Quantcast

Creating a signed document

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Creating a signed document

Matteo Sciolla
I think i'm making a great confusion about generating a PKCS#7 signed
document...

I have a samtd card and an usb card reader, and I want an applet that
can generate a PKCS#7 signed file taking a file to sign and (I think)
the dll that implements the PKCS#11 protocol for my smart card and the
PIN of the smart card...

How Could I obtain the signed file?
-- Matteo Sciolla

P.S. Sorry for the wrong subject of the previuos post
--
Matteo Sciolla

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Creating a signed document

Matteo Sciolla
Matteo Sciolla ha scritto:

Now I have this code:

X509Certificate cert = null;
        PublicKey myPublicKey = null;
        PrivateKey myPrivateKey = null;
        KeyStore myKeyStore = null;
        String data = "Text to be signed";

        try
        {
            Security.addProvider(new BouncyCastleProvider());

            String myPkcs11LibraryFileName =
"C:\\WINDOWS.0\\system32\\incryptoki2.dll"; // <- this is the dll that
implements PKCS#11 for my smart card
            String myPinCode = "**********"; //<- this is the PIN of my
smart card

            myKeyStore =
loadKeyStoreFromSmartCard(myPkcs11LibraryFileName, myPinCode);
            // Load the keystore
            //myKeyStore.load(new FileInputStream("myKeyStoreFile.pfx"),
           // passw.toCharArray());

            Enumeration myKeyStoreAliases = myKeyStore.aliases();
            String myName = "";

            if(myKeyStoreAliases != null)
            {
                while (myKeyStoreAliases.hasMoreElements())
                {
                    String myAlias =
(String)myKeyStoreAliases.nextElement();
                    if (myKeyStore.isKeyEntry(myAlias))
                    {
                        myName = myAlias;
                    }
                }
            }

            // Get the private key and the certificate
            myPrivateKey = (PrivateKey)myKeyStore.getKey(myName,
myPinCode.toCharArray());
            Certificate myCertificate = (X509Certificate)
myKeyStore.getCertificate(myName);

            Certificate[] myCertificationChain =
                    myKeyStore.getCertificateChain(myName);
            PrivateKeyAndCertChain result = new PrivateKeyAndCertChain();

            // I'm not sure if this is necessary
            ArrayList myCertificationList = new ArrayList();
            CertStore myCertStore = null;
            for(int i=0;
                i < myCertificationChain.length;
                i++)
            {
                myCertificationList.add(myCertificationChain[i]);
            }

            myCertStore = CertStore.getInstance(
                    "Collection",
                    new CollectionCertStoreParameters(myCertificationList),
                    "BC");


            // Encrypt data
            CMSSignedDataGenerator mySignedDataGenerator =
                    new CMSSignedDataGenerator();
            // What digest algorithm i must use? SHA1? MD5? RSA?...
            mySignedDataGenerator.addSigner(
                    myPrivateKey,
                    (X509Certificate)myCertificate,
                    CMSSignedDataGenerator.DIGEST_MD5);
            // I'm not sure this is necessary
            mySignedDataGenerator.addCertificatesAndCRLs(myCertStore);

            // I think that the 2nd parameter need to be false
(dettached form)
            CMSSignedData myCMSSignedData = mySignedDataGenerator.generate(
                    new CMSProcessableByteArray(data.getBytes()),
                    true,
                    "BC");

            byte[] mySignedData = myCMSSignedData.getEncoded();
            byte[] signedDataB64 =

Base64Utils.base64Encode(myCMSSignedData.getEncoded()).getBytes();

            FileOutputStream out = new FileOutputStream("C:\\out2.p7s");
            out.write(signedDataB64);
            out.close();

        }
        catch(Exception myException)
        {
            myException.printStackTrace();
            System.out.println(myException.getMessage());
        }
    }


It throws a org.bouncycastle.cms.CMSException with the message "key
inappropriate for signature".

Is the problem related to the secret key I've gog from the smart card?
Could someone explain me where the error shuold be?


--
Matteo Sciolla

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Creating a signed document

Harakiri
You could do do the whole BC list a favor and first
researching your problems yourself because they are
all fundamantally like adding a provider, signing,
getting a keystore object.

The example packages together with the [limited]
documentation and google provide enough information to
get started, this list is generally not for hello
world crypto programs - i know this sounds offensive
and it is - but look getting 9-10 mails in one day
from one single person on the BC list which is usually
very quiet is not the right way.

Answering your own questions multiple times also
doesnt look really professional in the light of your
company.

--- Matteo Sciolla <[hidden email]> wrote:

> Matteo Sciolla ha scritto:
>
> Now I have this code:
>
> X509Certificate cert = null;
>         PublicKey myPublicKey = null;
>         PrivateKey myPrivateKey = null;
>         KeyStore myKeyStore = null;
>         String data = "Text to be signed";
>
>         try
>         {
>             Security.addProvider(new
> BouncyCastleProvider());
>
>             String myPkcs11LibraryFileName =
> "C:\\WINDOWS.0\\system32\\incryptoki2.dll"; // <-
> this is the dll that
> implements PKCS#11 for my smart card
>             String myPinCode = "**********"; //<-
> this is the PIN of my
> smart card
>
>             myKeyStore =
> loadKeyStoreFromSmartCard(myPkcs11LibraryFileName,
> myPinCode);
>             // Load the keystore
>             //myKeyStore.load(new
> FileInputStream("myKeyStoreFile.pfx"),
>            // passw.toCharArray());
>
>             Enumeration myKeyStoreAliases =
> myKeyStore.aliases();
>             String myName = "";
>
>             if(myKeyStoreAliases != null)
>             {
>                 while
> (myKeyStoreAliases.hasMoreElements())
>                 {
>                     String myAlias =
> (String)myKeyStoreAliases.nextElement();
>                     if
> (myKeyStore.isKeyEntry(myAlias))
>                     {
>                         myName = myAlias;
>                     }
>                 }
>             }
>
>             // Get the private key and the
> certificate
>             myPrivateKey =
> (PrivateKey)myKeyStore.getKey(myName,
> myPinCode.toCharArray());
>             Certificate myCertificate =
> (X509Certificate)
> myKeyStore.getCertificate(myName);
>
>             Certificate[] myCertificationChain =
>                    
> myKeyStore.getCertificateChain(myName);
>             PrivateKeyAndCertChain result = new
> PrivateKeyAndCertChain();
>
>             // I'm not sure if this is necessary
>             ArrayList myCertificationList = new
> ArrayList();
>             CertStore myCertStore = null;
>             for(int i=0;
>                 i < myCertificationChain.length;
>                 i++)
>             {
>                
> myCertificationList.add(myCertificationChain[i]);
>             }
>
>             myCertStore = CertStore.getInstance(
>                     "Collection",
>                     new
> CollectionCertStoreParameters(myCertificationList),
>                     "BC");
>
>
>             // Encrypt data
>             CMSSignedDataGenerator
> mySignedDataGenerator =
>                     new CMSSignedDataGenerator();
>             // What digest algorithm i must use?
> SHA1? MD5? RSA?...
>             mySignedDataGenerator.addSigner(
>                     myPrivateKey,
>                     (X509Certificate)myCertificate,
>                    
> CMSSignedDataGenerator.DIGEST_MD5);
>             // I'm not sure this is necessary
>            
>
mySignedDataGenerator.addCertificatesAndCRLs(myCertStore);

>
>             // I think that the 2nd parameter need
> to be false
> (dettached form)
>             CMSSignedData myCMSSignedData =
> mySignedDataGenerator.generate(
>                     new
> CMSProcessableByteArray(data.getBytes()),
>                     true,
>                     "BC");
>
>             byte[] mySignedData =
> myCMSSignedData.getEncoded();
>             byte[] signedDataB64 =
>
>
Base64Utils.base64Encode(myCMSSignedData.getEncoded()).getBytes();

>
>             FileOutputStream out = new
> FileOutputStream("C:\\out2.p7s");
>             out.write(signedDataB64);
>             out.close();
>
>         }
>         catch(Exception myException)
>         {
>             myException.printStackTrace();
>            
> System.out.println(myException.getMessage());
>         }
>     }
>
>
> It throws a org.bouncycastle.cms.CMSException with
> the message "key
> inappropriate for signature".
>
> Is the problem related to the secret key I've gog
> from the smart card?
> Could someone explain me where the error shuold be?
>
>
> --
> Matteo Sciolla
>
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

Loading...