How to Generate Signed Data (PKCS#7)

Java Code for All API Methods

public static String getSigndata(byte[] tbs, String path, String pin) throws Exception {
    Security.addProvider(new BouncyCastleProvider());

    FileInputStream fis = new FileInputStream(path);
    KeyStore ks = KeyStore.getInstance("pkcs12");
    ks.load(fis, pin.toCharArray());
    String alias = ks.aliases().nextElement();

    Certificate[] certificateChain = ks.getCertificateChain(alias);
    PrivateKey privateKey = (PrivateKey) ks.getKey(alias, pin.toCharArray());
    X509Certificate certificate = (X509Certificate) ks.getCertificate(alias);

    CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
    generator.addSigner(privateKey, certificate, CMSSignedDataGenerator.DIGEST_SHA256);

    ArrayList list = new ArrayList();
    for (int i = 0; i < certificateChain.length; i++) {
        list.add(certificateChain[i]);
    }
    CertStore chainStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(list), new BouncyCastleProvider());
    generator.addCertificatesAndCRLs(chainStore);

    CMSProcessable content = new CMSProcessableByteArray(tbs);
    CMSSignedData signedData = generator.generate(content, true, new BouncyCastleProvider().getName());
    String pkcs7Data = new String(Base64.encode(signedData.getEncoded()));
    pkcs7Data = pkcs7Data.replaceAll("\\r|\\n", "");
    return pkcs7Data;
}

.NET Code for All API Methods

public String Signeddataraca(String tbsData,String PFXFilePath, String pin)
{
string Signeddataraca = string.Empty; Encryption oEncryption = new Encryption();
CryptoConfig.AddAlgorithm(typeof(Security.Cryptography.RSAPKCS1SHA256SignatureDes cription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");


X509Certificate2 Cert = new X509Certificate2(PFXFilePath, pin, X509KeyStorageFlags.Exportable);
byte[] tbsBytes = Encoding.ASCII.GetBytes(tbsData);


RSACryptoServiceProvider key1 = (RSACryptoServiceProvider)Cert.PrivateKey;
RSAParameters rasparam = key1.ExportParameters(true);
AsymmetricCipherKeyPair keypair = Org.BouncyCastle.Security.DotNetUtilities.GetRsaKeyPair(rasparam);
AsymmetricKeyParameter privateKey = keypair.Private; RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
Org.BouncyCastle.X509.X509Certificate ce = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(Cert);
AsymmetricKeyParameter publicKey = ce.GetPublicKey(); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, ce, CmsSignedDataGenerator.DigestSha256);

var storeCerts = new List<Org.BouncyCastle.X509.X509Certificate>(); storeCerts.Add(ce);
var storeParams = new X509CollectionStoreParameters(storeCerts);
var certStore = X509StoreFactory.Create("CERTIFICATE/COLLECTION", storeParams); generator.AddCertificates(certStore);

CmsProcessable content = new CmsProcessableByteArray(tbsBytes); CmsSignedData signeddata = generator.Generate(content, true); byte[] byteSignedData = signeddata.GetEncoded();
string encodedSigneddata = System.Convert.ToBase64String(byteSignedData); Signeddataraca = encodedSigneddata;
return Signeddataraca;
}

Input

Data Type

Description

TBS

Byte Array

You need to pass TBS data which differs for each method

· TBS data will be CSR data, for createCertificate()

· TBS data will be (Subject DN details, key algorithm & size, PFX password) for createSoftTokenCert()

· TBS data will be Subject DN details, key algorithm & size, PFX password) should be signed by the PFX) for createSoftTokenCert()

· TBS data will be Certificate serial number for

getX509Certificate()

· TBS data will be Certificate serial number for

revokeX509Cert()

TBS data will be Signed data for isSignatureValid()

PFX Path

String

You need to pass the path where PFX should be stored

String

You need to pass PFX password of Certificate

PreviousHow to Generate an Authentication Key NextHow to create JSON Object before Encryption

Last updated 1 year ago

public static String getSigndata(byte[] tbs, String path, String pin) throws Exception { Security.addProvider(new BouncyCastleProvider()); FileInputStream fis = new FileInputStream(path); KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(fis, pin.toCharArray()); String alias = ks.aliases().nextElement(); Certificate[] certificateChain = ks.getCertificateChain(alias); PrivateKey privateKey = (PrivateKey) ks.getKey(alias, pin.toCharArray()); X509Certificate certificate = (X509Certificate) ks.getCertificate(alias); CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); generator.addSigner(privateKey, certificate, CMSSignedDataGenerator.DIGEST_SHA256); ArrayList list = new ArrayList(); for (int i = 0; i < certificateChain.length; i++) { list.add(certificateChain[i]); } CertStore chainStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(list), new BouncyCastleProvider()); generator.addCertificatesAndCRLs(chainStore); CMSProcessable content = new CMSProcessableByteArray(tbs); CMSSignedData signedData = generator.generate(content, true, new BouncyCastleProvider().getName()); String pkcs7Data = new String(Base64.encode(signedData.getEncoded())); pkcs7Data = pkcs7Data.replaceAll("\\r|\\n", ""); return pkcs7Data; }

public String Signeddataraca(String tbsData,String PFXFilePath, String pin) { string Signeddataraca = string.Empty; Encryption oEncryption = new Encryption(); CryptoConfig.AddAlgorithm(typeof(Security.Cryptography.RSAPKCS1SHA256SignatureDes cription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); X509Certificate2 Cert = new X509Certificate2(PFXFilePath, pin, X509KeyStorageFlags.Exportable); byte[] tbsBytes = Encoding.ASCII.GetBytes(tbsData); RSACryptoServiceProvider key1 = (RSACryptoServiceProvider)Cert.PrivateKey; RSAParameters rasparam = key1.ExportParameters(true); AsymmetricCipherKeyPair keypair = Org.BouncyCastle.Security.DotNetUtilities.GetRsaKeyPair(rasparam); AsymmetricKeyParameter privateKey = keypair.Private; RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); Org.BouncyCastle.X509.X509Certificate ce = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(Cert); AsymmetricKeyParameter publicKey = ce.GetPublicKey(); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, ce, CmsSignedDataGenerator.DigestSha256); var storeCerts = new List<Org.BouncyCastle.X509.X509Certificate>(); storeCerts.Add(ce); var storeParams = new X509CollectionStoreParameters(storeCerts); var certStore = X509StoreFactory.Create("CERTIFICATE/COLLECTION", storeParams); generator.AddCertificates(certStore); CmsProcessable content = new CmsProcessableByteArray(tbsBytes); CmsSignedData signeddata = generator.Generate(content, true); byte[] byteSignedData = signeddata.GetEncoded(); string encodedSigneddata = System.Convert.ToBase64String(byteSignedData); Signeddataraca = encodedSigneddata; return Signeddataraca; }