Bouncy Castle-如何使用Bouncy Castle实现SignedAndEnveloped数据

时间:2018-07-23 08:35:22

标签: java cryptography bouncycastle pkcs#7

我想创建一个用Bouncy Castle(1.59版)实现的Person person = ctx.People.First(); if(person.Key != null) ctx.Keys.Remove(person.Key);//<---manually update person.Key = new Key () { Code = "Foo" }; ctx.SaveChanges(); //<---no exception (PKCS#7)数据。

在Bouncy Castle中,接口signedAndEnvelopedData包含类型CMSObjectIdentifiers

但是,多次尝试后,无法正确创建。请您提出一些建议,以下是我的核心工作

  1. 首先签名数据
signedAndEnvelopedData

在这里,我将输入数据设置为CMSTypedData msg = (CMSTypedData) new CMSProcessableByteArray( new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()), srcMsg.getBytes(charSet)); Store certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); ContentSigner signer = new JcaContentSignerBuilder( signatureSchema).setProvider("BC").build(privateKey); gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC") .build()).build(signer, cerx509)); gen.addCertificates(certs); CMSSignedData sigData = gen.generate(msg, true); sigData = new CMSSignedData(msg,sigData.getEncoded()) return sigData.getEncoded() CMSTypeData 

CMSObjectIdentifiers.data.getId()
  1. 签名数据的输出将用作信封的输入
CMSTypedData msg = (CMSTypedData) new CMSProcessableByteArray(
                new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId()),
                srcMsg.getBytes(charSet));

在这里,我将输入数据设置为CMSTypedData msg = new CMSProcessableByteArray(new ASN1ObjectIdentifier(CMSObjectIdentifiers.signedAndEnvelopedData.getId()),srcMsg.getBytes(charSet)); CMSEnvelopedDataGenerator edGen = new CMSEnvelopedDataGenerator(); JcaAlgorithmParametersConverter paramsConverter = new JcaAlgorithmParametersConverter(); edGen.addRecipientInfoGenerator( new JceKeyTransRecipientInfoGenerator(cert,paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP,OAEPParameterSpec.DEFAULT)) .setProvider(new BouncyCastleProvider())); OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES256_CBC) .setProvider(new BouncyCastleProvider()) .build() CMSEnvelopedData ed = edGen.generate(msg,encryptor) encryptedContent = ed.getEncoded() String result = new String(Base64.encode(ed.getEncoded())); return result; CMSTypedData 

CMSObjectIdentifiers.signedAndEnvelopedData.getId()

问题:

  1. Bouncy Castle(1.59)是否支持PKCS#7 CMSTypedData msg = new CMSProcessableByteArray(new ASN1ObjectIdentifier(CMSObjectIdentifiers.signedAndEnvelopedData.getId()),srcMsg.getBytes(charSet));
  2. 如果第一个问题是“是”,我的步骤是否正确创建了SignedAndEnevloped数据?
  3. 如果第一个问题是“否”,那么有什么方法可以实现它?

1 个答案:

答案 0 :(得分:0)

我刚刚编写了一个有关使用Bouncy Caslte Provider在XMLSignatrure(SignedAndEnevloped)中进行RSA的演示,请参阅此帖子,https://honwhy.wang/2018/09/07/use-bc-provider-xmlsignature/

演示代码

1,https://github.com/Honwhy/xml-sec/blob/master/src/main/java/com/honey/xmlsec/BcSignatureAlgorithm.java#L37

2,https://github.com/Honwhy/xml-sec/blob/master/src/main/java/com/honey/xmlsec/MyUtil.java#L107

也许您必须调整一些行才能满足您的要求。

相关问题
最新问题