How to Generate Signed Data (PKCS#7)

Java Code for All API Methods

public static String getSigndata(byte[] tbs, String path, String pin) throws Exception {
    Security.addProvider(new BouncyCastleProvider());

    FileInputStream fis = new FileInputStream(path);
    KeyStore ks = KeyStore.getInstance("pkcs12");
    ks.load(fis, pin.toCharArray());
    String alias = ks.aliases().nextElement();

    Certificate[] certificateChain = ks.getCertificateChain(alias);
    PrivateKey privateKey = (PrivateKey) ks.getKey(alias, pin.toCharArray());
    X509Certificate certificate = (X509Certificate) ks.getCertificate(alias);

    CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
    generator.addSigner(privateKey, certificate, CMSSignedDataGenerator.DIGEST_SHA256);

    ArrayList list = new ArrayList();
    for (int i = 0; i < certificateChain.length; i++) {
        list.add(certificateChain[i]);
    }
    CertStore chainStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(list), new BouncyCastleProvider());
    generator.addCertificatesAndCRLs(chainStore);

    CMSProcessable content = new CMSProcessableByteArray(tbs);
    CMSSignedData signedData = generator.generate(content, true, new BouncyCastleProvider().getName());
    String pkcs7Data = new String(Base64.encode(signedData.getEncoded()));
    pkcs7Data = pkcs7Data.replaceAll("\\r|\\n", "");
    return pkcs7Data;
}

Use code with caution. Learn morecontent_copy

.NET Code for All API Methods

public String Signeddataraca(String tbsData,String PFXFilePath, String pin)
{
string Signeddataraca = string.Empty; Encryption oEncryption = new Encryption();
CryptoConfig.AddAlgorithm(typeof(Security.Cryptography.RSAPKCS1SHA256SignatureDes cription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");


X509Certificate2 Cert = new X509Certificate2(PFXFilePath, pin, X509KeyStorageFlags.Exportable);
byte[] tbsBytes = Encoding.ASCII.GetBytes(tbsData);


RSACryptoServiceProvider key1 = (RSACryptoServiceProvider)Cert.PrivateKey;
RSAParameters rasparam = key1.ExportParameters(true);
AsymmetricCipherKeyPair keypair = Org.BouncyCastle.Security.DotNetUtilities.GetRsaKeyPair(rasparam);
AsymmetricKeyParameter privateKey = keypair.Private; RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
Org.BouncyCastle.X509.X509Certificate ce = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(Cert);
AsymmetricKeyParameter publicKey = ce.GetPublicKey(); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, ce, CmsSignedDataGenerator.DigestSha256);

var storeCerts = new List<Org.BouncyCastle.X509.X509Certificate>(); storeCerts.Add(ce);
var storeParams = new X509CollectionStoreParameters(storeCerts);
var certStore = X509StoreFactory.Create("CERTIFICATE/COLLECTION", storeParams); generator.AddCertificates(certStore);

CmsProcessable content = new CmsProcessableByteArray(tbsBytes); CmsSignedData signeddata = generator.Generate(content, true); byte[] byteSignedData = signeddata.GetEncoded();
string encodedSigneddata = System.Convert.ToBase64String(byteSignedData); Signeddataraca = encodedSigneddata;
return Signeddataraca;
}

PreviousHow to Generate an Authentication KeyNextHow to create JSON Object before Encryption

Last updated