BC1.6 CSR generation

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

BC1.6 CSR generation

Usha Nayak
Hello

For generation of CSR, we had following 1 liner code:
      
kpGen = new PKCS10CertificationRequest( "SHA256withRSA", x500PrincipalName,  keyPair.getPublic(), new DERSet(attribute), keyPair.getPrivate() );

where subject is a "javax.security.auth.x500.X500Principal", the private & public key stem from a general "java.security.KeyPair" etc. 

Now for BC1.6, I'm aware that we need to use pkcs package to use PKCS10CertificationRequest class. But can't seem to find a better approach in creating this object. 

On googling, I came across couple of ways to do so using BC1.6:

   PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(
        new X500Name(subject.getName()),
        SubjectPublicKeyInfo.getInstance(pair.getPublic())  );
    AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(type.toString());
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
    AsymmetricKeyParameter keyParam = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded());
    ContentSigner signer = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(keyParam);
    
    PKCS10CertificationRequest csr = builder.build(signer);


OR

SubjectPublicKeyInfo pkInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic());
CertificationRequestInfo requestInfo = new CertificationRequestInfo(x500Name, pkInfo, new DERSet(attribute));
AlgorithmIdentifier sha256withRsa = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption);
byte[] signatureBytes = keyPair.getPrivate().getEncoded();
DERBitString signature = new DERBitString(signatureBytes);

csr = new CertificationRequest(requestInfo, sha256withRsa, signature);

kpGen= new PKCS10CertificationRequest(csr);

Please let me know the correct approach of the two I listed above way or if there are any utilities or implementation that I could use.

Thanks..

Reply | Threaded
Open this post in threaded view
|

Re: BC1.6 CSR generation

David Hook-3
Use the pkcs classes in the bcpkix jar.

Regards,

David

On 6/3/19 2:53 am, Usha Nayak wrote:
Hello

For generation of CSR, we had following 1 liner code:
      
kpGen = new PKCS10CertificationRequest( "SHA256withRSA", x500PrincipalName,  keyPair.getPublic(), new DERSet(attribute), keyPair.getPrivate() );

where subject is a "javax.security.auth.x500.X500Principal", the private & public key stem from a general "java.security.KeyPair" etc. 

Now for BC1.6, I'm aware that we need to use pkcs package to use PKCS10CertificationRequest class. But can't seem to find a better approach in creating this object. 

On googling, I came across couple of ways to do so using BC1.6:

   PKCS10CertificationRequestBuilder builder = new PKCS10CertificationRequestBuilder(
        new X500Name(subject.getName()),
        SubjectPublicKeyInfo.getInstance(pair.getPublic())  );
    AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(type.toString());
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
    AsymmetricKeyParameter keyParam = PrivateKeyFactory.createKey(pair.getPrivate().getEncoded());
    ContentSigner signer = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(keyParam);
    
    PKCS10CertificationRequest csr = builder.build(signer);


OR

SubjectPublicKeyInfo pkInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic());
CertificationRequestInfo requestInfo = new CertificationRequestInfo(x500Name, pkInfo, new DERSet(attribute));
AlgorithmIdentifier sha256withRsa = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha256WithRSAEncryption);
byte[] signatureBytes = keyPair.getPrivate().getEncoded();
DERBitString signature = new DERBitString(signatureBytes);

csr = new CertificationRequest(requestInfo, sha256withRsa, signature);

kpGen= new PKCS10CertificationRequest(csr);

Please let me know the correct approach of the two I listed above way or if there are any utilities or implementation that I could use.

Thanks..