stackoom
  简体   繁体   中英

Java, Digital Signature with BouncyCastle

 原文  2011-12-06 09:59:42       java/ digital-signature/ bouncycastle

Question

In Java, I tried to sign a byte[] (which is my sha256 digest of my document) with bouncy castle and a certificate in this specification:

http://www.ebics.org/fileadmin/unsecured/specification/spec_current_EN/EBICS_Specification_2.5_final-16-05-2011.pdf

in chapter 14.1.4.1.1 Digital signature generation.

I found in bouncy's java doc this method: 

public static byte[] signer(byte[] datas, Certificat cert) {
    try {
        List<X509Certificate> certList = new ArrayList<X509Certificate>();
        CMSTypedData msg = new CMSProcessableByteArray(datas);

        certList.add(cert.getCertificat());

        Store certs = new JcaCertStore(certList);

        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        ContentSigner sha256signer = new JcaContentSignerBuilder(
                "SHA256withRSA").setProvider("BC").build(
                cert.getPrivateKey());

        gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
                new JcaDigestCalculatorProviderBuilder().setProvider("BC")
                        .build()).build(sha256signer, cert.getCertificat()));

        gen.addCertificates(certs);

        CMSSignedData sigData = gen.generate(msg, true);
        return sigData.getEncoded();
    } 
    catch (Exception e) {
        throw new RuntimeException(
                "Erreur lors de la signature du document", e);
    }

I don't know if this signature is really in accordance with PKCS#1 1.5 required by the specification. Do I have to add the padding manually? And the OID for RSA256?

1 answers

solution1
 5 ACCPTED  2011-12-17 19:53:46

EBICS signature A005 is a RSA signature with SHA-256 digest algorithm and PKCS#1 1.5 padding. However the code sample you pasted here is creating a CMS signature which uses a "low level" RSA signature but is a much more complex structure (for comprehensive details, see RFC 5652 http://www.rfc-editor.org/rfc/rfc5652.txt ).

Hopefully, generating the signature you are trying to get is really simple with the java crypto API: 

public static byte[] signer(byte[] data, PrivateKey key) {
    Signature signer = Signature.getInstance("SHA256WithRSA", "BC");
    signer.initSign(key);
    signer.update(data);
    return signer.sign();
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Generating Digital Signature using BouncyCastle in Java OpenSSL equivalent for Java/BouncyCastle signature Digital signature of document java XML Digital Signature Java Digital signature in java Elliptic Curve with Digital Signature Algorithm (ECDSA) implementation on BouncyCastle Error when verifying ECDSA signature in Java with BouncyCastle How to set Signature size in java (bouncycastle)? Digital signature verification failing - Java rsa with digital signature coding in java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM