我想使用PKCS7容器在PDF文件中创建分离的签名。数据(哈希)已预先使用私钥在其他设备上签名。我想创建一个包含签名数据以及带有公钥的证书的PKCS7。如果没有提供私钥并使库对数据进行签名,我似乎无法创建带有弹力城堡的PKCS7。这似乎不起作用:
InputStream inStream = new FileInputStream("1_public.pem");
BufferedInputStream bis = new BufferedInputStream( inStream );
CertificateFactory cf = CertificateFactory.getInstance("X.509");
List<Certificate> certList = new ArrayList<Certificate>();
Certificate certificate = cf.generateCertificate(bis);
certList.add(certificate);
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addCertificates( certs );
CMSProcessableInputStream msg = new CMSProcessableInputStream( new ByteArrayInputStream( "signedhash".getBytes() ) );
CMSSignedData signedData = gen.generate(msg, false);
byte[] pkcs7 = signedData.getEncoded() ) );