Currently trying to validate a PKCS#7 signature, where the verified content is the SHA-256 hash of a file and receiving the below error.
Error
org.bouncycastle.cms.CMSException: can't create digest calculator: exception on setup: java.security.NoSuchAlgorithmException: no such algorithm: 1.2.840.113549.1.1.11 for provider BC
at org.bouncycastle.cms.SignerInformation.doVerify(Unknown Source)
at org.bouncycastle.cms.SignerInformation.verify(Unknown Source)
Code
private fun verifySignature(sha256Hash: ByteArray, base64Signature: String): Boolean {
val signedData = CMSSignedData(
CMSProcessableByteArray(sha256Hash),
Base64.decode(base64Signature, Base64.DEFAULT).inputStream()
)
val store: Store<X509CertificateHolder> = signedData.certificates
signedData.signerInfos.signers.forEach { signer ->
try {
val certCollection = store.getMatches(signer.sid as Selector<X509CertificateHolder>)
val certHolder = certCollection.first()
val cert =
JcaX509CertificateConverter().setProvider("BC").getCertificate(certHolder)
if (signer.verify(
JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(cert)
)
) {
return true
}
return false
} catch (e: Exception) {
e.printStackTrace()
}
}
return false
}
Additional Info:
'compileSdk' : 30
'buildTools' : '30.0.2'
'org.bouncycastle:bcpkix-jdk18on:1.72'
'org.bouncycastle:bcprov-jdk18on:1.72'
'org.bouncycastle:bcutil-jdk18on:1.72'
The following resolved my issues
private val BC = BouncyCastleProvider().apply {
addAlgorithm("Alg.Alias.MessageDigest.1.2.840.113549.1.1.11", "SHA-256")
}.also { Security.insertProviderAt(it, 1) }
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.