signeddata and envelopeddata in PKCS#7

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

signeddata and envelopeddata in PKCS#7

salvatorec
Hi everyone,
I'm bouncycastle newbie and I need help.
I need to sign data, in the PKCS#7 format, and then encrypt it.
The formats used to envelope signed and encrypted data shall comply with
PKCS#7 v 1.5, signedData and envelopedData (mixed standard S/MIME, with
signature envelope and encryption compliant to PKCS#7 v.1.5, DER encrypted).
During encryption, the data must be encrypted using a symmetric key
algorithm, generated randomly each time. The key used must be inserted in
the envelope, and encrypted with the recipient's public RSA key.

Can anyone help me?

Thanks and regards
Salvatore



--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html

Reply | Threaded
Open this post in threaded view
|

Re: signeddata and envelopeddata in PKCS#7

salvatorec
This post was updated on .
Hi everyone,
below is my solution.

I sign and encrypt data but when I verify the signed file with dike I obtain
the following error: "CA certificate not found".

Can anyone help me?

Thanks and regards
Salvatore

// Nel nuovo standard di firma digitale e' richiesto l'hash del certificato di sottoscrizione:
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
// digest del certificato
byte[] digestedCert = messageDigest.digest(certificateToSign.getEncoded());
AlgorithmIdentifier aiSha256 = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256);
ESSCertIDv2 essCert1 = new ESSCertIDv2(aiSha256, digestedCert);
ESSCertIDv2[] essCert1Arr = {essCert1};
SigningCertificateV2 scv2 = new SigningCertificateV2(essCert1Arr);
Attribute certHAttribute = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2,new DERSet(scv2));
//Aggiungiamo l'attributo al vettore degli attributi da firmare:
ASN1EncodableVector v = new ASN1EncodableVector();
v.add(certHAttribute);
AttributeTable at = new AttributeTable(v);

CMSAttributeTableGenerator attrGen = new DefaultSignedAttributeTableGenerator(at);
//Creaiamo l'oggetto che firma e crea l'involucro attraverso le librerie di Bouncy Castle:
SignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new SignerInfoGeneratorBuilder(new BcDigestCalculatorProvider());
signerInfoGeneratorBuilder.setSignedAttributeGenerator(attrGen);


List<X509Certificate> certList = new ArrayList<X509Certificate>();
certList.add(certificateToSign);
// Si effettua la firma con l'algoritmo SHA256withRSA che crea l'hash e lo firma con l'algoritmo RSA:
CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator();
ContentSigner shaSigner = new JcaContentSignerBuilder("SHA256withRSA").setProvider("BC").build(signingKey);
SignerInfoGenerator signerInfoGenerator = signerInfoGeneratorBuilder.build(shaSigner, new X509CertificateHolder(certificateToSign.getEncoded()));
cmsSignedDataGenerator.addSignerInfoGenerator(signerInfoGenerator);
//X509CollectionStoreParameters x509CollectionStoreParameters = new X509CollectionStoreParameters(certList);
JcaCertStore jcaCertStore = new JcaCertStore(certList);
cmsSignedDataGenerator.addCertificates(jcaCertStore);

// firma dei dati e imbustamento P7M:
CMSTypedData msg = new CMSProcessableByteArray(data); // *data byte array to sign
CMSSignedData cmsSignedData = cmsSignedDataGenerator.generate(msg, true);
byte[] encoded = cmsSignedData.getEncoded();


CMSEnvelopedDataGenerator cmsEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();

JceKeyTransRecipientInfoGenerator jceKey = new JceKeyTransRecipientInfoGenerator(encryptionCertificate);
// RecipientInfoGenerator transKeyGen = jceKey;
// cmsEnvelopedDataGenerator.addRecipientInfoGenerator(transKeyGen);
cmsEnvelopedDataGenerator.addRecipientInfoGenerator(jceKey);
CMSTypedData msg = new CMSProcessableByteArray(encoded); // *encoded byte array signed
OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider("BC").build();
CMSEnvelopedData cmsEnvelopedData = cmsEnvelopedDataGenerator.generate(msg, encryptor);
byte[] encryptedData = cmsEnvelopedData.getEncoded();  // *encryptedData byte array signed and encrypted



--
Sent from: http://bouncy-castle.1462172.n4.nabble.com/Bouncy-Castle-Dev-f1462173.html