Creating PKCS7 signature from etoken

Question

I am trying to generate a digital signature using an etoken. I am using BouncyCastle library and the signature is being generated. The problem is that I want it in pkcs7 format which also contains tags like '-----BEGIN PKCS7-----' and ends with '-----END PKCS7-----'.But the signature that I generate doesn't contain these tags. I am not sure where I'm going wrong. Here is my code..

CMSProcessable content = new CMSProcessableByteArray(contentbytes);

    CMSSignedData signedData = signGen.generate(content, securityProviderName);

    byte[] signeddata = signedData.getEncoded();
BASE64Encoder encoder = new BASE64Encoder();
        digitalSignature = encoder.encode(signeddata);

Now I need the data to be in pkcs7 format.Is there anything wrong with the code? Or do I need to add anything to this? Please help.. Thank you.

Answer 1

PKCS#7, usually called CMS (Cryptographic Message Syntax) is a container format that is specified using ASN.1 and encoded using BER/DER (Basic/Distinguished Encoding Rules). BER/DER are methods of performing binary encoding.

What you are talking about is PEM format, which was specified for Privacy Enhanced Mail. It is sometimes also called an ASCII armor as it makes it possible for binary data to be send over text interfaces. It consists of a header and footer that also identify the data, as well as the encoding to base 64 of the DER encoded blob.

What you can do is to implement the header and footer generation yourself, or you can take a look at the PemWriter class within the Bouncy Castle for Java functionality. The specifications of the format can be found here .