[prev in list] [next in list] [prev in thread] [next in thread]
List: bouncycastle-crypto-dev
Subject: Re: [dev-crypto] Custom Signature object - SOLVED!
From: pippo baudo <dottzero () yahoo ! com>
Date: 2011-06-13 13:50:29
Message-ID: 672307.16639.qm () web130102 ! mail ! mud ! yahoo ! com
[Download RAW message or body]
The problem was inside the Signature object.
As usual, bouncycastle has been able to help me: I found the solution inside the
library's source code.
I had to change the code as follows:
8x-----------------------------------
byte[] toSign = new DigestInfo(
new AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1),
DigestUtils.sha(attributeTableBytes)).getEncoded();
AsymmetricBlockCipher cipher = new PKCS1Encoding(new RSABlindedEngine());
CipherParameters param = generatePrivateKeyParameter((RSAPrivateKey)privKey);
cipher.init(true, param);
return cipher.processBlock(hash, 0, hash.length);
8x-----------------------------------
Regards,
Massimiliano
----- Original Message ----
From: pippo baudo <dottzero@yahoo.com>
To: dev-crypto@bouncycastle.org
Sent: Mon, June 13, 2011 11:30:20 AM
Subject: [dev-crypto] Custom Signature object
Hi All.
For one project I'm following lately I'm implementing my own SignatureSpi
implementation.
That involves the creation of three different objects:
1) MySignature extends SignatureSpi
2) MyPrivateKey implements RSAPrivateKey
3) MyProvider extends Provider
Inside MySignature I've implemented the sign() method.
As far as I know, the bytes I get to sign are an attribute table, so I've
implemented my sign method this way:
byte[] toSign = new DigestInfo(new
AlgorithmIdentifier(X509ObjectIdentifiers.id_SHA1),
DigestUtils.sha(attributeTableBytes)).getEncoded();
Cipher cipher = Cipher.getInstance("RSA", new
BouncyCastleProvider());
cipher.init(Cipher.ENCRYPT_MODE, privKey, new SecureRandom());
return cipher.doFinal(hash);
I call the signature this way:
CMSSignedDataStreamGenerator gen = new CMSSignedDataStreamGenerator();
...
gen.addCertificatesAndCRLs(certstore);
gen.addSigner(new MyPrivateKey(), cert,
OIWObjectIdentifiers.idSHA1.getId(), new
DefaultSignedAttributeTableGenerator(),
null, new MyProvider());
OutputStream sigOut = new java.io.BufferedOutputStream(gen.open(new
FileOutputStream("/tmp/test1.p7m"), true));
sigOut.write("Hello".getBytes());
sigOut.flush();
sigOut.close();
However, while the produced P7M is correct, the signature verification always
fails.
What do I do wrong?
I think the problem is inside the sign method, however, I really don't know
what's wrong...
Thank you in advance!!
Regards,
Massimiliano
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic