I have inherited a VS2k5 project; it's an Outlook add-in distributed as a DLL.
When I try to compile the project, it asks for a password (which I don't know) because there is a password-protected pfx file and the assembly is signed. Since I don't know the password, I can't compile the solution without deleting the pfx file, or unchecking the Sign Assembly checkbox.
My question is, what's the password for? I would like any developer with access to our source control repository now or in the future to be able to compile this project without entering any additional passwords. So if I delete this pfx file and generate a new one without password protecting the new one, and then I deploy the resulting DLL, am I losing any security on the new DLL now that the pfx is no longer password protected?
Password protection adds another layer of security to your pfx.
Since a password protected pfx will prompt you to enter the password, it will be hard for any unauthorized individual to use the pfx and sign and certify some other assembly with your pfx.
Related
We have a windows application in (the dot net 2.0 framework).
Using this application our client took out invoice print. Due to the new gov. rules and regulations, they want to take out digitally signed invoices in pdf format so they can upload it on the gov. portal.
Every client will have their own one or multiple "DSC token/ e-pass token 2003/smart card".
We have to use this token to digitally sign the pdf.
Can anyone suggest to us what is a good way to achieve this in vb.net or c#?
While googling for this solution we found that these tokens install one certificate in Windows Root Certificate bind with the name. Use this certificate and digitally sign a pdf document.
We have one question related to this solution If the client installs their certificate on System A and it will show pdf doc is verified. What will happen if the files got shifted from System A to System B, will they be still verified or unverified?
For my IT Security class I have to create a vulnerable web application.
When logging in the user should upload a certificate (e.g. a PFX file, I chose a use case where this makes sense). However I want to make it so an attacker can recreate the certificate with some basic information.
I did some research and it seems like I need to generate a reproducable SSL key and CSR if I want to use PFX. Can I do this on my own? If so, how? If not, what other options do I have?
I have set up an OpenLDAP service with the slapd.conf file.
Everything is working find, but the customer wants to have the password encrypted in the slapd.conf-file and I'm struggeling to implement this it.
It works with this line:
idassert-bind bindmethod=simple binddn=CN=ldap-openLDAP,OU=Services,OU=company,DC=example,DC=com credentials=123456 mode=self
But the customer doesn't want to have the credentials of the user as plain text in the config file. Is there a way to write an encrypted password like e.g.:
idassert-bind bindmethod=simple binddn=CN=ldap-openLDAP,OU=Services,OU=company,DC=example,DC=com credentials={SHA256}asa78asadASf mode=self
I already found out that with simple bind only plain text passwords are possible.
The alternative is bindmethod=sasl. But with this I have to decide where I want to do the authentication with Kerberos or GSSAPI.
I'm not that familiar with this authentication methods.
Is there a way to store the password encrypted in the slapd.conf? If not, what exactly do I have to do to make the authentication to the LDAP-Server?
I installed OpenLDAP on a Windows Server (not UNIX). Because all the tutorials I found seem to be made for Linux-Servers.
{SHA256}asa78asadASf is a password hash. Hashing is (designed to be) one-way; there is (should be) no way to get back the original password 123456 from that.
At this time there is no support for encrypting credentials stored in slapd.conf.
For an easier solution than Kerberos, you might consider TLS client certificates. You can easily create your own CA certificate and issue a couple of client certificates from it. But note that this isn't any more secure than a plaintext password in slapd.conf! slapd has to be able to access the credentials it's supposed to present; anyone who can read the slapd.conf file can then obviously read those credentials as well, whether it's a plaintext password, a Kerberos keytab, or a certificate private key.
I've inherited a system which I'm rewriting in .Net Core.
The current system uses xero-node to make requests to Xero.
Xero-node makes use of the .pem file for authentication.
I'm using Xero-NetStandard but this requires a pfx. I have a pfx but don't have a password for it. I have the .pem but I can't seem to use it with this api.
Is it possible to use the .pem file with the Xero lib?
I have a code signing certificate from GoDaddy. I've used it successfully to sign the Inno Setup install packages that I use to distribute my Access databases. I'd now like to use it to sign the Microsoft Access databases themselves. The cert is imported into my Personal Store under both my administrator and non-privileged user accounts.
I tried the following:
Open an Access database (.accdb, .mdb, doesn't seem to matter)
go to VBA IDE, Tools --> Digital Signature...
Click on [Choose...]
I got the error message:
No usable signing certificates are available. Please insert your smart card, or contact your administrator to obtain a signing certificate.
Did I miss a step? Is this supported?