I have having difficulties protecting my blackberry application persistent data with ControlledAccess object.
According to http://www.blackberry.com/developers/docs/4.5.0api/net/rim/device/api/system/PersistentObject.html, I need a PersistentObject, CodeSignKey, and ControlledAccess objects to work. I have everything except one piece:
CodeSignKey codeSigningKey = CodeSigningKey.get( "ACME" );
here, I don't know what to replace for "ACME". Is this the PIN code I chose as I filled out the Code Sign Key? Is it my package name, output file name?
The Blackberry API documentation doesn't seem to say anything about this particularly important parameter.
Help please, thanks.
You'll want to create your own key using the BlackBerry Signing Authority Tool. See this KB article for the full details.
Related
My apologies if this has been answered already. I cannot find it and I'm very new to the GooglePlaces API for iOS.
Question: How do I get a place's description using the Places API and display on an iOS app?
I'm not sure if this is even possible but I'd like to find out. Please see the attached image as to what I mean by place "description."
Google Place Description Example
You have to make Place Details request which is an HTTP URL of the following form with required parameter:
https://maps.googleapis.com/maps/api/place/details/json?placeid=ChIJN1t_tDeuEmsRUsoyG83frY4&key=YOUR_API_KEY
key (YOUR_API_KEY) — Your application's API key. This key identifies your application for purposes of quota management and so that places added from your application are made immediately available to your app.
placeid (ChIJN1t_tDeuEmsRUsoyG83frY4) — A textual identifier that uniquely identifies a place, returned from a Place Search. For more information about place IDs, see the place ID overview.
OR
reference — A textual identifier that uniquely identifies a place, returned from a Place Search.
You can request output in JSON or XML format;
All above info from below site, please go through it:
https://developers.google.com/places/web-service/details
I maintain a store of encrypted data I would like to expose to other applications. Right now the data requires a passcode to unlock/decrypt that data.
The document provider extension I created so far doesn't seem to be loading (I checked the certificates) and I can't expose that to the other apps.
Are there any examples of how to do this?
I've already looked at the official documentation, the Git repository of various team members of Xamarin, and all the other general sources.
Are there any special gotcha's I need to address and may be missing?
This should give you a good start : https://forums.xamarin.com/discussion/16071/encryption-decryption-in-xamarin
And to get a complete working solution. Refer the Kinder Chat app.
https://github.com/xamarin/KinderChat
Hope that helps
for some research at work I have to understand how to generate the X-Apple-ActionSignature which can be found in HTTP-Headers e.g. of iTunes-traffic. I've read that it can be found in other Mac OS X and iOS specific network traffic, too.
What I've found so far is that iTunes sends a GET request to
https://init.itunes.apple.com/WebObjects/MZInit.woa/wa/signSapSetupCert
In the response a plist is appended which has a key 'sign-sap-setup-cert' containing probably a certificate. After that a POST request contains 'sign-sap-setup-buffer' and is sent to
https://play.itunes.apple.com/WebObjects/MZPlay.woa/wa/signSapSetup
The response has again 'sign-sap-setup-buffer' in the data segment and after that every other request contains a X-Apple-ActionSignature. However I can not find out how to generate this. Is someone able to help me?
Looking at this Twitter thread, it seems that "X-Apple-ActionSignature" is some kind of proprietary signature or metrics posts generated and/or used by FairPlay.
It's not something that Apple has documented publicly, nor do they make it easy to figure out how to generate or spoof (even if for non-malicious purposes like research).
Your best bet is to contact Apple directly (e.g. via a Technical Support Incident or TSI) and tell them exactly what you are doing and the big picture of why you are doing this, and if you are lucky the Developer Technical Support person will connect up with the right people in Apple Engineering to give you the answers you need.
I am trying to build a web based flash application. I am quite new to flash. I would like to develop it in two forms - demo and paid version. For this application to act as a paid version I need to have some kind of serial key. In order to achieve this I googled and came across something like this
MD5(MD5(thisuri)+thisuri)
I think 'thisuri' points to the current url page but I don't know how to get that url and I don't know whether '+' acts as a character or an operator.
Can you please help me?
It seems that a library exists in AS3.0 : as3corelib
An ActionScript 3 Library that contains a number of classes and utilities for working with ActionScript? 3. These include classes for MD5 and SHA 1 hashing, Image encoders, and JSON serialization as well as general String, Number and Date APIs.
To use it, just download the zip file, decompress it and copy the contents of "src" directory to the root of your project.
Then in your actionscript code, simply do the following :
import com.adobe.crypto.MD5;
var hash:String = MD5.hash(”test”);
source in french
To add to #Julien's recommendation of using as3corelib, you will also need the advice from this post to get the current url: Get Current Browser URL - ActionScript 3
Somehow I think there's a more elegant way to get the url, but I don't remember it.
While this may provide you with some basic check for the paid version, a determined hacker will easily fool this algorithm. For example, I could fool the environment into thinking that its being served from a domain that you've registered as part of the "paid" version. Also, since the client has the flash code, they can decompile the binary and potentially see the algorithm you're using. Depending on what you're offering in the app, this extreme case may or may not be acceptable to you.
Look into more secure authentication mechanisms if you're serious about security.
Recently I was assigned an iOS project, where I need to digitally sign a pdf document using a key that the application will download from a server.
I don't yet have a clear idea of the process involved in signing documents, what I know until now is that I will be signing my pdf using a private key file provided to me, and then the verification will be done using the public key version of the same file.
I have seen that digital sign can be achieved using libraries like iText for Java or iTextSharp for C#. That's why I would like to know if there is something similar for iOS?. And if not, what would be the process to achieve this using Quartz abilities to manage pdf documents?
Well... I have been checking the Apple docs, and I found this:
https://developer.apple.com/documentation/security/certificate_key_and_trust_services
I think this is supposed to support the X.509 format... which I could use to sign the pdf as an instance os CFData I guess. Also I have been checking the CryptoExercise sample code, but I am not 100% sure if this is what I am looking for.
Other suggestions have told me to check Adobe documentation, but haven't found yet a C api to sign documents using certificates.
If somebody has used the certificate services provided by Apple... it would be great any suggestion or more sample codes to understand the process.
Pablo,
signing PDF documents is a tough task (my company is doing this in the windows world in Pascal).
In general, I can tell you that you probably will not find usable source code you can just incorporate into you project. To see how it is done, the iText source is a good starting point, cause everything is in there.
In objective-c you are on the right path. Using X.509 certificates with functions like SecKeyRawSign is the right way (cause the actual given paddings are to old, you need to create your own padding for supporting e.g. SHA256. You can see here, how this is done: What is the difference between the different padding types on iOS?).
The 'dataToSign' is nothing else than the hash of PDF Content (e.g. SHA256) you want to sign.
To find out which part of the PDF source you have to sign exactly, you must check the adobe PDF 1.6 documentation, or do some searches in groups talking about that. It makes no difference in which language you are going to sign the PDF.
In the end, you will embed the signature and some information about the signature in the predefined portion of the PDF document (look out to not break the valid hash by doing that ;) ) and it could be seen and verified with any other PDF signature/verification software.
I'm sorry that I can't provide you with relevant code, but you'll find enough samples around the X.509 certificates - e.g. creating a SSL/SSH connection. And if you search for SecKeyRawSign, you'll even find some samples for signing (at least with other patterns). That's all you need, if you find the PDF Syntax for taking the content portion to sign and to embed the signature into the final PDF.
I hope this was of help for you
Jimmy