I am using a third party cloud certificate signing application. From what I have been able to observe the application "downloads the certificate" and installs it but without a private key. If, for example, I open a PDF document with Adobe and sign with Adobe itself and select the certificate that I downloaded with the third-party application, if the application is not open, signing with Adobe does not work. In summary, to sign with a certificate from the third-party application, it must be open, the same happens if I sign with the browser with that certificate, how is it possible for Adobe or the browser to communicate with the third-party application? I need to make a similar application.
Do I have to create a driver filter? can someone guide me?
Related
I have written an application, that I'm publishing to my webpage everytime I make changes via the "Publishing Assistant" in VS13. If I'm going to install it on my PC from my website Windows tells me that the application would not be trustful. How do I change this? Where do I get an certificate for signing it?
You buy a certificate from any trusted certificate provider. To not to promote any specific provider, I'll just recommend you to google for "buy code signing certificate", if you really can't find a provider on your own.
Then, at the properties tabs, navigate to the "Signing" tab and point to your certificate file. The package will be signed upon building.
I have a web application based on C#,asp.net.
In application i generate an xml file that contents journal records.
Admin user must sign this xml file with his usb token.
In windows application i can read usb token certificate file and i can sign the xml file.
But in web application i execute the same code and i get an this error:
"Card inserted card reader not found".
How can i access on client usb token and certificate from ny web application?
Is there anyone using electronic signature on web application?
There is no easy solution. You have to create ActiveX control or Java applet and install it on client machine. That is how my internet banking works.
The usual and the easiest way is to let the users upload a scanned copy of their signatures. The application should then save it somewhere (database or some folder on the server). Whenever required, these users should be able to use their signatures. It then automatically becomes electronic signature. Just properly authenticate and authorize users before letting them use the electronic signatures.
Hope this helps!!
Let me explain my dilemma. I am writing an ASP.NET web application that is supposed to let a logged in user download my client-side Windows executable file. Before such file is downloaded the web app changes some strings inside the .exe file (by modifying the exe file image with the user selection).
I am now looking into a way to digitally sign this executable file with my code signing certificate. The problem is that to do this I need to run it through the Microsoft's signtool that requires either an installed digital certificate on the server where the web app is running from, or that I provide the .pfx file that contains my private key.
This bring up two issues:
If I go with installing my digital cert on the server, then anyone can use it to sign any executable off that server (which I would prefer to avoid.)
If I choose to upload the exported Personal Information Exchange (PFX file) for my certificate, I can protect it with a password, but signtool will require that password to sign my exe file, which it will need in a plain text form. So I will need to store the password somewhere, which is not that safe either.
Any suggestions, how shall I overcome these?
If you plan to use number 2, you can look into using SecureString to encrypt your password. You still need to initialize SecureString with the plain password for which you have two secure options.
Provide the string manually through a webpage (use SSL to protect this page from MITM attacks). This is the most secure option but it has a tradeoff that You have to provide the password every time app starts. Or,
Create a web service on a different server that will return this plain password (again communicating over SSL). This is not full proof because if the web service's server is compromized, your password is gone. However, by distributing risk into multiple servers, you make the job harder for hacker to break the security of the system.
How can i create certified pdf with c#?
A certified PDF is basically a PDF that has been digitally signed using a certificate that is trusted by the Adobe Root Certificate. This service is called Adobe Certified Document Services. When your document is signed it displays a blue ribbon at the top and verifies that the document is from you and it hasn't been tampered with.
You can get the certificate from a participant of the service, we use one called GlobalSign
Once you have the certificate you need to get a device to actually sign the documents, this can be a USB stick that you plug into your PC or a PCI HSM card that sits in a server for high volume signing.
Once you have this in place your PDF's will display the blue ribbon
In our system we used Morphon Tom to actually sign the PDFs, it's a webservice that you simply send a PDF to and it returns it signed using your certificate.
Hope this gets you started!
Interesting component for PDF signing:
Signing using smart cards and cryptographic tokens
CAdES signatures
LTV signatures
Multisigning
docs
I have an InfoPath 2007 form with custom .NET code. In order for it to be accessible on our Sharepoint server, it needs to run in full-trust (I get an error about the form trying to access my computer, and therefore it cannot run). In order to run in full-trust, it needs to be signed with a cert. The network admin sent me a cert, but it won't show up in the InfoPath "select certificate" dialog when I try to sign it, even after I installed the certificate on my machine. I think it is because the certificate's purpose is server authentication, when it needs to be code signing. Is there any way to use this certificate to sign the form? Or for that matter is there another way to get the form to run on the server without being digitally signed?
And because i'm new here is the second link...
and this is digging a little deeper on how to build and deploy full trust forms:
http://msdn.microsoft.com/en-us/library/bb251025.aspx
There is a couple of ways to get your form full trust. I dont mean to just post a link in here but this should get you going in the right direction.
this gives an over view:
http://msdn.microsoft.com/en-us/library/bb251022.aspx