How to Generate Signed Data (PKCS#7)
Java Code for All API Methods
public static String getSigndata(byte[] tbs, String path, String pin) throws Exception {
Security.addProvider(new BouncyCastleProvider());
FileInputStream fis = new FileInputStream(path);
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(fis, pin.toCharArray());
String alias = ks.aliases().nextElement();
Certificate[] certificateChain = ks.getCertificateChain(alias);
PrivateKey privateKey = (PrivateKey) ks.getKey(alias, pin.toCharArray());
X509Certificate certificate = (X509Certificate) ks.getCertificate(alias);
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
generator.addSigner(privateKey, certificate, CMSSignedDataGenerator.DIGEST_SHA256);
ArrayList list = new ArrayList();
for (int i = 0; i < certificateChain.length; i++) {
list.add(certificateChain[i]);
}
CertStore chainStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(list), new BouncyCastleProvider());
generator.addCertificatesAndCRLs(chainStore);
CMSProcessable content = new CMSProcessableByteArray(tbs);
CMSSignedData signedData = generator.generate(content, true, new BouncyCastleProvider().getName());
String pkcs7Data = new String(Base64.encode(signedData.getEncoded()));
pkcs7Data = pkcs7Data.replaceAll("\\r|\\n", "");
return pkcs7Data;
}
Use code with caution. Learn morecontent_copy
.NET Code for All API Methods
public String Signeddataraca(String tbsData,String PFXFilePath, String pin)
{
string Signeddataraca = string.Empty; Encryption oEncryption = new Encryption();
CryptoConfig.AddAlgorithm(typeof(Security.Cryptography.RSAPKCS1SHA256SignatureDes cription), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
X509Certificate2 Cert = new X509Certificate2(PFXFilePath, pin, X509KeyStorageFlags.Exportable);
byte[] tbsBytes = Encoding.ASCII.GetBytes(tbsData);
RSACryptoServiceProvider key1 = (RSACryptoServiceProvider)Cert.PrivateKey;
RSAParameters rasparam = key1.ExportParameters(true);
AsymmetricCipherKeyPair keypair = Org.BouncyCastle.Security.DotNetUtilities.GetRsaKeyPair(rasparam);
AsymmetricKeyParameter privateKey = keypair.Private; RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
Org.BouncyCastle.X509.X509Certificate ce = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(Cert);
AsymmetricKeyParameter publicKey = ce.GetPublicKey(); CmsSignedDataGenerator generator = new CmsSignedDataGenerator(); generator.AddSigner(privateKey, ce, CmsSignedDataGenerator.DigestSha256);
var storeCerts = new List<Org.BouncyCastle.X509.X509Certificate>(); storeCerts.Add(ce);
var storeParams = new X509CollectionStoreParameters(storeCerts);
var certStore = X509StoreFactory.Create("CERTIFICATE/COLLECTION", storeParams); generator.AddCertificates(certStore);
CmsProcessable content = new CmsProcessableByteArray(tbsBytes); CmsSignedData signeddata = generator.Generate(content, true); byte[] byteSignedData = signeddata.GetEncoded();
string encodedSigneddata = System.Convert.ToBase64String(byteSignedData); Signeddataraca = encodedSigneddata;
return Signeddataraca;
}
TBS
Byte Array
You need to pass TBS data which differs for each method
· TBS data will be CSR data, for createCertificate()
· TBS data will be (Subject DN details, key algorithm & size, PFX password) for createSoftTokenCert()
· TBS data will be Subject DN details, key algorithm & size, PFX password) should be signed by the PFX) for createSoftTokenCert()
· TBS data will be Certificate serial number for
getX509Certificate()
· TBS data will be Certificate serial number for
revokeX509Cert()
TBS data will be Signed data for isSignatureValid()
PFX Path
String
You need to pass the path where PFX should be stored
Pin
String
You need to pass PFX password of Certificate
Last updated