使用PKCS12向IOS发送电子邮件

时间:2013-09-13 22:54:39

标签: encryption javamail bouncycastle smime

我有一个问题,我试图用加密FKCS12发送邮件并签名,我使用BouncyCastle加密带有证书(.cer)文件的邮件,并用.pb12文件签名,问题是这个:

一些偏见,如黑莓,android,Outlook,甚至Mac OSX都可以打开电子邮件,但当他们尝试用IOS打开电子邮件(Iphone 4)时他们看不到内容,只能看到一条消息告诉“电子邮件已加密,可以看到您需要安装包含其身份加密的身份”。

我认为发送电子邮件的Java进程没问题。

¿任何想法?

BTW,这是代码:

MailcapCommandMap mailcap = (MailcapCommandMap)CommandMap
                .getDefaultCommandMap();

        mailcap
                .addMailcap("application/pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_signature");
        mailcap
                .addMailcap("application/pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.pkcs7_mime");
        mailcap
                .addMailcap("application/x-pkcs7-signature;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_signature");
        mailcap
                .addMailcap("application/x-pkcs7-mime;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.x_pkcs7_mime");
        mailcap
                .addMailcap("multipart/signed;; x-java-content-handler=org.bouncycastle.mail.smime.handlers.multipart_signed");

        CommandMap.setDefaultCommandMap(mailcap);
        /*
         * FIN MAILCAP AGREGADO
         */

        args = new String[6];
        args[0] = "ITtest.p12";
        args[1] = "pass";
        args[2] = "1.1.1.example";
        args[3] = "ManuelRodriguez.cer"; //certificado
        args[4] = "noreply_sistemas@siman.com"; //from
        args[5] = "daniel_hernandez@siman.com,omar_rodriguez@siman.com"; //to
        //args[5] = "daniel_hernandez@siman.com,omar_rodriguez@siman.com, manuel_rodriguez@siman.com"; //to

        //
        // Open the key store
        //      
        Security.addProvider(new BouncyCastleProvider());
        KeyStore ks = KeyStore.getInstance("PKCS12", "BC");
        ks.load(Pivote.class.getResourceAsStream("ITtest.p12"), "pass".toCharArray());

        Enumeration e = ks.aliases();
        String      keyAlias = null;

        while (e.hasMoreElements())
        {
            String  alias = (String)e.nextElement();

            if (ks.isKeyEntry(alias))
            {
                keyAlias = alias;
            }
        }

        if (keyAlias == null)
        {
            System.err.println("can't find a private key!");
            System.exit(0);
        }

        Certificate[]   chain = ks.getCertificateChain(keyAlias);



        /*
         * INSTANCIAMOS EL CERTIFICADO DE IVAN
         */        
        InputStream fr =  Pivote.class.getResourceAsStream(args[3]);
        CertificateFactory cf =  CertificateFactory.getInstance("X509");
        X509Certificate crt = (X509Certificate) cf.generateCertificate(fr);

        /*
         * 
         */

        //
        // create the generator for creating an smime/encrypted message
        //
        SMIMEEnvelopedGenerator  gen = new SMIMEEnvelopedGenerator();          
        gen.addKeyTransRecipient(crt);
        //gen.addKeyTransRecipient((X509Certificate)chain[0]);



        //
        // create a subject key id - this has to be done the same way as
        // it is done in the certificate associated with the private key
        // version 3 only.
        //
        /*
        MessageDigest           dig = MessageDigest.getInstance("SHA1", "BC");

        dig.update(cert.getPublicKey().getEncoded());

        gen.addKeyTransRecipient(cert.getPublicKey(), dig.digest());
        */

        //
        // create the base for our message
        //
        MimeBodyPart    msg = new MimeBodyPart();

        msg.setText("¿PUEDEN VER ESTA PARTE DEL MENSAJE?");

        MimeBodyPart mp = gen.generate(msg, SMIMEEnvelopedGenerator.RC2_CBC, "BC");
        //
        // Get a Session object and create the mail message
        //
        Properties props = System.getProperties();
        props.put("mail.smtp.host", args[2]);
        Session session = Session.getDefaultInstance(props, null);

        Address fromUser = new InternetAddress(args[4]);
        //Address toUser = new InternetAddress(args[5], false);

        MimeMessage body = new MimeMessage(session);
        body.setFrom(fromUser);
        //body.setRecipient(Message.RecipientType.TO, toUser);
        body.setRecipients(Message.RecipientType.TO, args[5]);
        body.setSubject("Confirmar si ven mensaje, por favor " + new SimpleDateFormat("dd/MM/yyyy hh:mm:ss").format(new Date()));
        body.setContent(mp.getContent(), mp.getContentType());
        body.saveChanges();
        body.writeTo(new FileOutputStream("encrypted.message"));

        /*
         * Firmo el mensaje
         */
        EncryptionUtils smimeUtils = EncryptionManager.getEncryptionUtils(EncryptionManager.SMIME);    
        EncryptionKeyManager smimeKeyMgr = smimeUtils.createKeyManager();
        smimeKeyMgr.loadPrivateKeystore(Pivote.class.getResourceAsStream("ITtest.p12"), "pass".toCharArray());
        Key privateKey = smimeKeyMgr.getPrivateKey((String)smimeKeyMgr.privateKeyAliases().iterator().next(), "pass".toCharArray());
        smimeUtils.signMessage(session, body, privateKey);
        /*
         * Fin de firja
         */


        Transport.send(body);

        System.out.println("Mensaje enviado");

此致

1 个答案:

答案 0 :(得分:0)

将输出加密器更改为AES256_CBC对我来说非常有用。

MimeBodyPart mp = gen.generate(msg, SMIMEEnvelopedGenerator.AES256_CBC, "BC");
相关问题
最新问题