pki

Node.js Rest call to a server that requires a certificate

懵懂的女人 提交于 2020-01-15 06:05:41
问题 How do a make a rest call from Node.js to a server that requires a certificate for authentication? 回答1: The solution is to use a custom connection pool, for which you'll need to use a custom Agent. Here's an example using the standard https module, straight from the documentation: var options = { hostname: 'encrypted.google.com', port: 443, path: '/', method: 'GET', key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'), cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem') };

SecTrustEvaluate returns kSecTrustResultRecoverableTrustFailure on iOS 5

风流意气都作罢 提交于 2020-01-13 04:00:08
问题 Working to update an application I have to iOS5 after reports of it not working with the beta. The problem is tracked down to the fact that our custom SSL certificate verification is no longer working. In the didReceiveAuthenticationChallenge section, we obtain our root certificates and call SecTrustEvaluate. This works fine on iOS4. protectionSpace = [challenge protectionSpace]; trust = [protectionSpace serverTrust]; err = SecTrustEvaluate(trust, &trustResult); trusted = (err == noErr) && (

How does Android's app/signature verification work?

若如初见. 提交于 2020-01-10 08:29:30
问题 I want to preface this question with two things so I can narrow down where my actual question is: a) I've done software dev before, though never for android b) I'm familiar with PKI and encryptions and hashing and digital signatures and blah blah blah That being said I'm having trouble tracking down more information about where and how Android verifies app creators. I've heard a lot of different information so I'm trying to synthesize to get a better idea of the workflow. I know that every

Signing a pdf document

ぃ、小莉子 提交于 2020-01-04 11:39:20
问题 Currently I am upgrading my old application Which is done using itextsharp 5.0.0 to 5.4.5(latest)... But I have a problem in getting the equivalent code for PdfSignatureAppearance.SetCrypto(this.myCert.Akp, this.myCert.Chain, null, PdfSignatureAppearance.SELF_SIGNED); Can anyone help me regarding this? Thanks in advance... 回答1: I sign PDF documents using 5.5 version of iTextSharp. Below is the sample code. // Set the reader (PdfReader) and output (Stream) first PdfStamper stamper = PdfStamper

How to programmatically create a Certificate Signing Request (CSR)?

回眸只為那壹抹淺笑 提交于 2020-01-04 01:47:06
问题 How to implement it in C? openssl req -new -key cert.key -out cert.csr openssl x509 -req -in cert.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out cert.crt -days 5000 回答1: I hope it is not too late and my answer will help :) I'm providing my solution, which I implemented ~three years ago after researching openssl sources. The generated certs are very simple - review which fields you need and adjust the functions. openssl req -new -key cert.key -out cert.csr is implemented the

iPhone Simulator custom CA certificate

此生再无相见时 提交于 2020-01-03 14:23:05
问题 I'd like to test an application on the iphone simulator which connects to a service using a certificate which is signed by our own CA. I can do this on the actual device by adding a provisioning profile which has the CA certificate. I had thought that having the CA certificate in the standard OSX keychain would work, but it doesn't. So I can access the service via Safari without warning, but I get error when trying to run things in simulator. 回答1: The crypto api's are unavailable to the

OpenSSL ECDSA signatures longer than expected

≡放荡痞女 提交于 2019-12-30 23:59:20
问题 I am attempting to generate "raw", unencoded ECDSA signatures for use with a cryptographic chip. The goal is to sign something on the host pc, then send it to the chip to be validated. However, I am running into a little problem. My understanding is that the ECDSA signature should be 64 bytes (for secp256v1). And, when I use the chip to generate a signature, it is indeed 64 bytes in length. However, when I use openssl, the signature is 71 bytes in length. The beginning of the signature seems

Configure SSL certificates with Hibernate, Spring and JDBC

风流意气都作罢 提交于 2019-12-30 07:42:14
问题 I'm trying to move from an unencrypted JDBC connection using a username and password to log in to my MySQL database server, to a connection using SSL and certificate-based authentication. I'm using Hibernate with Spring MVC. My WebAppConfig file looks like this: package com.****.PolicyManager.init; import java.util.Properties; import javax.annotation.Resource; import javax.sql.DataSource; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation

统一用户认证和单点登录解决方案

拜拜、爱过 提交于 2019-12-29 13:16:12
本文以某新闻单位多媒体数据库系统为例,提出建立企业用户认证中心,实现基于安全策略的统一用户管理、认证和单点登录,解决用户在同时使用多个应用系统时所遇到的重复登录问题。 随着信息技术和网络技术的迅猛发展,企业内部的应用系统越来越多。比如在媒体行业,常见的应用系统就有采编系统、排版系统、印刷系统、广告管理系统、财务系统、办公自动化系统、决策支持系统、客户关系管理系统和网站发布系统等。由于这些系统互相独立,用户在使用每个应用系统之前都必须按照相应的系统身份进行登录,为此用户必须记住每一个系统的用户名和密码,这给用户带来了不少麻烦。特别是随着系统的增多,出错的可能性就会增加,受到非法截获和破坏的可能性也会增大,安全性就会相应降低。针对于这种情况,统一用户认证、单点登录等概念应运而生,同时不断地被应用到企业应用系统中。 统一用户管理的基本原理 一般来说,每个应用系统都拥有独立的用户信息管理功能,用户信息的格式、命名与存储方式也多种多样。当用户需要使用多个应用系统时就会带来用户信息同步问题。用户信息同步会增加系统的复杂性,增加管理的成本。 例如,用户X需要同时使用A系统与B系统,就必须在A系统与B系统中都创建用户X,这样在A、B任一系统中用户X的信息更改后就必须同步至另一系统。如果用户X需要同时使用10个应用系统,用户信息在任何一个系统中做出更改后就必须同步至其他9个系统

How does a public key verify a signature?

陌路散爱 提交于 2019-12-29 10:04:57
问题 I am trying to get a better grapple on how public/private keys work. I understand that a sender may add a digital signature to a document using his/her private key to essentially obtain a hash of the document, but what I do not understand is how the public key can be used to verify that signature. My understanding was that public keys encrypt, private keys decrypt... can anyone help me understand? 回答1: Your understanding of "public keys encrypt, private keys decrypt" is correct... for data
订阅 pki