Converting decimal to hexadecimal byte in Java Card
It slipped my mind that you could do: if (num < 256) { return (byte) num; } That should have settled it for now considering the num which is the amount to pad is less than 256 for PKCS 5 and 7 padding as per RFC-1423, RFC-2898 and RFC-5652....
Bouncy Castle: Creating CMS (a.k.a. PKCS7) certificate?
ssl,cryptography,ssl-certificate,bouncycastle,pkcs7
There is no such thing as a CMS certificate or PKCS#12 certificate. CMS is the cryptographic message syntax. It specifies a container format that may contain X5.09 compatible certificates of the signer. PKCS#12 is a container format for cryptographic objects, it is often used to store one or more certificate/private...
SignedData / DigestAlgorithm and SignedData / SignerInfo / DigestAlgorithm: same?
Is this a duplication of the same attribute? If not, what is the meaning of either? In case of RPKI yes. The reason is that this standard does not introduce a specialized new structure but merely a profile of an existing one: The RPKI signed object is a profile...
PHP PKCS7 Padding bug
php,encryption,padding,mcrypt,pkcs7
solved it. the "+" signs in the base64 encoded data is being converted to spaces when transported through http thus resulting into different values. What I did is the client encoded the binary data to base64 and passed it through urlencode() function. The PHP side handled the data by using...
Verification of pdf integrity fail
Please be aware that in a SignedData object there are multiple hash values to consider which generally are not equal. Have a look at the definition of the Cryptographic Message Syntax (CMS) objects in RFC 3852. (RFC 3852 is the RFC referenced from the current PDF specification ISO 32000-1; thus,...
Obtaining the hash/digest from a PCKS7 signed PDF file with iText
First of all, there is not necessarily the hash/digest message from the signature, in case of PKCS#7 / CMS signatures usually multiple hashes are involved, cf. this answer to Message digest of pdf in digital signature. Considering that you need the digest to fulfill some legal restrictions, though, I assume...
C# and PHP encryption compatibility - 3DES ECB with PKCS7
PHP code: $key = "6702BC24DD0527E7"; $key = md5($key,TRUE); $key .= substr($key,0,8); The C# code is "ok" as it is. "ok" is a big word here. I would probably use SHA256 and trim it to 24 bytes: C#: SHA256Managed sha256 = new SHA256Managed(); keyArray = sha256.ComputeHash(UTF8Encoding.UTF8.GetBytes(key)); Array.Resize(ref keyArray, 24); //Always release...
Read PKCS#7 from ASN1 with PasswordRecipientInfo
Seems some wrapper code is missing from the der-data above: var bs = new MemoryStream(); var constructeddata = new DerSequenceGenerator(bs); constructeddata.AddObject(new DerObjectIdentifier("1.2.840.1.113549.1.7.3")); constructeddata.AddObject(new DerTaggedObject(true, 0, ed)); //constructeddata.AddObject(ed.ToAsn1Object()); constructeddata.Close(); var derdata = bs.ToArray(); var cms = new CmsEnvelopedData(derdata); So what I do is adding a top layer to the data. ed...
C library for CMS/X.509 manipulation
Here's what I managed to get working so far. 1. Building a CSR, signing it with some other engine I mostly followed demos/x509/mqreq.c, with some twists. (NB: error checking, fancy modulus length/label/subject DN generation/handling has been left out for brevity and focus on actual flow). unsigned char* mod = NULL;...
Decrypt p7s file on iOS
ios,objective-c,cocoa-touch,nsdata,pkcs7
You can read it into an NSData instnace and use - (NSRange)rangeOfData:(NSData *)dataToFind options:(NSDataSearchOptions)mask range:(NSRange)searchRange to find the beginning and end of the plist. Then use - (NSData *)subdataWithRange:(NSRange)range to optain just the plist data. Finally convert to a NSString with: - (instancetype)initWithData:(NSData *)data encoding:(NSStringEncoding)encoding ...