我想创建一个用Bouncy Castle(版本1.59)实现的signedAndEnvelopedData
(PKCS#7)数据。
在Bouncy城堡中,界面CMSObjectIdentifiers
包括signedAndEnvelopedData
类型。
但是,多次尝试时,无法正确创建。您能否提出一些建议,以下是我的核心实施情况
CMSTypedData msg = (CMSTypedData) new CMSProcessableByteArray(
new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()),
srcMsg.getBytes(charSet));
Store certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner signer = new JcaContentSignerBuilder(
signatureSchema).setProvider("BC").build(privateKey);
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder().setProvider("BC")
.build()).build(signer, cerx509));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(msg, true);
sigData = new CMSSignedData(msg,sigData.getEncoded())
return sigData.getEncoded()
在这里,我将输入数据设置为CMSTypeData
为CMSObjectIdentifiers.data.getId()
CMSTypedData msg = (CMSTypedData) new CMSProcessableByteArray(
new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()),
srcMsg.getBytes(charSet));
CMSTypedData msg = new CMSProcessableByteArray(new ASN1ObjectIdentifier(CMSObjectIdentifiers.signedAndEnvelopedData.getId()),srcMsg.getBytes(charSet));
CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();
JcaAlgorithmParametersConverter paramsConverter = new JcaAlgorithmParametersConverter();
edGen.addRecipientInfoGenerator(
new JceKeyTransRecipientInfoGenerator(cert,paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP,OAEPParameterSpec.DEFAULT))
.setProvider(new BouncyCastleProvider()));
OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES256_CBC)
.setProvider(new BouncyCastleProvider())
.build()
CMSEnvelopedData ed = edGen.generate(msg,encryptor)
encryptedContent = ed.getEncoded()
String result = new String(Base64.encode(ed.getEncoded()));
return result;
在这里,我将输入数据设置为CMSTypedData
为CMSObjectIdentifiers.signedAndEnvelopedData.getId()
CMSTypedData msg = new CMSProcessableByteArray(new ASN1ObjectIdentifier(CMSObjectIdentifiers.signedAndEnvelopedData.getId()),srcMsg.getBytes(charSet));
问题:
SignedAndEnevloped
SignedAndEnevloped
数据?我刚刚写了一个关于使用Bouncy Caslte Provider在XMLSignature(SignedAndEnevloped)中做RSA的演示,请看这篇文章,qazxsw poi
演示代码,
1,https://honwhy.wang/2018/09/07/use-bc-provider-xmlsignature/
也许你必须调整一些线来满足你的要求。