Bouncy Castle - 如何使用Bouncy Castle实现签名和包含的数据

问题描述 投票:2回答:1

我想创建一个用Bouncy Castle(版本1.59)实现的signedAndEnvelopedData(PKCS#7)数据。

在Bouncy城​​堡中,界面CMSObjectIdentifiers包括signedAndEnvelopedData类型。

但是,多次尝试时,无法正确创建。您能否提出一些建议,以下是我的核心实施情况

  1. 首先签署数据
CMSTypedData msg = (CMSTypedData) new CMSProcessableByteArray(
        new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()),
        srcMsg.getBytes(charSet));

Store certs = new JcaCertStore(certList);

CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner signer = new JcaContentSignerBuilder(
        signatureSchema).setProvider("BC").build(privateKey);

gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
        new JcaDigestCalculatorProviderBuilder().setProvider("BC")
                .build()).build(signer, cerx509));

gen.addCertificates(certs);

CMSSignedData sigData = gen.generate(msg, true);
sigData = new CMSSignedData(msg,sigData.getEncoded())

return sigData.getEncoded()

在这里,我将输入数据设置为CMSTypeDataCMSObjectIdentifiers.data.getId()

CMSTypedData msg = (CMSTypedData) new CMSProcessableByteArray(
                new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()),
                srcMsg.getBytes(charSet)); 
  1. 签名数据的输出将用作包络的输入
CMSTypedData msg = new CMSProcessableByteArray(new ASN1ObjectIdentifier(CMSObjectIdentifiers.signedAndEnvelopedData.getId()),srcMsg.getBytes(charSet));

    CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator();

    JcaAlgorithmParametersConverter paramsConverter = new JcaAlgorithmParametersConverter();

    edGen.addRecipientInfoGenerator(
            new JceKeyTransRecipientInfoGenerator(cert,paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP,OAEPParameterSpec.DEFAULT))
                    .setProvider(new BouncyCastleProvider()));
    OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES256_CBC)
            .setProvider(new BouncyCastleProvider())
            .build()
    CMSEnvelopedData ed = edGen.generate(msg,encryptor)

    encryptedContent = ed.getEncoded()
    String result = new String(Base64.encode(ed.getEncoded()));

    return result;

在这里,我将输入数据设置为CMSTypedDataCMSObjectIdentifiers.signedAndEnvelopedData.getId()

CMSTypedData msg = new CMSProcessableByteArray(new ASN1ObjectIdentifier(CMSObjectIdentifiers.signedAndEnvelopedData.getId()),srcMsg.getBytes(charSet));

问题:

  1. Bouncy Castle(1.59)是否支持PKCS#7 SignedAndEnevloped
  2. 如果第一个问题是YES,我的步骤是否正确创建SignedAndEnevloped数据?
  3. 如果第一个问题是NO,那么实现它的方法有哪些?
java cryptography bouncycastle pkcs#7
1个回答
0
投票

我刚刚写了一个关于使用Bouncy Caslte Provider在XMLSignature(SignedAndEnevloped)中做RSA的演示,请看这篇文章,qazxsw poi

演示代码,

1,https://honwhy.wang/2018/09/07/use-bc-provider-xmlsignature/

2,https://github.com/Honwhy/xml-sec/blob/master/src/main/java/com/honey/xmlsec/BcSignatureAlgorithm.java#L37

也许你必须调整一些线来满足你的要求。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.