Signature in PKCS1 v1.5: RSAPKCS1SignatureFormatter vs RSACryptoServiceProvider

Similar Messages

• How can i add a new signature with PKCS1?

  The default sign method of Acrobat is PKCS7,how to change to PKCS1?
  Thanks!

  Hi,
  There are two different tacks you could take here. One way is to set a Seed Value that works on a per signature field basis and the other is to make a change to the registry that works on a general basis. Of course, a change to the registry it's on a per computer basis where as Seed Value, because it's on a per document basis will travel from computer to computer.
  If you want to set the Seed Value it's done via JavaScript. Go to http://livedocs.adobe.com/acrobat_sdk/9/Acrobat9_HTMLHelp/wwhelp/wwhimpl/js/html/wwhelp.ht m?href=JS_API_AcroJS.88.1.html#1515776&accessible=true and click the Search button and look for "Seed Value". When it returns, click on "signatrueSetSeedValue" and then scroll down to Example 2 to see how to set the subFilter. You're going to want to use the value adbe.x509.rsa_sha1 as opposed to what is shown in the example.
  If you would rather make the change global to the computer then you need to modify the registry (Windows) or plist (Mac). I'll give you an example for Windows, but if you need help with the Mac let me know. Run regedit and then go to HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\Security\cPubSec with the following caveats. First, if you are using Reader, as opposed to Acrobat, change \Adobe Acrobat\ to \Acrobat Reader\. The other thing is, if you are using an earlier version of Acrobat change "9.0" to the major version number you are currently running. Even if you were using version 8.1 you would still look for 8.0.
  Now that you've navigated to the correct location add the Binary Value "aSignFormat" (without the quotes). Next, edit the value and click into the right side of the dialog and add the same plain text string noted above for use with Seed Value. Please see the attached screen shot (click on the link below to open the picture and then click on the black X to close it). An important thing to note here is the string needs to be NULL terminated. After you've type the plain text string into the right side of the dialog, click into the end on the hex string at the left side and type a zero. You'll note that it adds what appears to be a dot at the end of the plain text string on the right, but it's not really a dot.
  I hope this helps,
  Steve

• Verifying a Digital Signature

  I have a smart card, which I am trying to use to digitally sign some bytes. Then I want to verify the signature using the public key which I can get from the certificate on the smart card.
  I am able to send some bytes to the card (using an apdu) and get back some RSA signed bytes. But when I try to verify the signature, it always returns false.
  To verify, I do:
  X509Certificate x = ... //gets the certificate from the card
  Signature sig = Signature.getInstance(x.getSigAlgName()); //"SHA1withRSA"
  sig.initVerify(x.getPublicKey());
  sig.update(dataBytes, 0, dataBytes.length);
  boolean isSigned = sig.verify(signed);
  As far as I can tell, this part is good.
  I think my problem is related to how I am sending the bytes to the card to get signed. Sending dataBytes in plaintext returns errors regarding length. It seems the signing command I am using on the card wants the data to equal the key length (data=128 byte, key=1024 bit). So what I did next was an attempt to hash the data and then pad it before I send it to the card.
       MessageDigest md = MessageDigest.getInstance("SHA1");
       md.update(dataBytes);
       byte [] digest = md.digest();
       PKCS1SignaturePadding pkcs1 = new PKCS1SignaturePadding(PKCS1SignaturePadding.SHA1);
       byte [] padded = pkcs1.encode(digest, 128);
  But after I sign, I try to verify the signature but it still returns false. I'm not sure if I'm doing something wrong or if I'm misunderstanding something (I'm relatively new to digital signatures and smart cards).

  PKCS#7 SignedData objects are far more complex then it looks like you are taking them. First the PKCS#7 SignedData object will contain the OID for the message digest algorithm used and for the encryption algorithm used. From the looks of your code you are simply assuming MD5.
  It also contains all of the data that was signed which is typically much more than just the document. It also of course contains the public keys and signatures which singed the document. In your case it will probably only have one public certificate and one signature.
  Also note that a signature is an encrypted hash. Looking at your code I do not see you use encryption at all or rather for verification decryption.
  Here is the basic process a signature takes.
  MessageDigest md = MessageDigest.getInstance(algOID);
  byte[] digest = md.digest(message.getBytes(charEncoding));
  Cipher c = Cipher.getInstance("RSA/2/PKCS1Padding");
  c.init(Cipher.ENCRYPT_MODE, priKey);
  byte[] signature = c.doFinal(digest);Note that the resulting byte array is not the message digest but the encrypted message digest. You must use the corresponding public key to decrypt the signature to get the message digest value. It is because the trusted public key can decrypt the correct message digest that we know it was encrypted by the holder of the private key. It is because the decrypted message digest value is equal to my computed message digest value that we know the document has not be altered...
  Now PKCS#7 SignedData does not take the message digest of the document, in your case your PDF. It creates a message digest on an ASN.1 object which includes the bytes of your document plus a bunch of meta data.
  For more info on the exact format of a PKCS#7 signature file check out
  http://www.rsasecurity.com/rsalabs/pkcs/pkcs-7/index.html
  Look through this doucment for SignedData as a starting place and follow through all of the sub objects that make up a SignedData object. This will give you an idea of what is involved.

• ITunes & Windows Vista Home - Error File C:\Program Data\Apple Computer\Installer\Cache\iTunes 10.5.142\iTunes.msi was rejected by digital signature policy.

  Tried
  https://discussions.apple.com/thread/2713232?start=0&tstart=0
  and
  http://www.vistax64.com/vista-general/159940-computer-blocking-anything-no-digit al-signature.html
  with no avail!!!
  iTunes opens after I click OK on the above message however I cannot do anything within the app its like Windows it preventing it from running.
  PLEASE HELP!!!

  Update:
  I tried what the diagnostic told me to do, and repaired the installation. I was able to burn a CD in iTunes, but after I restarted, the drives have disappeared again! Here's the diagnostic info now:
  Microsoft Windows Vista Home Edition (Build 6000)
  MICRO-STAR INC. MS-6728
  iTunes 7.6.0.29
  QuickTime 7.4
  CD Driver 2.0.6.1
  CD Driver DLL 2.0.6.2
  Apple Mobile Device 1.1.3.26
  iTunes Serial Number 20D6EAF059AB94B4
  Current user is not an administrator.
  The current local date and time is 2008-01-15 19:09:32.
  iTunes is not running in safe mode.
  Video Display Information
  ATI Technologies Inc., Radeon X1600/X1650 Series
  ATI Technologies Inc., Radeon X1600/1650 Series Secondary
  ** External Plug-ins Information **
  Plug-in Name: Last.fm iTunes plugin
  Plug-in Loaded: Yes
  Plug-in Version: 0.0.13
  Plug-in File Version: 2.0.13.0
  Plug-in Path: C:\Program Files\iTunes\Plug-ins\itw_scrobbler.dll
  No drives showed up to be tested.

• How can I create more than one different signatures for one account or for one address?

  I want to vreate 2 jr more signatures for one account. For example, in different languages, with different text, etc.

  Take a look at this add-on.
  https://addons.mozilla.org/en-US/thunderbird/addon/signature-switch/

• One person on one computer adding multiple electronic IDs or signatures to one document

  I recently created a simple form in Adobe LiveCycle Designer 8.  It has several places for signatures.  I sent along with the form the Adobe user guide instructions for creating electronic IDs and signatures.  However, in several instances, our executives have given their administrative assistants permission to sign for them.  The assistants are also required to add their own signatures.  Apparently, when they click on any signature field, their bosses' signatures come up.  Can someone tell me how one person can create multiple electronic signatures and be able to select from among them in order to fill out one of these forms?

  When a user is signing a form, the digital certificates that are installed (in Acrobat) on the computer being used to sign the PDF will be available to be used to create the signature.  If only the "bosses" certificate is on the machine, this will be the only on available.  Make sure all certificate that could be used to sign are installed on the machine being used to sign.
  This screen shot is from the security settings in Acrobat, it shows multiple certifcates are installed.
  And here is the signature dialog with the option to use one of the installed certificates on the machine...
  Hope this helps.
  Steve

• How do i add a company logo to my email signature on my mac book pro

  how do i add a company logo to my email signature on my mac book pro

  I would like to know how to do this as well. All I'm able to do is add the link, but not the button. My colleague has done this on his Outlook on his HP. I'm not sure why this is so difficult!

• How can I properly attach an Email 'business card' signature?

  Hi,
  I was wondering if there were any better ways to attach a business card signature with mail.
  Currently I have a small business card that I have optimized to around 60 kb, I use the signature feature in Mail to drag it in and add my standard business disclaimer stuff underneath.
  Thing is if I send it to another MacMail account it displays fine but if I send it to Gmail or Yahoo it appears as a seperate attachment that needs to be downloaded etc.
  Is there anyway round this? A way for it to just appear under the text of my email for any Email host or software without it appearing as an attachment. Outlook seems to allow the function and I'm allways receiving full page HTML graphical advertisments in my inbox, simular to the ones when you get a receipt etc, should I use the same principals?
  I'd also like to know if I can make it link to my website using some code from Image Shack or similar online host.
  Many thanks.

  Hi, have you gone to Mail>Edit>Attachments>Always send Windows friendly attachments?

• How do I add a digital signature to Word 2011?

  I am at a loss at to adding a digital signature to Word 2011 docs on my macbook pro, any ideas???

  Formscentral does not support forms with digital signature workflows. I suggest you see if our Echosign product meets your needs.

• Issue in Java concurrent program for Digital Signature Stamping

  Hi All,
  Im calling a Java concurrent program which does digital signature stamping on the PDF report generated.Program able to able to read the PDF file as input and also digital signature stored as file in the application but
  ends in error in create signature method , need help in this regard.
  Error:
  Parameter 0 is Request id of with out Digital signature file
  Parameter 1 is employee id of approver
  Parameter:0:99203256
  Parameter:1:1414603
  $$$$ start query fileinfo with callable statment
  programName>>>>>>>>BTPOPORPXML
  $$$$ Without digital Signature file Name $$$
  $/inst_top/finprod/apps/FINPROD_CPNQERPAAPZP10/logs/appl/conc/out/BTPOPORPXML_99203256_1.PDF
  PFX File Reading Start
  PFX File Reading Ends
  PFX File size is: 6460 Byte size is: 6460
  Elements present
  java.lang.NullPointerException
  at
  com.lowagie.text.pdf.PdfSignatureAppearance.getAppearance
  (Unknown Source)
  at
  com.lowagie.text.pdf.PdfSignatureAppearance.preClose
  (Unknown Source)
  at
  com.lowagie.text.pdf.PdfSignatureAppearance.preClose
  (Unknown Source)
  at com.lowagie.text.pdf.PdfStamper.close(Unknown
  Source)
  at
  btvl.oracle.apps.po.digsig.BTVLDigSign.runProgram
  (BTVLDigSign.java:151)
  at oracle.apps.fnd.cp.request.Run.main
  (Run.java:157)
  Edited by: 999033 on May 16, 2013 7:20 PM

  Hi Charls,
  I have successfully implemented at our end in 11i. Pl.try at your end.
  v_request_id := FND_REQUEST.SUBMIT_REQUEST (passed your arguments... );
  COMMIT;
  IF NVL( v_request_id , 0 ) = 0 THEN
  DBMS_OUTPUT.PUT_LINE( 'Item Assignment to Organization Program Not Submitted');
  p_status := 'FAILURE' ;
  p_err_msg := 'ERROR RAISED AFTER SUBMITTING THE IMPORT ITEM ORG.ASSIGNMENT CONCURRENT REQUEST ... ' ;          
  ELSE
  v_finished := FND_CONCURRENT.WAIT_FOR_REQUEST
  request_id => v_request_id,
  interval => 0,
  max_wait => 0,
  phase => v_phase,
  status => v_status,
  dev_phase => v_request_phase,
  dev_status => v_request_status,
  message => v_message
  LOOP
  EXIT WHEN ( UPPER(v_request_phase) = 'COMPLETE' OR v_phase = 'C');
  END LOOP;
  HTH                    
  Sanjay

• Can I create PAdES signature using Adobe Acrobat 8.0 or 9.0?

  Hi
  Can I create PAdES (PDF Advanced Electronic Signatures, Technical Specification ETSI TS 102 778) signature using Adobe Acrobat 8.0 or 9.0?
  ETSI Technical Specification (TS) 102 778 contains five parts:
  • Part 1: PAdES Overview – a framework document for PAdES
  • Part 2: PAdES Basic – Profile based on ISO 32000-1
  • Part 3: PAdES Enhanced – PAdES-Basic Electronic Signatures and PAdES-Explicit Policy Electronic Signatures Profiles
  • Part 4: PAdES Long Term – PAdES-Long Term Validation Profile
  • Part 5: PAdES for XML Content – Profiles for XAdES signatures of XML content in PDF files
  All five parts were published on 31 July 2009.
  Thanks for answer.
  Dragan

  Hi,
  The short answer is yes.
  Acrobat 8 and later support all of requirements of PAdES such as serial signing, long term validation (time stamping and embedded revocation responses) and signatures in the PKCS#7 format.
  Steve

• Update on 10.6.8 fails due to digital signature on update is missing

  wanting to install the Parallels version 10 and it won't work on 10.6.8 version of my Mac OS so I learned how to go to the software update which indicates an update is available. When I go ahead and load the update it runs fine and then stops with a message that the Macbook Pro EFI Firmware Update can't be saved. It says the digital signature on the update is missing or invalid.
  I don't know if the digital signature is on my computer or the update? I would upgrade to a more recent version of the OS but don't know what will work.
  Can anyone help?
  Dan

  Parallels 10 isn't compatible with 10.6 according to the web site.
  Mac Requirements
  Hardware:
  A Mac computer with an Intel Core 2 Duo, Core i3, Core i5, Core i7, or Xeon processor (Core Solo and Core Duo processors are no longer supported)
  Minimum 2 GB of memory (4 GB of memory is recommended to run Windows 7 in a virtual machine or if your host OS is Lion)
  About 850 MB of disk space on the boot volume (Macintosh HD) for Parallels Desktop installation
  About 15 GB of disk space for each virtual machine
  Software:
  OS X Yosemite 10.10 or later
  OS X Mavericks 10.9.4 or later
  Mac OS X Mountain Lion 10.8.5 or later
  Mac OS X Lion 10.7.5 or later
  Check that your computer is compatible with Mountain Lion/Mavericks/Yosemite.
  To check the model number hold down the option/alt key, go to the Apple menu and select System Information.
  MacBook (Late 2008 Aluminum, or Early 2009 or newer) model number 5,1 or higher
  MacBook Pro (Mid/Late 2007 or newer) model number 3,1 or higher
  Your Mac needs:
  OS X v10.6.8 or OS X Lion already installed
  2 GB or more of memory (More is better - 4 GB minimum seems to be the consensus)
  8 GB or more of available space
  Check to make sure your applications are compatible. PowerPC applications are no longer supported after 10.6.      
  Application Compatibility
  Applications Compatibility (2)
  Do a backup before installing. 
  If you can/do upgrade, I recommend you make a copy of the installer and move it out of your Applications folder. The installer self-destructs. The copy will keep you from having to download the installer again.  You can make a bootable USB stick to install using this free program.
  Bootable USB Flash Drive – Diskmaker X
  Mountain Lion
  Note - Mavericks is no longer available.

• Making Multiple Digital Signatures Read-only in Form (Acrobat 9)

  I have created a form which includes two (2) digital signature fields.  What needs to occur with the form is Person1 fills the form and then digitally signs it thereby making the form fields read-only .  Person2 then digitally signs the form which should make Person1's digital signature read-only.
  Here's what I've done:
  1) For the Person1 digital signature field, in Digital Signature Properties, under the Signed tab, I have selected Mark as read-only <all fields except these> and selected the Person2 digital signature field.
  2) For the Person2 digital signature field, in Digital Signature Properties, under the Signed tab, I have selected Mark as read-only <all fields> since once Person2 signs the form I do not want Person1 to be able to clear the digital signature and make changes to the form.
  Here's what actually occurs:
  Step 1 above works fine.  Once the signature is applied all the form fields are read-only except for the Person2 digital signature field.
  The problem is that after Person2 digitally signs the form, even though I selected all fields as read-only, Person1 can 'clear' their signature which leaves all the form fields available for editing and leaves Person2's digital signature still on the form.
  I honestly don't care about 'validating' signatures on this form since it's going to be printed but I cannot allow Person2's signature to remain on the form and allow Person1 to edit the form.
  --Mike.

  Hi!
  I have the same problem. Have not been able to figure it out, although tried everything.
  Hope somebody can help
  - MackeMan

• 3rd party signature handler set in Adobe Acrobat 9 Professional Extended gets reset

  Hi All,
  I have got a 3rd party digital signature creating plug-in i.e. MySign . I have set it inside 'Preference > Security > Advanced Preferences > Creation > Default Method to Use when Signing and Encrypting Documents' > MySign. If I restart Adobe Acrobat that setting is lost and the Adobe Default Security handler is then used.
  I don't want to set handler manually every time I restart Adobe Acrobat. I have figured out that Adobe Acrobat is creating a registry entry named aPrivKey against that inside cHandlers BUT it gets removed on Adobe restart if I set MySign as the handler in the first place.
  Similarly I want the same handler to verify signatures. For that I have set 'Preferences > Security > Advanced Preferences > Verification > Always use the default method (overrides the document-specified method)' along with the name of handler i.e MySign but on restart of Adobe, this is also gets reset.
  Any idea how to set my handler as default to sign & verify without getting it reset?
  Regards,
  Wahaj

  Hi All,
  I checked with Adobe X and this issue is not present there.
  Regards,
  Wahaj

• How to edit a PDF created with Acrobat XI Pro after signatures have been applied (like I can in 7, 8.0

  I have a major issue that I need to resolve before we can purchase Acrobat XI Pro:
  Currently, with Acrobat 8.1 Pro, after all signatories sign a document, we add an Effective Date (we add it after they sign since we don't know when the last signature will be acquired and we can't have an Effective Date that is before the date of the last signatory, otherwise, it would be effective before they signed it, which is not possible). I'm also allowed the latitude (as stated in our Documentation Control procedure) to make spelling corrections, hyperlink updates and minor formatting changes (by using the typewriter tool and also by replacing a page that is NOT the signed page if the change repaginates the document or involves modifying a hyperlink that has changed).
  In all of the previous versions of Acrobat that we've used (7 Pro, 8 Pro and 8.1 Pro) , this has been easily possible and all changes would be listed under the Signatures tab, which is exactly what we want, which is traceability.
  I'm using the trial version of Acrobat XI Pro now but am getting the message "This document is signed and can not be edited." If I bring the same PDF that was created from Word 2003 & 2013 using Acrobat XI Pro into 8.1 Pro, though, I CAN add the date, use the typewriter tool and replace non-signed pages, save it and exit without clearing or losing any signatures.
  My question is this: How can I do this in Acrobat XI Pro, as XI Pro (in the Signature pane) also lists the changes made to the document when it was edited using 8.1 Pro? (It's OK that the changes made to the PDF then mark the signatures as "invalid", as the reason why they were invalidated is also listed in the Signature pane, e.g. "Form Field Added", which is usually the applied Effective Date.)
  Thanks for any help!

  Acrobat versions prior to 9 had a bug which allowed you to do what you did. In Acrobat 9 this bug was fixed. In order to do what you want you need to certify (apply special certification digital signature with your certificate -- it is "Certify (Visible/Invisible)" choice in the "Work with Certificates") your document first. In the process of certification you can specify which modification permissions you allow the users of your document to make after signing. Certification signature must be the first signature in the document.