使用PKCS#7进行加密解密

时间:2012-06-19 12:16:59

标签: cryptography bouncycastle public-key-encryption pkcs#7

我想使用PKCS#7加密解密数据。 在探索的过程中,我发现了一本书使用Java开始加密 在本书的第9章中有一个示例代码在下面

import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.*;
import java.util.Arrays;

import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;

/**
 * Example of generating a detached signature.
 */
public class SignedDataExample
    extends SignedDataProcessor
{
    public static void main(String[] args) throws Exception
    {
        KeyStore         credentials = Utils.createCredentials();
        PrivateKey       key = (PrivateKey)credentials.getKey(
                                          Utils.END_ENTITY_ALIAS, Utils.KEY_PASSWD);
        Certificate[]    chain = credentials.getCertificateChain(
                                                           Utils.END_ENTITY_ALIAS);
        CertStore        certsAndCRLs = CertStore.getInstance(
                                "Collection", new CollectionCertStoreParameters(
                                                      Arrays.asList(chain)), "BC");
        X509Certificate  cert = (X509Certificate)chain[0];

        // set up the generator
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();

        gen.addSigner(key, cert, CMSSignedDataGenerator.DIGEST_SHA224);
        gen.addCertificatesAndCRLs(certsAndCRLs);

        // create the signed-data object
        CMSProcessable data = new CMSProcessableByteArray(
                                                     "Hello World!".getBytes());

        CMSSignedData signed = gen.generate(data, "BC");

        // re-create
        signed = new CMSSignedData(data, signed.getEncoded());

        // verification step
        X509Certificate rootCert = (X509Certificate)credentials.getCertificate(
                                                                Utils.ROOT_ALIAS);
        if (isValid(signed, rootCert))

        {
           System.out.println("verification succeeded");
        }
        else
        {
           System.out.println("verification failed");
        }
     }
  }

我有几个问题

  1. 加密数据在哪里以及如何将其写入文件
  2. 如何从加密数据中恢复原始数据
  3. 我是否需要将密钥存储区发送给正在解密加密数据的人。
  4. 我应该以何种格式发送加密数据

    5. 非常感谢

0 个答案:

没有答案
相关问题
最新问题