We need to inject information (i.e. server details from where a signed file
was downloaded) into a signed file, without breaking the signature or
integrity of a signed file. Apparently there are areas and ways to inject
custom information into signed files, however, we cannot find the "how to".
It is needed to inject server source when customer downloads signed files
from a site, allowing the downloaded file to query the information and
returning to source where needed.
3  1468 
The file could perhaps be prepared and signed server side just before the
download ?
Else you could perhaps have in the file some signed resources and some
unsigned one but if this is a monolothic file I doubt this is possible as
precisely the signature allows to guarantee the file as not been updated
since signed...
In which context are you working ? You could also perhaps pass this info as
a param tag or taken from the URL the file comes from if launched directly
from the web...
Sorry for the poor help.
--
Patrice
"wschaub" <ws*****@discus sions.microsoft .com> a écrit dans le message de
news:7E******** *************** ***********@mic rosoft.com... We need to inject information (i.e. server details from where a signed
file was downloaded) into a signed file, without breaking the signature or
integrity of a signed file. Apparently there are areas and ways to inject
custom information into signed files, however, we cannot find the "how
to". It is needed to inject server source when customer downloads signed files
from a site, allowing the downloaded file to query the information and
returning to source where needed.
wschaub wrote: We need to inject information (i.e. server details from where a
signed file was downloaded) into a signed file, without breaking the
signature or integrity of a signed file. Apparently there are areas
and ways to inject custom information into signed files, however, we
Nope. There are no areas that you can use. When an assembly is signed a
hash is taken over all of the assembly except the location where the
signed hash (strong name signature) and the public key will be stored,
and the location where a cerificate will be stored. You should not play
with these.
cannot find the "how to". It is needed to inject server source when
customer downloads signed files from a site, allowing the downloaded
file to query the information and returning to source where needed.
Why does this server information have to be 'injected' in the assembly.
Why can't it be in a separate file? If you want to make sure that such a
file is not corrupted during the download you can sign that file (ie
create a hash and encrypt it with the private key) and add that
signature to your file. When the assembly uses the file it can remove
the signature and decrypt the hash, then calculate the hash of the
remaining data in the file and compare the two. That gives you an
integrity check. My security workshop shows you how to do this.
Richard
-- http://www.grimes.demon.co.uk/workshops/fusionWS.htm http://www.grimes.demon.co.uk/workshops/securityWS.htm
Thanks. Your reference are most helpful.
"Patrice" wrote: The file could perhaps be prepared and signed server side just before the
download ?
Else you could perhaps have in the file some signed resources and some
unsigned one but if this is a monolothic file I doubt this is possible as
precisely the signature allows to guarantee the file as not been updated
since signed...
In which context are you working ? You could also perhaps pass this info as
a param tag or taken from the URL the file comes from if launched directly
from the web...
Sorry for the poor help.
--
Patrice
"wschaub" <ws*****@discus sions.microsoft .com> a écrit dans le message de
news:7E******** *************** ***********@mic rosoft.com... We need to inject information (i.e. server details from where a signed
file was downloaded) into a signed file, without breaking the signature or
integrity of a signed file. Apparently there are areas and ways to inject
custom information into signed files, however, we cannot find the "how
to". It is needed to inject server source when customer downloads signed files
from a site, allowing the downloaded file to query the information and
returning to source where needed.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: George Sakkis |
last post by:
Is there a general way of injecting code into a function, typically
before and/or after the existing code ? I know that for most purposes,
an OO solution, such as the template pattern, is a cleaner way to get
the same effect, but it's not always applicable (e.g. if you have no
control over the design and you are given a function to start with). In
particular, I want to get access to the function's locals() just before
it exits, i.e....
|
by: jacob navia |
last post by:
A signed int can contain up to 2Gig, 2 147 483 648, to be exact.
Since The Mars rovers landed, I have been storing the
photographs in two directories, Spirit and Opportunity. I had
more than 18 000 files in a single directory. Without being
aware of it, I crossed the 2 147 483 648 border last week.
Nothing happens, if you do not attempt to read all files in the directory,
or even worst, copy them to another drive.
|
by: s.subbarayan |
last post by:
Dear all,
I would like to know the easiest efficient way to set or inject a
particular value in the given word or byte?The problem is:
I have to implement a function which will set a value from position
"n" to "n+x" where n and x are passed dynamically,where n is start
position of the bit from which i will be setting a value and x is the
position where I will be finishing the setting.In short it looks like
this:
|
by: Nadav |
last post by:
Hi,
Introduction:
************************************************************
I am working on a project that should encrypt PE files ( Portable executable
), this require me to inject some code to existing PEs.
First, I have tried:
1. to inject some code to the end of the ‘.text’ segment of an existing PE
2. to set the entry point RVA to the address of the injected code
3. at the end of the injected code I have set a jmp to the...
|
by: wschaub |
last post by:
We need to inject information (i.e. server details from where a signed file
was downloaded) into a signed file, without breaking the signature or
integrity of a signed file. Apparently there are areas and ways to inject
custom information into signed files, however, we cannot find the "how to".
It is needed to inject server source when customer downloads signed files
from a site, allowing the downloaded file to query the information and...
| | |
by: lavie |
last post by:
I need to do drag and drop in FF - from the browser into a file. This requires the UniversalXPConnect privilege. I based my solution on the eample to be found at
http://straxus.javadevelopersjournal.com/creating_a_mozillafirefox_drag_and_drop_file_upload_script_p.htm
and
http://straxus.javadevelopersjournal.com/creating_a_mozillafirefox_drag_and_drop_file_upload_script_p_1.htm
Since the pages which require this privilege are dynamic,...
|
by: ofiras |
last post by:
Hii everyone,
I'm a web programmer, but I never understood sql injecting.
All I found was that you can write "a' or 'a'='a" in the password
field to try to connect without knowing the password.
I heard that there are many other ways to do sql injecting, and I
never found how.
I know that you can even manage to get data from sql tables using sql
injecting.
How can it be? How can someone do it?
Please help,
|
by: rh.krish |
last post by:
Hi,
I have a unique situation. We have many applications (approx - 20)
built on .NET framework 1.1 & 2.0 and hosted in one single IIS website
in PROD. We have similar setup in TEST. Now we want to have a banner
indicating that the website being accessed by the user is TEST. This
is because, there are some users who have access to both and sometimes
they do stuffs in PROD which are meant to be done only in TEST. By
displaying somekind of...
|
by: JohnLorac |
last post by:
Hello,
I'm trying to load and write file on local disc drive using signed
javascript file. But I have experienced problem running this url:
jar:http://www.domain.com/secure-scripts/secure.jar!/thepage.html
(sample)
in browser (Firefox) which simply won't work. I can't access to
html file embedded in jar file. My sample applet IO.java together
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
