signature – Make Me Engineer

Using a PEM encoded, encrypted private key to sign a message natively

May 31, 2023 by Tarik

If you’re using BouncyCastle, try the following: import java.io.File; import java.io.FileReader; import java.io.IOException; import java.security.KeyPair; import java.security.Security; import java.security.Signature; import java.util.Arrays; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PEMReader; import org.bouncycastle.openssl.PasswordFinder; import org.bouncycastle.util.encoders.Hex; public class SignatureExample { public static void main(String [] args) throws Exception { Security.addProvider(new BouncyCastleProvider()); String message = “hello world”; File privateKey = new File(“private.pem”); KeyPair … Read more

Get timestamp from Authenticode Signed files in .NET

May 30, 2023 by Tarik

Back to the original question, I could not find managed way so ended up using pInvoke as follows: public static bool IsTimestamped(string filename) { try { int encodingType; int contentType; int formatType; IntPtr certStore = IntPtr.Zero; IntPtr cryptMsg = IntPtr.Zero; IntPtr context = IntPtr.Zero; if (!WinCrypt.CryptQueryObject( WinCrypt.CERT_QUERY_OBJECT_FILE, Marshal.StringToHGlobalUni(filename), WinCrypt.CERT_QUERY_CONTENT_FLAG_ALL, WinCrypt.CERT_QUERY_FORMAT_FLAG_ALL, 0, out encodingType, out contentType, … Read more

C++ Function Callbacks: Cannot convert from a member function to a function signature

May 18, 2023 by Tarik

You’re trying to pass a member function pointer as a normal function pointer which won’t work. Member functions have to have the this pointer as one of the hidden parameters, which isn’t the case for normal functions, so their types are incompatible. You can: Change the type of your argument to accept member functions and … Read more

Meaning of instantiation mode indicators in arguments of Prolog predicates

May 16, 2023 by Tarik

Those prefix operators, in this context, represent instantiation modes, i.e. they tell you which arguments should be variables or instantiated when calling the predicate. They also tell you if an argument will be (possibly further) instantiated by the call. They can also be used to tell you that an argument is going to be meta-interpreted … Read more

How to verify a jar signed with jarsigner programmatically

May 14, 2023 by Tarik

You can simply open the JAR with java.util.jar.JarFile and tell it to verify the JAR file. If the JAR is signed, then JarFile has the option to verify it (which is on by default). However, JarFile will also open unsigned JARs happily, therefore you must also check, whether or not the file is signed. You … Read more

How do you verify an RSA SHA1 signature in Python?

May 14, 2023 by Tarik

Use M2Crypto. Here’s how to verify for RSA and any other algorithm supported by OpenSSL: pem = “””—–BEGIN PUBLIC KEY—– MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfG4IuFO2h/LdDNmonwGNw5srW nUEWzoBrPRF1NM8LqpOMD45FAPtZ1NmPtHGo0BAS1UsyJEGXx0NPJ8Gw1z+huLrl XnAVX5B4ec6cJfKKmpL/l94WhP2v8F3OGWrnaEX1mLMoxe124Pcfamt0SPCGkeal VvXw13PLINE/YptjkQIDAQAB —–END PUBLIC KEY—–“”” # your example key from M2Crypto import BIO, RSA, EVP bio = BIO.MemoryBuffer(pem) rsa = RSA.load_pub_key_bio(bio) pubkey = EVP.PKey() pubkey.assign_rsa(rsa) # if you need a different digest than … Read more

C function with no parameters behavior

May 12, 2023 by Tarik

In C++, void no_args() declares a function that takes no parameters (and returns nothing). In C, void no_args() declares a function that takes an unspecified (but not variable) number of parameters (and returns nothing). So all your calls are valid (according to the prototype) in C. In C, use void no_args(void) to declare a function … Read more

Difference between signature versions – V1 (Jar Signature) and V2 (Full APK Signature) while generating a signed APK in Android Studio?

October 6, 2022 by Tarik

It is a new signing mechanism introduced in Android 7.0, with additional features designed to make the APK signature more secure. It is not mandatory. You should check BOTH of those checkboxes if possible, but if the new V2 signing mechanism gives you problems, you can omit it. So you can just leave V2 unchecked … Read more

Absolute minimum code to get a valid oauth_signature populated in Java or Groovy?

October 4, 2022 by Tarik

Here is my code for Flickr OAuth. NOTICE: I REFERED some logic from SignPost. It is really very tricky to generate it signature…. OK. This is just an example for generate the “oauth_signature” package oauthflickr; import java.io.IOException; import java.io.InputStream; import java.io.UnsupportedEncodingException; import java.net.URI; import java.net.URISyntaxException; import java.net.URLEncoder; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.List; … Read more

Top-level const doesn’t influence a function signature

August 8, 2022 by Tarik

allow these two functions simultaneously as different function since they are really different as to “whether parameter can be written or not”. Intuitively, it should be! Overloading of functions is based on the parameters the caller provides. Here, it’s true that the caller may provide a const or non-const value but logically it should make … Read more