Generating Digital Signature - vb.net

I wanted to generate digital signature in my asp.net application based on some value
like date of birth. what is the way to do that ? i am using vb.net

If you decide that you really do want what that Wikipedia article talks about, then see the SignedXml class in the System.Security.Cryptography.Xml namespace.
Note that this isn't the only way to work with Digital Signature in .NET - it's just the part I've worked with before.

Related

Method to prove authenticity of download files in hindsight

I'm looking for a tool or method to prove the authenticity of resources download from the web and stored locally. To be clear: I don't mean the SHA or MD5 checksums to verify a downloaded file. What I need is a way to download and store a web resource in such a way that I can later prove that said resource indeed originated from that web server.
In particular for the following scenario: A website published an article about a client. He would like to sue for defamation of character. I need a way to store the article without them having the possibility of simply removing it and denying they ever published it. So preferably this would be a tool that is backed by publications making it credible in court.
I have thought about storing the TLS certificate, keys and the encrypted data. That would rely on the root CA, but I think that would in itself not be a problem. I could do this using a custom program and a library like OpenSSL, but I think this is such a common problem, there probably is a relatively standard tool for it. Also, I am not entirely sure to what extent this would constitute reliable evidence. And can someone point to publications that would back this method?
Maybe I am using the wrong search terms, but everything I find is about aforementioned SHA or MD5 checksums. Any help is much appreciated.
If I understand correctly you need something like signature with timestamp. Yes?
You not only need checksum from document (article, text value, whatever) but also proof that this article really existed in time.
When using digital signature you can store such timestamp in 3rd party certified providers. You sign document and send checksum to 3rd party provider. Later you can ask provider to verify that this exact document is valid & was indeed created at given time.
https://en.wikipedia.org/wiki/Trusted_timestamping
As this can cost (fee for provider to store the timestamps) you can create checksums from many documents (like take all documents from one hour), store all of them in a single file, create checksum from that file and sign it with timestamp. This way you create one timestamp for documents batch, not for each document.

Python / rdflib HTTP server for sparql endpoint

Is there a capability for or example of creating a Sparql HTTP endpoint with rdflib? We would want it to follow the spec and be able to return json and/or csv formats. This would mostly be for POC usage. It would also be possible to use Javascript/Node.
Thanks!
You might try https://github.com/rdflib/pyLDAPI. It's been touched much more recently than https://github.com/RDFLib/rdflib-web and there are some public examples of it to follow, e.g. https://geofabricld.net. Also, the SKOS-specific tool VocPrez uses it under the hood.
As of earlier this year, pyLDAPI implements the W3C's Content Negotiation by Profile specification which is, I suppose, the latest an greatest Linked Data API-relevant specification, although it's not just for Linked Data APIs.
Feel free to contact me directly if you need more of a hand with this.

"detached" digital signatures in PDF

I want to implement "parallel" signing process of PDF, so that users can digitally sign document not "one by one", but simultaniously. To implement this, I decided to create separate copies of initial document for all users and get signatures on them. Eventually, all signatures should be concatenated into single PDF.
Let's assume, that PDF is not changing during signing process, except signature field creation (all acroForms, signatureContainers, visual signatures, etc. are created before and similar for all).
.. during futher investigation, I readed this article and understood, that each previous digital signature (even detached) is included into SignedContent of the next signature. So there is no way to put digital signature which will be completely separated from the contents. This leads to a problem, that next signature, can't be calculated, before previous is finished.
Please tell if there is any option to get around this? Or putting signatures "one by one" is the only solution?
P.S. I'm using Apache PDFBox to work with PDF.
Please tell if there is any option to get around this?
If you want your signatures to be interoperable, there is no way around that.
I readed this article and understood, that each previous digital signature (even detached) is included into SignedContent of the next signature
That answer still represents the current situation. If anything, it has been confirmed by newer specifications, e.g. the PAdES specifications referenced in that answer merely were 'technical specifications' (ETSI TS 102 778) and there now are actual norms (ETSI EN 319 142) which also require a pdf signature to sign everything in its revision except its own signature container. Also ISO 32000-2 has been published, still having that requirement for its interoperable signatures and additionally including a shortened copy of the PAdES specification.
You stress "even detached" here. The "detached" in the context at hand only refers to the structure of the CMS container which is embedded in the PDF; it in particular does not refer to the signature being more separated from the PDF or anything like that.
If you don't need to be interoperable, though, there are some options, here two of them which still are quite near to the interoperable signatures:
You can ignore the requirement that a pdf signature must sign everything in its revision except its own signature container.
For example you can prepare multiple signature fields and dictionaries in a single new revision of the document and set each signature's signed byte range to exclude the placeholders of all these signatures.
you can ignore the requirement that there is only a single SignerInfo in the CMS signature container and put SignerInfos from different signing parties into a single signature container in a single signature field.
Common PDF signature validators will,
in case of signatures created as described in the former option, not positively validate, at least most of them,
either because their code is programmed for only two ranges of signed bytes (i.e. a single gap) and so only uses the first two ranges resulting in a wrong document hash;
or because they explicitly require that a signature covers its whole revision minus the single placeholder for the signature container of the signature field being validated; the number of validators of this kind surely has risen since the publication of the "Security of PDF Signatures" master thesis by Karsten Meyer zu Selhausen at the Ruhr-Universität Bochum, see this question.
in case of signatures created as described in the latter option, appear to positively validate, at least many of them, until you look at the validation result in detail and realize that they have validated only one of the SignerInfos and ignored the others.
For example in case of two SignerInfos Adobe Reader validates the second one (I assume it always validates the last one) and eSig DSS validates the first one, and neither one of them currently indicates in the validation result that there may be another SignerInfo present.
A large Swedish security company, for example, implements the second option in its software; in its home brew format PDF/CAdES-A it inserts CAdES-A containers as CMS container in PDFs and allows multiple SignerInfos therein. Obviously, therefore, its own software will recognize and validate all SignerInfos. Nonetheless, this is a home brew solution and not interoperable.
You could use existing software that supports signature workflows - like e.g. we offer at https://www.esignanywhere.net - this software allows to define signature workflows (via API or web user interface). Input can be a PDF document with signature fields as acro form fields, or text placeholders within the PDF. The meta informations defined in eSignAnyWhere allow to assign it to a specific signer. The workflow capabilities allow to define sequential, parallel, or mixed sequential+parallel, signing workflows.

how could i send a document for signature based on rest calls

I am new to echo sign. I want to implement echo sign using REST API. my question is how could i send a document for signature based on rest calls. is there any sample code for sending documents via rest.
There's not much documentation available but you can start from here:
https://secure.echosign.com/public/docs/restapi/v4#!/agreements/
SOAP documentation seems to be better, giving you a better understanding about the required fields, classes, etc. You can take a look at it here but you'll need to be logged in:
https://secure.echosign.com/public/docs/EchoSignDocumentService21
You can also take a look at these implementations:
https://github.com/nsbucky/echosignv3
https://github.com/nsbucky/echosign

OAuth2 w/ Google Client API 1.8.1

I have been using the Google Client API in a .NET web application - but need to update to the latest version (both to use the most recent code but also to lose the need for the DotNetOpenAuth.dll.) The latest version (1.8.1) has a totally redesigned OAuth interface (using google.apis.auth) and I can't seem to even get started w/ it.
Previously I had written code that handled generating an AuthorizationURL (as needed) and creating IAuthenticator and IAuthorizationState objects - storing the refresh token in a sql database as needed. I was also about to retrieve "UserInfo" about the user as needed (once authenticated.)
Now - I'm unclear on how to handle the generation of the AuthURL (do I have to do it 100% manually?) and how/what I need to pass to the BaseClientService.Initializer when working w/ client API (such as Google Drive.)
Also - previously I wrote methods to "store" and "retrieve" credentials from the database - now it seems I would need to write a class based on IDataStore? But I'm not sure if this is even correct (let alone find a decent sample/doc anywhere.)
Finally - it doesn't seem like google.apis.auth handles anything w/ regards to UserInfo - I have to grab google.apis.oauth2 - but that .dll has even LESS documentation/sample code out there.
Any advice on where to start? The google.apis sample code seems decent for performing basic api tasks but all the Oauth2 information is very basic, uses file data storage and seems glossed over.
Thanks!
First of all, take a look at https://developers.google.com/api-client-library/dotnet/guide/aaa_oauth. All the documentation that you might need is there, and if something is missing let us know!
You are right, you already have an implementation of FileDataStore, and we are planning to create EFDataStore as well for the next release.