Verify PDF digital signature - itext

I am building a restful service that verify digital signature, Is there a way to verify without sending the whole PDF file to the service ?

Related

Recording full https session and veryfication of recorded sessions [duplicate]

Is there any way that I can create a proof of a file downloaded using https? With proof I mean a cryptographic record of some sort that links the contents of a file to a site at a certain time. If I understand TLS correctly, the server certificate is only used as a basis to establish a session key that is known to both parties, so each request is not signed but just encrypted for transfer. Any ideas if this can be done and if so how?
In HTTPS the certificate is only used for authentication and with the obsolete RSA key exchange also for key exchange. Application data are only protected against modification by some man in the middle but they are not signed by the sender. While a HTTP server could be explicitly implemented to sign and timestamp the content, one can not enforce such operation against an arbitrary existing server.
For more see
Where in a TLS connection can I get the signature of the content sent by the server?
Why does HTTPS not support non-repudiation?
How to prove some server sent some file over HTTPS
Proving authenticity of data accessed over TLS by an untrusted third party

How to generate a digital certificate (for signing documents) if no validated authority exists in my country?

I want to generate a digital certificate for signature and authentication to sign a document, but I couldn't find any validated authority in my country that delivers digital certificates. In such a case, is there any way (website) to generate this type of certificates?
Thanks
You can create self signed certificate as described for example here How to generate a self-signed SSL certificate using OpenSSL?. Downside is that the Adobe Reader shows the signature invalid as by default it is not trusted.
You can also buy the "Document Signing Certificate" from any trust service provider. You will get USB crypto token with that. In this case Adobe Reader will show the signature valid.

How do I add CA certificate in fiddler requests or Postman requests?

I have created a couple of API's and now I have to test them using Fiddler or any certificate friendly tools. The requests which are not having valid certificate must be rejected by the server.
Certificate Background
Here are the two certificate's issues by CA
I have one intermediate public certificate entitled as
MyIntermediate.cer
I have a private certificate for each device which will request my API to fetch data.
I have uploaded public certificate - MyIntermediate.cer to server [Azure APIM]
Now to test the API's, I have to use some tools like Fiddler or Postman or any other tool which supports certificate upload/reading from store
I do not see any options in these tools to upload or read from windows store. Here I need help
I see settings in postman but it seems like not for CA certificates because I do not have key file.
APIM Details
Azure API manager is the service provided by Microsoft. All the request will be processed by APIM. I have uploaded MyIntermediate.cer public certificate to APIM. So, to call GetCustomer someone has to have certificate which is trusted by MyIntermediate.cer.
You need to have "private certificate for each device" along with it's password (if it was saved with one) to make an authenticated call. If you want to rely on APIM's ability to validate certificate chain then you'll indeed need to upload intermediate certificate, and possible root certificate as well if it's not one of the public ones.

Where to find issuer certificate

I'm using OpenSSO 8 which I haven't configured myself. It's fully configured and without any problems. My problem is that I need to find the issuer certificate used to validate digital signatures on the SAML credentials. Can you tell me where should I look for it?
You usually get the certificate in the metadata. Here is a link on how to exchange the metadata from OpenSSO
The certificates are actually stored in opensso/opensso folder and can be exported using keytool

soapui soap digital signature

I need to digitally sign a soap message in a client. A PEM file with both private key and certificate has been given to me. I thought to test with SoapUI.
Configuration for signature is done OK in Outgoing WS Security configuration - see the picture, as well, pem is added OK in Keystore/Certificate tab, but the soap message sent to a service is not signed.
Does anybody know how to solve this problem?
In your SOAP Request TestStep you have a tab called Aut. (First tab on the left)
There you have to add your Outgoing WSS Configuration.
See screenshot: