aspose file tools*
The moose likes Security and the fly likes Please help me .....by suggesting a approach Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Please help me .....by suggesting a approach" Watch "Please help me .....by suggesting a approach" New topic
Author

Please help me .....by suggesting a approach

singh gaurav
Ranch Hand

Joined: Mar 28, 2010
Posts: 42

Hai All,
I am writing a simple project on digital signatures implementation using JAVA Technology. The following is the planned steps for implementation of my project
1. web design(form+attachments)
2.we should able to sign HTML form + attachment by a user digital certificate/digital signatura.
3.server should verify the digital certificate/signature.
4.server should send acknowledgement to user
5.adminstrator should be able to view the verified /siginde document+form
by using LA server/Ldap server/java server
Expecting your valuable suggestions
Thanks in advance
Yours Cordially
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42595
    
  65
What do you mean by "signing an HTML form + attachment"? Signing the HTML file? Submitting the form over a secure channel? Something else?

More generally: What is the security objective you're trying to achieve by all of this? What are you trying to guard, and what are you trying to guard against?


Ping & DNS - my free Android networking tools app
singh gaurav
Ranch Hand

Joined: Mar 28, 2010
Posts: 42

Surely i want submitting a form data over a secure chaanel,
My objective is to submitting my form data signed with a digital signatur ,who provides facility to identify the form submitter>. and my server can verify the digital signature and give a acknowledagement to user.
in more generally::
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42595
    
  65
HTML forms have no concept of using a digital signature. But I think TLS/SSL can be set up to require a client certificate.

Can you guarantee that all users who wish to access the web app will have a personal certificate? Because most likely the web app won't be so special that users will go out and get one just to be able to use it.
singh gaurav
Ranch Hand

Joined: Mar 28, 2010
Posts: 42
I sure my web apps client have a certificate, how can i sign their form field and their attachement with user certificate and send back acknowledage to user. how can i set upTLS/SSL to require a client certificate.


can i m able able to setup my web app to sign clients form data with client certificate by using LDAP server!!!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Please help me .....by suggesting a approach