Tho*_*ven 5 java rsa bouncycastle digital-signature pkcs#7
我有一个X509CertificateObject,一个匹配的RSAPublicKey,并设法创建一个包含某个消息对象的有效数字证书的字节数组,也作为一个字节数组.
不幸的是,我构建的系统只接受CMSSignedData对象作为输入.如何将基本构建块转换为这样的有效CMSSignedData对象?
背景:我正在尝试根据这个例子的 Java Bouncy Castle RSA盲签名(摘要是SHA512)并且需要将结果提供给标准签名处理.
首先,您可能需要使用私钥对数据进行签名。这个想法是签名应该是只有你才能创建的东西。一个你知道其余的应该如下:
X509Certificate signingCertificate = getSigningCertificate();
//The chain of certificates that issued your signing certificate and so on
Collection<X509Certificate> certificateChain = getCertificateChain();
PrivateKey pk = getPrivateKey();
byte[] message = "SomeMessage".getBytes();
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
certificateChain.add(signingCertificate);
generator.addCertificates(new CollectionStore(certificateChain));
JcaDigestCalculatorProviderBuilder jcaDigestProvider = new JcaDigestCalculatorProviderBuilder();
jcaDigestProvider.setProvider(new BouncyCastleProvider());
JcaSignerInfoGeneratorBuilder singerInfoGenerator = new JcaSignerInfoGeneratorBuilder(jcaDigestProvider.build());
AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1withRSA");
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
AsymmetricKeyParameter privateKeyParam = PrivateKeyFactory.createKey(pk.getEncoded());
ContentSigner cs = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyParam);
SignerInfoGenerator sig = singerInfoGenerator.build(cs, signingCertificate);
generator.addSignerInfoGenerator(sig);
CMSSignedData data = generator.generate(new CMSProcessableByteArray(message), true);
| 归档时间: |
|
| 查看次数: |
1479 次 |
| 最近记录: |