Many customers of mine use a software for doing digital signatures. This software is called Dike and it is provided from the italian chamber of commerce and it interfaces to smart card hardware like this.
Now I would like from my application to do the digital signatures, bypassing the software that does it.
Is it possible to do this in Delphi, did anyone already did it? I would like to add timestamp too.
NOTE FOR BOUNTY:
I don't know how this is important outside of Italy, anyway in Italy there is a law that requires that certain documents are stored with particular rules. TO implmemetn this it is mandatory to digital sign and put a time stamp on the file (pfd files).
Basically I ask "is it there anyonw that already imlpemented this in Delphi and found a succesful way. Can you share your results?".
Basically there is a million of USB smartcard readers, I don't want to start supporting million of drivers in my application (I write an app that is in part a document management system), if there were seomthing like TWAIN is there for image scanner it would be great.
I could also accept the limitation to link to a specific hardware, so I can say if you want this feature you must buy this hardware, I don't want to support all the existing hardware or timestamp/digital signatures web services.
So what I am looking for is Time Stamp and Digital Signature for pdf files for Delphi 1-0-1. I hope I expressed my self if not please ask.
Our SecureBlackbox product provides full scope of PKI functionality including signing and timestamping data using CMS and CAdES formats and certificates can be located on PKCS#11-compatible smartcards. If you are looking for PDF signing and timestamping, then SecureBlackbox supports them as well (via PAdES standard).
SecureBlackbox is available for Delphi 4 to XE2 and supports 64-bit Windows.
We have clients form Italy who do exactly what you need.
You mays also look at Gnostice PDFToolkit VCL wich allow you to "edit, secure, merge, split, view, digitally sign PDF documents".
with signtool:
c:\BinPath\signtool.exe sign /f c:\BinPath\Mypfxfile.pfx /p MyPassword
/t http:// timestamp.verisign.com/scripts/timstamp.dll c:\BinPath\Project1.exe
Related
After deploying build for my iOS app on TestFlight, Apple was asking me to fill "Export Compliance Information" with the following question:
Does your app use encryption?
Select Yes even if your app only uses the
standard encryption within Apple’s operating system.
I've searched little bit for an answer here on StackOverflow but my case is little bit specific and haven't found clear answer for my case yet.
I am using https to connect to the server.
I am using Apple Keychain to store user credentials.
I am using encryption on backend to encrypt/decrypt secret file and send decrypted content in response when my app is making an https request (so for this case my app does not use encryption directly).
I assume the answer to the first question is Yes. Definitely because Apple Keychain itself uses encryption.
If I select yes I get to the next question:
Does your app qualify for any of the exemptions provided in Category 5,
Part 2 of the U.S. Export Administration Regulations?
Make sure that your app meets the criteria of the exemption listed below.
You are responsible for the proper classification of your product.
Incorrectly classifying your app may lead to you being in violation of
U.S. export laws and could make you subject to penalties,
including your app being removed from the App Store.
You can select Yes for this question if the encryption of your app is:
(a) Specially designed for medical end-use
(b) Limited to intellectual property and copyright protection
(c) Limited to authentication, digital signature, or the decryption of data or files
(d) Specially designed and limited for banking use or “money transactions”; or
(e) Limited to “fixed” data compression or coding techniques
You can also select Yes if your app meets the descriptions provided in Note 4 for Category 5, Part 2 of the U.S. Export Administration Regulations.
I assume I my app is c))
(c) Limited to authentication, digital signature, or the decryption of data or files
Therefore the answer to this would be also yes.
However I am not sure about this and would like to know your opinion, ideally with a short explanation.
Thanks.
PS: I am including useful links which helped me on how to submit a Self Classification Report:
https://kitefaster.com/2017/08/10/encryption-export-compliance-ios-apps
https://simonfairbairn.com/bis-year-end-self-classification-report
The rules regarding a TestFlight app is slightly different from a "real" AppStore release, but the procedure is pretty similar.
As you said, the first question asks “Does your app use encryption?"
Here you should select "Yes" even if your app only uses the standard encryption in iOS and macOS / XCode.
Basically:
Use of encryption in this case includes, but is not limited to:
Making calls over secure channels (i.e. HTTPS, SSL, and so on).
Using standard encryption algorithms.
Using crypto functionality from other sources such as iOS or macOS.
Using proprietary or non-standard encryption algorithms.
The U.S. Government defines "non-standard cryptography" as any implementation of "cryptography" involving the incorporation or use of proprietary or unpublished cryptographic functionality, including encryption algorithms or protocols that have not been adopted or approved by a duly recognized international standards body.
Does your app qualify for any of the exemptions provided in Category 5,
Part 2 of the U.S. Export Administration Regulations?
As you said, option C is most often adequate and the correct choice if you don't use any proprietary or non-standard algorithms.
By the way, here's a link to that "Note 4 for Category 5" that they mention.
When you submit a final version of your app to the actual App Store, you will be required to answer these questions again in App Store Connect.
Determine your Export Compliance Requirements, blah, blah...
Basically, you can say yes in the following scenarios:
Select "Yes" for this question if the encryption of your app is:
a. Specially designed for medical end-use
b. Limited to intellectual property and copyright protection
c. Limited to authentication, digital signature, or the decryption of data or files
d. Specially designed and limited for banking use or “money transactions”; or
e. Limited to “fixed” data compression or coding techniques
It's usually no problems from here on, as long as you pass the internal testing etc.
Just follow the prompts when exporting / distributing to App Store.
Remember to update your Xcode settings for your build.
By the way: Consult an attorney for legal guidance if in doubt! This is only my understanding of the process.
This is from Apple's article about Complying with Encryption Export Regulations
Typically, the use of encryption that’s built into the operating
system—for example, when your app makes HTTPS connections using
URLSession—is exempt from export documentation upload requirements,
whereas the use of proprietary encryption is not. To determine whether
your use of encryption is considered exempt, see Determine your export
compliance requirements.
The big thing from this quote I noticed is the term "proprietary" and the fact that HTTPS is now exempt from regulation. I believe that this also means that keychain should also not be included in this, because it is public encryption to my knowledge.
But I am very uneasy to say that the encryption you use in the app's backend is safe from the regulation givin that it could be considered as proprietary and could be considered an extension of your app, not a separate entity. Historically Apple is very willing to take down apps that they don't believe to follow their guidelines. Here is a great stack overflow question and a Reddit link you should read through to be safe the stack overflow answer seems to be very thorough. Stack Overflow and Reddit.
Sorry I couldn't help you with the third point about your backend's encryption. I hope you can find some answers that I didn't see in the links I provided though.
We are developing an Application which runs on various plattforms (Windows, Windows RT, MacOSX, iOS, Android).
The Problem is how to manage the different localizations on the different Platforms in an Easy Way. The Language Files on the different platforms have various formats (some are xml based, others are simple key-value pairs and others are totally crazy formats like on MacOS)
I'm sure, we aren't the first company with this problem, but I wasn't able to find an easy to use solution o achive the possibility to have one "datasource" where the strings are collected in different languages (the best would be an User Interface for the translators) and then can export it to the different formats for the different platforms.
Does anybody has a solution for this problem?
Greetings
Alexander
I recommend using GNU Gettext toolchain for management and at runtime use either
some alternate implementation for runtime reading like Boost.Locale,
own implementation (the .mo format is pretty trivial) or
use Translate Toolkit to convert the message catalogs to some other format of your liking.
You can't use the libintl component of GNU Gettext, because it is licensed under LGPL and terms of both Apple AppStore and Windows Live Store are incompatible with that license. But it is really trivial to reimplement the bit you need at runtime.
The Translate Toolkit actually reimplements all or most of GNU Gettext and supports many additional localization formats, but the Gettext .po format has most free tools for it (e.g. poedit for local editing and Weblate for online editing) so I recommend sticking with it anyway. And read the GNU Gettext manual, it describes the intended process and rationale behind it well.
I have quite good experience with the toolchain. The Translate Toolkit is easy to script when you need some special processing like extracting translatable strings from your custom resource files and Weblate is easy to use for your translators, especially when you rely on business partners and testers in various countries for most translations like we do.
Translate Toolkit also supports extracting translatable strings from HTML, so the same process can be used for translating your web site.
I did a project for iPhone and Android which had many translations and I think I have exactly the solution you're looking for.
The way I solved it was to put all translation texts in an Excel spreadsheet and use a VBA macro to generate the .string and .xml translation files from there. You can download my example Excel sheet plus VBA macro here:
http://members.home.nl/bas.de.reuver/files/multilanguage.zip
Just recently I've also added preliminary Visual Studio .resx output, although that's untested.
edit:
btw also my javascript xcode/eclipse converter might be of use..
you can store your translations on https://l10n.ws and get it via they API
Disclaimer: I am the CTO and Co-Founder at Tethras, but will try to answer this in a way that is not just "Use our service".
As loldop points out above, you really need to normalize your content across all platforms if you want to have a one-stop solution for managing your localized content. This can be a lot of work, and would require much coding and scripting and calling of various tools from the different SDKs to arrive at a common format that would service the localization needs of all the various file formats you need to support. The length and complexity of my previous sentence is inversely proportional to the amount of work you would need to do to arrive at a favorable solution for all of this.
At Tethras, we have built a platform that alleviates the need for multi-platform software publishers to have to do this. We support all of the native formats from the platforms you list above, and can leverage translations from one file format to another. For example, translate the content in Localizable.strings from your iOS app into a number of languages, then upload your equivalent strings.xml file from Android or foo.resx from Windows RT to the system, and it will leverage translations for you automatically. Any untranslated strings will be flagged and you can order updates for these strings.
In effect, Tethras is a CMS for localized content across many different native files formats.
I am trying to find the document that specifies the standard for pthreads. I've seen various links which point to IEEE 1003.1c-1995 (i.e. Wikipedia or OpenGroup). However when I searched for this document on the IEEE standards site I eventually found this page which said "Superseded Standard."
The IEEE page for 1003.1c-1995 did have a note that said: "Abstract not available. See ISO/IEC 9945-1." Searching for that on Google led me to a page for ISO/IEC 9945-1:1996 but the status said "withdrawn."
So my question is what is the current active standard for pthreads? Even better would be if there was a link to a free version of the standard, but it looks like most of the links I've seen for standards cost money. But I figure if I can find out the actual standard then I might try to see if I can access it through my school's library. But first I want to know what document I should be looking for.
I believe you want ISO/IEC/IEEE 9945:2009 as it is newer than ISO/IEC 9945-1:1996 , which was revised ISO/IEC 9945-1:2003 and ISO/IEC/IEEE 9945:2009 revised that.
The following POSIX FAQ provides additional information, specifically relevant Q4. Where can I download the 1003.1 standard from? and includes links to a free HTML online version that requires registration here.
There is understandably a lot of confusion around the relevant standards. We have:
ISO/IEC 9945
IEEE 1003.1
POSIX.1
Single Unix Specification
The Open Group Base Specifications
Possibly others
Why so many different standards? I'm sure it's mostly historical. At one point some or all of these standards might have referred to their own thing. But the simplest answer is that, today, all of these specifications are now just different names for the same thing*. Here is the opening sentence from the online version of The Open Group Base Specifications, Issue 7:
POSIX.1-2008 is simultaneously IEEE Std 1003.1™-2008 and The Open Group Technical Standard Base Specifications, Issue 7
Some of the standards bodies do not provide free or registration-free access to their copies of the standard. However, The Open Group does allow free (and registration-free) access to the current issue of their online copy.
*The Single Unix Specification may not be exactly the same; it seems it contains everything in POSIX, plus the X/Open Curses standard.
I am looking for SDKs which can do finger print matching. Rest of my code is mostly in C so I prefer if the SDK has C API's. Also it would be great if the SDK is free. Does anybody has experience with these SDKs and recommend any particular SDK? Also, while looking in these SDK what are the important features I should concentrate?
I've used two SDKs in the past, but only as a C# developer. Both the SDKs below say that they support C:
Griaule Fingerprint SDK (requires paid-for license)
Digital Persona OneTouch (free sdk)
A quick summary of features to consider:
Are you verifying that a fingerprint matches that of a known user, or identifying a user from a single fingerprint?
The Griaule SDK implements both Verify and Identify patterns.
DigitalPersona's free SDK only supports Verify - to Identify, you have to loop through all the fingerprints in your database and see which one matches best. They state that this is 'inefficient', but if you have very few users (< 200), it seems quick enough.
Adjustment of discrimination sensitivity (false positives/false negatives)
Balance up how closely a print must be identified. A high sensitity may cause a legitimate user's prints to be rejected, but a low sensitivity may match one users' prints to the wrong user. Assess the impact of each case and code accordingly.
The deployment overheads differed - the DP components came with a merge module, but I only recall seeing standalone installs for Griaule.
What fingerprint capture devices are you intending to support? Check very carefully that the SDK will support yours!
Check the licensing terms very carefully the Griaule costs can be substantial based on the number of clients you expect to roll out to.
The Griaule SDK required a license file be deployed, both on client and server.
DP (free edition) did not.
The .NET DP SDK came with a visually pretty, and easy to use, fingerprint registration dialog, but the version I downloaded (v1.4.0) had a bug with the fingerprint capture component taking up to 10 seconds to initialise. I don't know if this has been resolved yet. However, it was straightforward to code a bespoke UI.
Overall, I favoured the DP SDK, but it was a close-run thing. Basically, being license-free and better documented suited me more.
You can use Innovatrics IDKit PC SDK. You can get a free version for 6 months. This provides a C API as well as a C# API. I have been extremely impressed with this package.
If your platform is not a PC, there are packages for other platforms as well.
This is very useful with detail information about fingerprint integration with windows based software: http://www.codeproject.com/Articles/38881/Fingerprint-Reader-Integration-using-the-M-SYS-SDK This integration was using this fingerprint sdk. It solves problems with low level free sdks and also supports other biometric modality.
This is a really simple question, but the answer is really complicated. Most of the Free or at least royalty free matching SDKs are tied to a vendors fingerprint scanner. If you are wanting to use one of those SDKs you will have to commit to their scanners.
The next question is how is the software going to be used. Fingerprint matcher tend to fall into one of two categories, 1 to 1 or 1 to N. 1 to 1 is assuming you know who the user is and you want to just VERIFY their identity with a fingerprint. 1 to N searches through a database of users and finds them by their fingerprint. Depending on the size of your user population, if you are doing 1 to N you may need to confirm the performance of the algorithm first to ensure it will meet your needs.
The other option that you have is there are fingerprint scanners that do what is known as match on device. These scanners have embedded matching algorithms and databases that do all the work for you. You get all the licenses you need when you buy the fingerprint sensor. These are really useful in embedded applications.
I'm building a new web-based product. The problem is that many clients have specific printers to print specific documents. Just think reports,barcodes,invoices etc. All on a special printer with the right paper etc...
Usually when printing from the web you cannot make the software choose a printer or change the settings. However it's just that that I want to do.
I want to print without a dialog. And enter the printer + settings with my software
The only solution I know of now is the commercial version of acrobat that has some javascript printing support..
Does anyone know of any other alternatives ?
Thanks in advance !
small-medium business
No heavy installion but common stuff is ok
ie. flash/silverlight/acrobat/whatever is possible
I generate what is necessary for printing (PDF/Tiff etc)
Who are your customers -- enterprises or SOHO? Are you generating PDFs? Or, raw tiffs? If you are generating PDFs there is something called a JDF file where you can specify the print settings to your heart's content. The flip side is the device needs to be capable of understanding JDFs. You can then attach the JDF with the PDF as a mime package. If you are generating tiffs, I think there isn't much need of printer settings except for the correct device profile(s) to be installed.
Because of security reasons, you cannot control that from within the browser.
If I where in your shoes, I'd create a small program for my clients to install, registering a specific file extension to this program and creating files in this format on the website, and have the program do the printing for me.
Your easy choices are either PDF or Microsoft's Reporting/Report Viewer