the server.
Thanks and have a nice time.

I have two suggestions for you
First read a good book about cryptography. Even using secure cryptographic algorithms is no guarantee that your solution is secure. Without thorough understanding of cryptography and security someone might break in due to some implementation mistake in your security mechanism. My recommendations: "Applied Cryptography" written by Bruce Schneier and "An Introduction to Cryptography (IntrotoCrypto.pdf)" by Phil Zimmermann, Network Associates. This PDF document can be downloaded as part of the free PGP product from http://www.pgp.com, http://www.pgpi.com or http://www.nai.com
Second take a serious look at S/MIME. S/MIME allows information to be wrapped in signed and/or encrypted data blocks in a secure way. The S/MIME standard is around for a few years and has been thoroughly reviewed. Bouncycastle (www.bouncycastle.org) contains an library for creating and handling S/MIME data. Never invent your own formats when a standard is available. More information about S/MIME can be found at RSA labs (www.rsa.com or www.rsalabs.com).

Similar Messages

  • Biztalk PGP encryption and signing

    Hi,
    Currently i am working on a custom pipeline component to PGP encrypt and sign the outgoing message from Biztalk 2013 with public and private keys.
    I am referring the content mentioned in the below posts
    https://code.msdn.microsoft.com/windowsdesktop/BizTalk-Sample-PGP-ebcbc8b2
    http://bajwork.blogspot.co.nz/2007/08/pgp-pipeline-component.html
    But we have a requirement to use PGP version 6.5.8 and i could not find what PGP versions the above components supports.
    Any one has any idea about Biztalk and PGP version 6.5.8 for encryption and signing?
    Thanks
    JB

    PGP has different versions and 6.5.8 is older one. If just download the Bouncy castle pgp dll, it’s not going to use the 6.5.8 version of PGP.
    http://www.pgpi.org/products/pgp/versions/freeware/win32/6.5.8/
    With latest Bouncy castle pgp dll, there are few issues encountered by the user you tried to use PGP version 6.5.8, especially around signature validation. Following are the discussion on
    the issues faced..
    http://stackoverflow.com/questions/7193323/encrypt-with-bc-and-decrypt-with-pgp-6-5-8
    http://bouncy-castle.1462172.n4.nabble.com/ERROR-encrypted-session-key-is-bad-when-trying-to-decrypt-td1466221.html
    http://bouncy-castle.1462172.n4.nabble.com/Compatibility-Issue-with-PGP-6-5-8-td1467170.html
     People have manage to get it working with few changes to the PGP code (which you can get it here
    http://www.bouncycastle.org/csharp/index.html )
    This forum is not the right place to raise question about finding the Bouncy castle pgp dll version compactable with v6.5.8. try to post this question here
    http://bouncy-castle.1462172.n4.nabble.com/
    Once you have their dll compactable with v 6.5.8, then you can use it in BizTalk suggested by the links referenced by you.
    If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

  • Timestamp Error when calling Encrypt and Signed Web Service

    Hello,
    I maked one Web Service in the Oracle Service Bus 10gR3 that supports Encryption and Sign, basically inserting (manually) this on WSDL Contract:
    This two namespaces:
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    This Declarations:
    <wsp:UsingPolicy Required="true"/>
    <input>
    <wsp:Policy>
    <wsp:PolicyReference URI="policy:Encrypt.xml"/>
    </wsp:Policy>
    <soap:body use="literal" />
    </input>
    <wsp:Policy>
    <wsp:PolicyReference URI="policy:Sign.xml"/>
    </wsp:Policy>
    The above declarations was inserted in the correct points inside the WSDL Contract and the Web Service is working correctly.
    The Problem is related to Sign.xml declaration, when i insert this declaration:
    <wsp:Policy>
    <wsp:PolicyReference URI="policy:Sign.xml"/>
    </wsp:Policy>
    Then, the Web Service shows an error. Following the Request and Resonse (That shows the error):
    Request:
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ger="http://www.abc.com.br/Service">
    <soapenv:Header/>
    <soapenv:Body>
    <ger:gerarHashSenha>
    <arg0>123456</arg0>
    </ger:gerarHashSenha>
    </soapenv:Body>
    </soapenv:Envelope>
    Response:
    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
    <env:Header/>
    <env:Body>
    <env:Fault>
    <faultcode>env:Server</faultcode>
    *<faultstring>Can not retrieve header: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</faultstring>*
    </env:Fault>
    </env:Body>
    </env:Envelope>
    Observation: I was invoking the WebService using the soapUI Tool.
    I Tryed change the request to bellow code, but doesn't work:
    <soapenv:Envelope xmlns:ger="http://www.abc.com.br/Service" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
    <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsu:Timestamp wsu:Id="Timestamp-447" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsu:Created>2010-05-27T21:40:55.667Z</wsu:Created>
    <wsu:Expires>2010-05-27T21:41:55.667Z</wsu:Expires>
    </wsu:Timestamp>
    </wsse:Security>
    </soapenv:Header>
    <soapenv:Body>
    <ger:gerarHashSenha>
    <arg0>123456</arg0>
    </ger:gerarHashSenha>
    </soapenv:Body>
    </soapenv:Envelope>
    Thanks.
    Victor Jabur.

    someone has any idea ?
    Thanks

  • Sign in required Tap Continue and sign in to check for downloads popup

    Hi All,
    I have implemented Auto Renewable App purchasases in my application, everything is working fine.
    We are testing the app throughly and for each and every condition possible(network down,hundreads of sandbox users  etc).
    While testing the things many times we are stopping the transaction in beteween but after some time we were restoring the same transaction and it works after that.So far so good.
    Now on many ipads we are getting the message popup saying "sign in required Tap Continue and sign in to check for downloads".
    I dont know what this means because i have already purchased the product in sandbox and evrything works great but many times this poup is irritating us so please lt us know the solution for same.
    Please let me know how to get rid of this error asap.Because of this error only Our QA's are not releasing the app.
    Please help me out to solve this asap.

    Same here, this is an irritating issue. I am getting this with non-renewing subscriptions.

  • "sign-in required, click continue and sign in to check for downloads".

    On trying to access the ITunes store or ITunes in general, I keep getting a pop-up window stating "sign-in required, click continue and sign in to check for downloads". Itunes then doesn't recognise the sign in attempt and the pop-up appears again. Has anyone seen this and have any thoughts or advice?

    Contact Apple for help with Apple ID account security

  • Im trying to update my apps and it wont let me. When i clicked on an app to update it or to download a free app it says "sign in required, tap continue and sign in to view your billing information" when i did it says "you must verify your payment info be

    Im trying to update my apps and it wont let me. When i clicked on an app to update it or to download a free app it says "sign in required, tap continue and sign in to view your billing information" when i did it says "you must verify your payment info before you can makes purchases" then "security code is invalid" when the security code is valid. I even switched credit card it keeps saying the same thing....... THIS IS NOT FAIR........ I WANNA UPDATE MY APPS!!!!! Btw idk why did i buy the ipad for, APPLE dont even let you download ADOBE FLASH PLAYER and must of the games required ADOBE FLASH PLAYER to play example: wizard101. Idk what i was thinking...... :(

    Why not simply remove yoru payment info by selecting None at top?
    APPLE dont even let you download ADOBE FLASH PLAYER
    Considering Adobe dont (sic) even make Flash Player for iPads, this seems about right. How can you download something that does not exist?

  • S/MIME support in Mail (encryption and signing)

    Hi,
    is there S/MIME support in iPhones Mail-Client? Mail.app for OS X has great support for encrypting and signing eMails using S/MIME certificates and I wonder if iPhones Mail-Client is able to use S/MIME, too.
    best,
    Jens

    I have the same question. Much of my mail comes with either S/MIME or GnuPG encryption. A device that lets me receive but not read my e-mail isn't much use for communication.
    Can someone confirm?
      Mac OS X (10.4.10)  

  • No indication whether the email is encrypted and signed with S/MIME

    I have been using OpenPGP/GPGMail V2.0b6 for email encryption for some time. Now I added S/MIME. What I noticed is that if I send an encrypted and signed email with GPGMail the header in the send mail will show that it was encrypted and signed. However, if I send an encrypted and signed email with S/MIME there is not notification in the mail header. Only be checking the send mail in the iPad was I able to confirm that the email was really encrypted and signed with S/MIME.
    Does anybody else have experienced this?
    Is there a solution to this problem?

    I have now further analysed the behaviour of S/MIME encryption and signitures on the iPad (iOS 7.0.2) and the iMac (OSX 10.8.5).
    I installed a Comodo free email certificate on my iMac and the same certificate on my iPad. Another Comodo free email certificate I installed on the iMac of a friend of mine.
    Sending back and forth encrypted, signed or both encrypted and signed messages between iMacs and iMac and iPad works with no problem. In the iPad email header it is indicated with symbols wether the email is encrypted, signed or both encrypted and signed. On the iMac on the other hand only when the email is signed is that indicated with a symbol in the email header (see figure below).
    When an email is encrypted or encrypted and signed is this not indicated with symbols in the email header. This is in contrast to OpenPGP. OpenPGP emails always indicate with symbols whether they are encrypted, signed or both encrypted and signed (see figure below).
    I hope that in OSX 10.9 email header symbols will indicate whether emails are S/MIME encrypted, S/MIME signed or S/MIME encrypted and signed.

  • Help needed in encrypting and decrypting a file

    Hello,
    I just started looking into the Java Security.I need to encrypt a file using any popular alogrithm like RSA or DES and write it to disk.and again decrypt this file at a later time when needed.
    I was checking out with different ways of doing so,but found it difficult to persist the key some where.
    Could some one help me in this regard,with a tutorial or a sample program where I will be able to give cleartext file as an input and get a ciphered text file as output and vice versa?

    Probably the simplest solution is to use password-based encryption (PBE). See http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html#PBEEx
    for an example.

  • Help required with DAQ and waveform generation

    Hi,
    I'm using DAQ 6024E card for waveform acquisition using LabVIEW 8.2 version. I've also attached my vi for your reference.
    My next step is , I want to add another waveform to the acquired waveform, i.e. I mean to say if the acquired waveform is a sine wave with 60 Hz frequency and amplitude of 8V peak-to-peak, I want to finally display a wave which is 8V peak-to-peak with sinusoidally changing freuency.
    To be more clear...I want a sine wave with frequency =  60 Hz + 1*sin( 2*pie**t).
    As cane bveen seen in my vi, I can extract the phase and magnitude of the original acquired signal.
    Can anyone help me out with this...as I'm not able to figureout how should I proceed next.
    Looking forward to hear soon,
    Regards,
    Rohit
    Attachments:
    test_analog.vi ‏162 KB

    You'd probably want to use the DAQmx VI's instead of the Express VIs, when doing something more exotic. You can start by converting the existing Express VIs to code by opening their front panels and saving them as a VI.
    Regards,
    André
    Using whatever version of LV the customer requires. (LV5.1-LV2012) (www.carya.nl)

  • Help required in  webclient and crm report integration

    Hi ,
    how to integrate webclient and CRM reports in CRM 2007 UI.
    i dont have much idea in this area.My requirement is integrating CRM report and webclient.But i dont know where to find report adn how to link the report to webclient.
    Please anyone help me.
    Thanks in advance
    geetha,

    Hi Geetha,
    Create new CRM business role by copying standard SERVICEPRO or SALESPRO
    Even u can assign business roles SERVICEPRO or SALESPRO  to Oraganization units.
    Goto Org assginement and assign these business roles (Goto-Detail Object-click on business roles (Z or standard)-Save it.
    Assign your BP to org position
    Execute transaction code BSP_WD_CMPWB
    Enter CRM_UI_FRAME in test application and click on execute.
    select the profile -Left side menu you will find the standard reports.
    Regards
    Shanmuga
    Please let me know my inputs help you to find the report.

  • Help required in writing And Reading Xml From Database

    Hi
    i m new to java.
    i m facing problem while writing Xml file from Mysql Database in java i m using the WebRowSet
    and also for Reading WebRowSet
    after reading the Xml i have to save this in Database
    (required source code)
    is there any one to help me in this way
    regards
    aamir

    shadab_think_globally wrote:
    {noformat}*hi everybody,
    please send me a ajax with jsp application
    suppose i enter a word in text area ajax will populate/suggest all string from database ,who started
    from that entering character(s).like a google string search.
    please send full source code
    *{noformat}how about you do it yourself?

  • "sign in required, tap continue and sign in"

    What is this? I have never seen this before in 15 months. Is this malware?
    It does not say WHAT app is requesting my Apple password. BAD DESIGN APPLE, if this is you.
    If I click Cancel, nothing seems to be wrong. iCloud still works fine.

    Huh?
    I still don't know that this "sign in required" is for, it does not say. In spite of the curious post by gdgmacguy, I still need to know.
    Can anyone help?

  • Help required: class assignment and values for functional location

    Hi All,
    My requirement is to get classification data for a functional location as in IL03.
    Can any one let me know where in the standard program are they getting the assigned classes
    and class values. So that I can use the same logic.
    Thanks.

    FM BAPI_OBJCL_GETDETAIL
    OBJECTKEY                       ?0100000000000011643
    OBJECTTABLE                     IFLOT              
    CLASSNUM                        ZPMI_BLDG          
    CLASSTYPE                       003                
    KEYDATE                         29.07.2009         
    UNVALUATED_CHARS                                   
    LANGUAGE                        EN                 
    Cheers!

  • Help required for slicing and merging file

    Hi,
    I am working on p2p downloading application based on Gnutella. Right now i am trying to implement downlaoding one file from many hosts at a time(like limewire does). i am able to connect to multiple host. but dont know how to downlaod and merge file for his purpose.
    i know how to download one file from single host. but dont know how to handle file coming from multiple hosts.
    if anyone having knowledge, please tell as soon as possble.

    Hi.
    thanks for the reply. Actually i had something same
    in my mind. but unfortunately i am quite week in
    serializtion and file stuff. If you could provide me
    with code snipet for this, or can just simulate in a
    fewer lines of code, it would be a great help for
    me...i have too much short time...
    i think i really have to study this file
    stuff..........You shouldn't use serialization. Just invent a protocol, and "normal" binary data.
    Kaj

Maybe you are looking for