[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] PKCS7 SignedData empty encryptedDigest



Hello,

the PKCS#7 implementation of IAIK-JCE is stream based allowing to deal with
big amounts of data without running into memeory problems. The data is piped
through DigestStreams block by block and the digest value itself is
calculated (and encrypted) actually during the encoding procedure. So
accessing the encryptedDigest field before the encoding is performed
(calling writeTo, getEncoding) will give no value.

> I am evaluating your library, and so far I really like it alot compared
> to other Java crypto libs that have PKCS support.
Fine!

Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von michael p
schwartz
Gesendet: Mittwoch, 6. Dezember 2000 20:53
An: IAIK JCE SUPPORT ADDRESS
Betreff: [iaik-jce] PKCS7 SignedData empty encryptedDigest


Hello IAIK,

I am evaluating your library, and so far I really like it alot compared
to other Java crypto libs that have PKCS support.

My question:

When I follow your documention for creating an PKCS7 SignedData object
(Implicit), the encryptedDigest property is always empty.  I have been
doing the following:
1.  Create the SignedData object
2.  Set the signer's certificate on the SignedData object
3. Create a SignerInfo object
4. Add the SignerInfo object to the SignedData object
5.  Check encryptedDigest property and it is empty (UNEXPECTED:  why is
it empty?)

As a "work around", I have been doing this (which results in a populated
encryptedDigest property):
1. Create the SignedData object
2. Set the signer's certificate on the SignedData object
3. Explicity create a Signature object (init, update,sign)
4. Set the Signature to the SignerInfo object
5. Add the SignerInfo object to the SignedData object.
6. Check the encryptedDigest property and it is populated (AS EXPECTED).

I am using the JCE Applet Edition and JDK 1.1.8.  Any help you can offer
would be appreciated.

Thanks alot,
Mike
--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce



--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce