Google Pay Integration - Cryptogram encoding - google-pay

I need to convert GooglePay cryptogram field to bytes. I am trying to find which encoding is used for this (highlighted in below image) field.
Can anyone please guide me?

Related

How to work with PDF in PDF/A1-a format using PHP

I'd like to generate a PDF file strictly in the PDF/A1-a format (to integrate with a government service).
This service does not support PDF/A1-b or PDF/A1-x format. Only PDF/A1-a.
Previously, I used mPDF (https://mpdf.github.io/) in my work. But this library supports maximum PDF/A1-b.
A search in Google gave no result. But I think that I am not the first one who needed this format. Please tell me if there is something convenient for working with this "rare" format (PDF/A1-a).
Regards, Alexey.

How to tell what encryption is used in PDF?

I'm trying to read PDF in my app. I've stumbled upon AES-encrypted PDFs.
As far as I undestood from the PDF reference, in AES scheme, strings and streams should be padded up to multiple of 16 length. First 16 bytes are the IV in unencoded form.
However, in my PDF, strings have lengths, which are not multiple of 16. Decryption of such strings predictably fails.
Here are the details of the PDF:
Header:
%PDF-1.6
Encrypt dictionary:
<</Length 128/Filter/Standard/O(...)/P -1340/R 3/U(...)/V 2>>
So, PDF version is 1.6, encryption version is 2 and revision is 3 - under this condition, PDF reference states that AES scheme is used.
Example of encoded string:
Author(Í¡c$5N8 ¶ŽÜß*绫ÈÙÏ)
which has the length of 29.
Note that I'm able to verify user password as stated in algorithm "Authenticating the user password", and it shows to be valid.
EDIT:
The only logical answer would be "Because it is not AES-encrypted". Indeed, when forcing encryption to RC4, PDF decrypts just fine.
So the question is rather "How to tell if AES or RC4 is used?"

Verifying digital signatures in PDF documents

I'm trying to verify PDF's digital signatures.
I know that when a PDF is signed, a byterange is defined, the certificates get embedded, and from what i've read, the signed message digest and the timestamp are also stored in the PDF.
I already can extract the certificates and validate them.
Now I'm trying to validate the pdf's integrity and my problem is I don't know where the signed message digest is located.
In this sample signed pdf from Adobe (http://blogs.adobe.com/security/SampleSignedPDFDocument.pdf), i can clearly identify the digest since it is down below the embedded certificates: /DigestMethod/MD5/DigestValue/ (line 1520).
But that PDF sample seems to be from 2009, and I suspect the message digest is stored in a different way now, because I signed a PDF with Adobe Reader and also with iText, and I can't find any message digest field like the previous one.
Can someone tell if the digests are now stored in a different way? Where are they located?
Anyway, for now I'm using that sample document from Adobe, and trying to verify its integrity.
I'm getting the document's bytes to be signed acording to the specified byterange, and digesting them with MD5 algorithm, but the digest value I get doesn't match with the one from the message digest field...
Am I doing something wrong? Is the digest also signed with the signer's private key?
I appreciate any help.
There are numerous details to get right when calculating the hash for integrated PDF signatures, among them:
Extract the correct bytes from the PDF to hash. The ByteRange tells you exactly which byte ranges are signed. To be accepted in modern signing contexts, the ranges must cover the whole PDF file revision with the exception of the value of Contents.
Beware, the value of Contents includes the the leading '<' and the trailing '>' brackets.
Don't use a regular text editor or text processing instructions (like readln or writeln) to process PDFs. PDFs are binary in nature, even if they look textual to the naked eye. Copying PDF parts using such text related operations most likely changes them in details, definitively breaking the signature hash value.
When in doubt, don't guess but read the specification. A copy of ISO 32000-1 has been made available by Adobe here, and much you need to know about the PDF format to start processing them can be found there and in other public standards referenced in there. A very short introduction to integrated PDF signatures can be found in this answer and documents referenced from there.

Hash computation in Google safe browsing V2 implementation

I am trying to test my implementation of the google safe browsing api version 2.
To test a part of my code that sends requests for full hashes for a given prefix, I captured a short session of traffic where I visited a known currently blacklisted url "utfvq.portrelay.com" and firefox sent a request to google for full hashes and google responded with a list of hashes.
The prefixes firefox sent are(Hex encoded) : 2e2e372e,2e26382e,2e2e382e,6545382e
The 4 matching full hashes it received are :
2e26382e2e2e436d2e2e2e2e322e3b2e2e2e2e2e4a2e2e2e7b2e2e2e6a492e2e
6545382e2e2a5b792e652e2e2e2e2e2e2e2e70442e7d2e2e2e222e2e502e2e2e
2e2e382e6c36252e2e522e2e592e2e2e2e2e3f592e2e2e782e2e572e4e2e2e2e
2e2e372e2e2e2e2e55682e542e51622e552e2e68352e2e2e2e2e2e2e2ed2755
In my implementation however, the hash prefixes I generate do not seem to match the hash prefixes that firefox sent. Hence, I am not getting any full hash matches in my client.
I have followed googles description of the API closely and made sure the previous steps such as url canonicalization are implemented properly.
The url, SHA256 hashes I get are
utfvq.portrelay.com/ : 5c2383012676e63656c13167e1cc4f55309c4e1b73c22556e36ec1487e8b8697
portrelay.com/ : 842638fe92ee436da7808d0232d03bcaa0f5c8b64ad5eee97bf28dbb6a49f8ae
Can some one point out why the hashes do not match. I have followed the API guide to the best of my knowledge. Is there some implementation detail I am missing ?
It turned out to be a basic character encoding error on my part.
The SHA hashes I compute in my code are correct. The way I looked at the hashes that firefox sent was wrong. I copied the characters from a text file where it stored any byte not with in regular ascii range as a dot(.). Then I converted these to Hex values which is a kind of "lossy" encoding. This is why there were so many "2e" hex chars in the hashes. Now I am using just the original bytes and they match.

Getting text information from the Internet into my app

I learning Objective C, and I am going to develop some apps. I have a general question: How to get text information from the Internet into your app. Say you want the current title of Yahoo News. Do I need to use some PHP, or are there Objective-C specific classes to choose from?
Help is appreciated (code as well!), just anything that can help me take te step to exploring the new possibilities!
If I understand your question, I'd say the best way to do it would be to get the HTML source from the URL of your choosing as a string, then parse it to grab an attribute such as the title. Have a look at NSString and NSXMLDocument; they both let you instantiate them from a URL.
Here's a great way to do it:
Go to Yahoo Pipes, and create your "pipe" (basically a feed of one or many different data inputs on the web).
Publish: Select a format for Yahoo to host, for example as an RSS feed or in JSON.
UIWebView can then point to your pipe's URL. (Here's a tutorial on UIWebView)
Done.
Note that you can choose to get the feed as RSS, JSON, and other formats as well. Here is an example of a pipe I set up for the National Vulnerabilities Database as RSS, and the same feed as JSON.
ASIHttpRequest Will keep you sane.