We are trying to automate certain processes with Chilkat.
In particular we are trying to generate a PKCS7 document that contains the following features:
A signed xml document. This signing is done via smartcard and the
output must include the signature. For this point, we are using the
crypt2 object with :
EncodingMode, HashAlgorithm and charset attributes
SetSigningCert, OpaqueSignStringENC methods
We need also to include the signer's digital signature certificate in X.509 ASN encoding.
This second point is where we are having some problems.
We have obtained a valid signed document according to the 2 points through the createp7m method for manual testing but the point of our program is to automate the process in memory. Therefore, we are trying to use the OpaqueSignStringENC("original xml to sign") but we believe the point (2) is not being taken into account.
I don't know if anyone has encountered a similar problem. I just recently started working with encryption, certificates...sorry if I am explaining myself incorrectly.
Thanks everyone for your help and time
Related
i'm faceing some issue with an ssl certificate that i need for payment gateway,i already generated it but it doesn't work,i'm already doing a 3d payment gateway with a plugin that requires that certification..
I opened ssl via command prompt generated it but still i get the error request that the certification is invalid,is it possible that i did something wrong here is how it is required
OpenSSL Setup Prior to proceeding, it is necessary to download Win32 OpenSSL which can be found at: https://www.openssl.org/source/ After
the software is set up, it is important to enter a variable Path for a
bin catalogue.
In system variables: Variable PATH → “Change” Put a semicolon at the end of the line and enter a pathway to the bin folder:
c:\OpenSSL\bin For the next step, in the console, open the batch
folder and run run.bat (one of the attachments in the email received
from UPC)
The command can be performed for example in FAR. For this, place the cursor on run.bat file, press Ctrl Enter and add MERCHANT ID with
a space Key Generation Key generation and exchange is performed after
the Merchant sends a request for registration and receives E-shop
attributes via Internet (that includes a Merchant ID) Prior to key
generation, it is necessary to edit the file config.dat according to
the data of the E-shop. Config.dat data shall not strictly correspond
with the data in the request; such data is used for neither signature
generation nor signature verification and is only used for an
identification of a certificate file.
Can someone please explain me a little how to do it in steps i already watched some tutorials on youtube but i think i did something wrong,ill hope someone here can tell me how to fix this issue thank you very much
I am attempting to develop a file encryption function using user entered passphrase. I am studying the example functions at the WiKi here , but don't understand how 'key' and 'iv' exactly work. By experimenting I found out that I only need the same key value to decrypt the file, but NOT the same iv! Indeed I used a random iv string while decrypting, and it decrypts just fine. I plan to generate the key from the sender's passphrase to share it with the file recipient, but I am not sure what to do with iv value? Does it need to be shared with the recipient and used to decrypt, or I can use a randomly generated value, or should I hardcode the value in the program for encryption and decryption? What is 'iv' is used for in this context?
As per my knowledge and research which i have done over the internet, it seems that currently OPENAM does not support SHA-256 encryption. I am using SAML authentication in my project, and currently using old openfed jar which does not support the SHA 256 encryption. I went through the latest jar also and found that openam does not support it.
FYI ..
Following is the snippet of QuerySignatureUtil.java :
final String querySigAlg;
final String alg = privateKey.getAlgorithm();
switch (alg) {
case "RSA":
//Defaulting to RSA-SHA1 for the sake of interoperability
querySigAlg = SystemPropertiesManager.get(SAML2Constants.QUERY_SIGNATURE_ALGORITHM_RSA,
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
break;
case "DSA":
//Defaulting to SHA1WithDSA as JDK7 does not support SHA256WithDSA
querySigAlg = SystemPropertiesManager.get(SAML2Constants.QUERY_SIGNATURE_ALGORITHM_DSA,
XMLSignature.ALGO_ID_SIGNATURE_DSA);
break;
case "EC":
querySigAlg = SystemPropertiesManager.get(SAML2Constants.QUERY_SIGNATURE_ALGORITHM_EC,
XMLSignature.ALGO_ID_SIGNATURE_ECDSA_SHA512);
break;
default:
SAML2Utils.debug.error(classMethod + "Private Key algorithm not supported: " + alg);
throw new SAML2Exception(SAML2Utils.bundle.getString("algorithmNotSupported"));
}
While going through the internet i have found the ticket https://bugster.forgerock.org/jira/browse/OPENAM-8627
But it seems that it was done only for .NET fedlet.
Can someone
Well firstly, SHA-256 is not an encryption algorithm.
Digital signatures can use SHA256 as digest algorithm, yes. As you can see in the source of the QuerySignatureUtil, the actual algorithm is now configurable and can take lots of different values. The configuration retrieval is done with the SystemPropertiesManager calls in your snippet, and the config can come from two places:
For fedlet: the properties should be defined in FederationConfig.properties.
For the OpenAM server, the settings can be found under the Common Federation Configuration in the Global settings.
If you want to take a look at the digital signature implementation, then there are two classes of interest:
FMSigProvider: this class deals with proper XML signatures, all the digital signatures will be part of the XML document as per xmldsig spec.
QuerySignatureUtil: this class mainly deals with querystring signing, which has different set of rules than regular XML signatures. In this case the signature will not be part of the signed XML document, instead the signature will be put on the query string. The SAML binding spec that describes the HTTP-Redirect binding discusses this in more details.
If you want to control the DigestMethod value within the digital signature, then you need to have a look at OPENAM-7778, that was implemented in 13.5.0.
If you want to encrypt SAML messages using 256 bit encryption algorithms, then you will need to install the JCE jurisdiction files, after that, you should be able to configure http://www.w3.org/2001/04/xmlenc#aes256-cbc as XML encryption algorithm.
I have a utility that is using the BouncyCastle.Crypto dll (version 1.7.4, runtime version 1.1.4), in order to decrypt a file that is given to it by another system.
I just updated the pgp key (and provided the encryptor with the new public key). The new key uses 4096 bit RSA encryption and has a 24 character password, which are the only differences I can think of between the new key and the old key. The old key used I believe 2048 bit encryption with a 7 character password.
When I attempt to decrypt a file the process is now failing when calling the PgpSecretKey.ExtractPrivateKey(char[] passPhrase) function, provided by BouncyCastle. The error is "Checksum mismatch at 0 of 20."
The weird part is that the first time I tested it worked fine, then with no changes it began failing. I have tried with multiple encrypted files.
Since it's such an old version of BouncyCastle and this particular permutation of the ExtractPrivateKey function is no longer in use I am finding it difficult to locate relevant information. Any thoughts are appreciated.
I got that error once "Checksum mismatch at 0 of 20." . My issue was due to a wrong pass phrase. Hope this should help someone.
I am using jpasskit to generate and sign passes. So, I created a signature file from a sample manifest.json, using my p12 file and the Apple WWDRCA certificate. Then I decided to do the same thing (using the same manifest and certificates) using this Objective C code. But the signature files are different from each other.
I suspect there is something wrong with the jpasskit code. So, is there any way to decrypt the signature or otherwise inspect them somehow to see what is wrong?
Looking at your pass signature (provide in chat), it looks like you are using an Apple Production IOS Push Services certificate (com.paguemob.mobileios.PagueMob) to sign your pass.
You need to be signing with a Pass Type ID certificate, and that certificate must match the name of the certificate you have in your pass.json (pass.com.paguemob.mobileios.PagueMobS).