I am developing an application that'll decrypt encrypted files when a user successfully logs in. From what I understand, OpenSSL does not have a built-in function for this. So what I plan to do is zip up a folder and encrypt the zip file when I want to encrypt the directory and the reverse when I want to decrypt it. I will use the aes-256-cbc algorithm. The problem is, a user could change their password in my application, so the new password will generate different key and IV pair meaning that I can't decrypt the folder. Does anyone have any suggestions? Login credentials are verified on the server and encrypted zip files are located on the computer running the client application.
The problem is, a user could change their password in my application, so the new password will generate different key and IV pair meaning that I can't decrypt the folder.
The practice is not to use the user credentials to encrypt the data. If the user forgets his credentials, the user is done for.
Login credentials are verified on the server and encrypted zip files are located on the computer
That's actually giving you an option. If you don't want to store the encryption key on the client side, the server could send the key back as a part of the response and the client application could use it to decrypt or encrypt the data.
Can we encrypt and decrypt files in flutter?
I am working on application where i can decrypt and encrypt a file. For example an mp4 format file is already in an encrypted format i need to decrypt the file and show it in my application.
If so please share the code.
Is it possible to decrypt master password if I have data for encryption (text) and the result of encryption of this data (BLOB).
I want to decrypt Google Chrome master password that is used for encryption data. As I know chrome uses windows API CryptProtectData function. I have plaintext1 and ciphertext1. Also I have ciphertext2 and I want to decrypt plaintext2.
I have a project to generate PDFs on a server using ASP.NET (C #). But now we need the customer to be able to digitally sign these PDF. From what I saw, the documents must be signed at the client side, using an applet, as in the server I have no access to the private key of the certificate, but as I said above, the PDFs are generated on the server and I keep them there.
So, what I need is to digitally sign PDFs on the server, taking the client's certificate.
Thanks
Since it is not possible or anyway safe to extract and send the client's private key, to sign pdfs on the server you need to establish a "session" with the client and let them calculate the signature.
The steps should be something like:
the client sends his public certificate to be embedded in the signed pdf
the server generates the pdf, embeds the certificate and calculates the hash (eg: sha1)
the server sends the hash to the client applet
the applet calculates the digital signature with her private key
the applet sends the signature to the server
the server embeds the digital signature and closes the pdf.
To do this with itext you will have to use the preclose method after ambedding the certificate, so to be able to alculate the sha1 hash on the final document.
Then after pre-closing the pdf you will have to calculate the hash of the pdf and send it to the client.
Be careful: while preclosed you will have to keep the document in memory, for example in a server session.
To generate the pdf, embed certificates and prepaare the document you can use itextsharp, the c# port of the itext library. To calculate the hash and create the pkcs7 envelopes you can use the .net crypto api.
Hope this helps.
You might be missing the point of digitally signing a document. The act of signing a document is meant to be a user activity.
You can create the document on the server side and serve it with the content-type "application/pdf" and that will serve the document to be signed. When they sign it you can use pdf form submit to submit the signed document back to the server.
AspPdf + USB Network Gate or AnywhereUSB might help if the client uses USB smard card on their machine.
you can also use a signing service like (I'm sorry, I just know this one as working) http://www.signagate.de - these guys offer an Web service that enables you to 'upload' an unsigned pdf which will be sent back with an so called 'intermediate' signature that is conforming to even all signature laws in the EU as a qualified signature (at least for invoices as I know).
The fun is, you just need to be able to do a post call to their service to get the pdf singed back as answer.
So the 'intermediate' thing allows you (from a legal view) to NOT promote the private key etc. around the world but getting a valid signature on your PDF and keeping so the legal needs by a proper authentication to the signature service of this company.
Jimmy
Warning:
The signer certificate has expired.
I get the following when I try to sign with jarsigner, and the output jar doesn't get generated.
How do I renew my jar signature?
Are you using a self-signed certificate? If so, you just need to use keytool to generate a new certificate, then sign your jar using keysigner.
If you are using a third-party signed certificate (Verisign, Thawte, etc), you'll need to renew your key using their online system (usually the same place you got the original cert).