[prev in list] [next in list] [prev in thread] [next in thread]
List: bouncycastle-crypto-dev
Subject: [dev-crypto] Re: Generating PKCS7 signature for S/MIME Signing
From: champak <champak.83 () gmail ! com>
Date: 2011-11-15 9:52:34
Message-ID: 1321350754418-4042384.post () n4 ! nabble ! com
[Download RAW message or body]
Hello Valentina,
I have followed the below link also to generate a PKCS7.
http://stackoverflow.com/questions/5167174/problems-with-pkcs7-file-validation
http://stackoverflow.com/questions/5167174/problems-with-pkcs7-file-validation
Below is the code that I have followed.
Sorry for the poor formatting.
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import sun.security.pkcs.ContentInfo;
import sun.security.pkcs.PKCS7;
import sun.security.pkcs.PKCS9Attribute;
import sun.security.pkcs.PKCS9Attributes;
import sun.security.pkcs.SignerInfo;
import sun.security.util.DerValue;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X500Name;
public class FirmaSun {
/* * @param keyStore KeyStore Keystore that have got the certificate
to sign
* @param alias Name of certificate to sign, into the keystore
* @param datos byte to sign
* @return String bytes that contains the PKCS7 created
*/
public static OutputStream firmar(KeyStore keyStore, String alias, byte[]
datos) {
OutputStream salida = new ByteArrayOutputStream();
String digestAlgorithm = "SHA1";
String signingAlgorithm = "SHA1withRSA";
PrivateKey priv = null;
X509Certificate x509 = null;
try {
AlgorithmId[] digestAlgorithmIds = new
AlgorithmId[]{AlgorithmId.get(digestAlgorithm)};
MessageDigest md = MessageDigest.getInstance(digestAlgorithm);
md.update(datos);
byte[] digestedContent = md.digest();
PKCS9Attribute[] authenticatedAttributeList = {
new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID,
ContentInfo.DATA_OID),
new PKCS9Attribute(PKCS9Attribute.SIGNING_TIME_OID, new
java.util.Date()),
new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID,
digestedContent)
};
PKCS9Attributes authenticatedAttributes = new
PKCS9Attributes(authenticatedAttributeList); x509 =
(X509Certificate) keyStore.getCertificateChain(alias)[0];
/* priv = (PrivateKey) keyStore.getKey(alias, null);
Signature signer = Signature.getInstance(signingAlgorithm);
signer.initSign(priv);
signer.update(authenticatedAttributes.getDerEncoding()); */
*<The above commented code is the original one. The below byte array is the
byte array returned value from the sign function of third party library >*
byte[] signedAttributes =* <the output of sign function of third party
API.>* //signer.sign();
ContentInfo contentInfo = null;
contentInfo = new ContentInfo(ContentInfo.DATA_OID, new
DerValue(DerValue.tag_OctetString, datos));
*The certficate is again obtained from the third party provider that is used
for signing *
X509Certificate[] certificates = {x509};
java.math.BigInteger serial = x509.getSerialNumber();
SignerInfo si = new SignerInfo(new
X500Name(x509.getIssuerDN().getName()),serial,
AlgorithmId.getAlgorithmId(digestAlgorithm),authenticatedAttributes,
new AlgogorithmId(AlgorithmId.RSAEncryption_oid), signedAttributes,
null);
SignerInfo[] signerInfos = {si};
PKCS7 p7 = new PKCS7( digestAlgorithmIds,
contentInfo,certificates,signerInfos);
p7.encodeSignedData(salida);
//only for test the verify method
try {
p7.verify();
}
catch (Exception e) {
System.out.println("Error en validacion:" + e.getMessage());
e.printStackTrace();
}
} catch (Exception ex) {
ex.printStackTrace();
return null;
}
return salida;
}
}
--
View this message in context: \
http://bouncy-castle.1462172.n4.nabble.com/Generating-PKCS7-signature-for-S-MIME-Signing-tp4030690p4042384.html
Sent from the Bouncy Castle - Dev mailing list archive at Nabble.com.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic