[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] PKCS7 hash



Hello,

When doing the hashing by yourself please be aware that this has to be done
in a different way when authenticated attributes are present or not. If not
the content data is hashed and dencrypted (signed) with the signer´s private
key.
If authenticated attributes are present they are DER encoded, hashed and
encrypted (signed). Note, that as soon as there are authenticated attributes
are present, they have to include the "message digest" attribute giving a
hash of the content. In this way it is ensured that the content is included
in the hash anyway.

After having done the hashing you may use method setEncryptedDigest of class
SignerInfo to explicitly set the encrypted digest.In this way you may
"change" method createSignedData(Stream) of demo.pkcs.PKCS7Stream like:

 public byte[] createSignedDataStream(byte[] message, int mode) throws
PKCSException, IOException  {

    System.out.println("Create a new message signed by user 1:");
    // we are testing the stream interface
    ByteArrayInputStream is = new ByteArrayInputStream(message);
    // create a new SignedData object which includes the data
    SignedDataStream signed_data = new SignedDataStream(is, mode);
    // SignedData shall include the certificate chain for verifying
    signed_data.setCertificates(certificates);

    // cert at index 0 is the user certificate
    IssuerAndSerialNumber issuer = new IssuerAndSerialNumber(user1);

    // create a new SignerInfo
    SignerInfo signer_info = new SignerInfo(issuer, AlgorithmID.sha,
user1_pk);

    try {
      // create some authenticated attributes
      // the message digest attribute is automatically added
      Attribute[] attributes = new Attribute[3];
      // content type is data
      attributes[0] = new Attribute(ObjectID.contentType, new ASN1Object[]
{ObjectID.pkcs7_data});
      // signing time is now
      attributes[1] = new Attribute(ObjectID.signingTime, new ASN1Object[]
{new ChoiceOfTime().toASN1Object()});
      // message digest attribute
      java.security.MessageDigest sha =
java.security.MessageDigest.getInstance("SHA");
      sha.update(message);
      byte[] digest = sha.digest();
      attributes[2] = new Attribute(ObjectID.messageDigest,
                                  new ASN1Object[] {new
iaik.asn1.OCTET_STRING(digest)});
      // set the attributes
      signer_info.setAuthenticatedAttributes(attributes);
      // finish the creation of SignerInfo by calling method addSigner
      java.security.Signature rsaSHA =
java.security.Signature.getInstance("SHA/RSA");
      rsaSHA.initSign(user1_pk);
      rsaSHA.update(DerCoder.encode(iaik.asn1.ASN.createSetOf(attributes,
true)));
      byte[] signature1 = rsaSHA.sign();
      signer_info.setEncryptedDigest(signature1);
      signed_data.addSignerInfo(signer_info);

      // another SignerInfo without authenticated attributes and MD5 as hash
algorithm
      signer_info = new SignerInfo(new IssuerAndSerialNumber(user2),
          AlgorithmID.md5, user2_pk);
      java.security.Signature rsaMD5 =
java.security.Signature.getInstance("MD5/RSA");
      rsaMD5.initSign(user2_pk);
      rsaMD5.update(message);
      byte[] signature2 = rsaMD5.sign();
      signer_info.setEncryptedDigest(signature2);
      // the message digest itself is protected
      signed_data.addSignerInfo(signer_info);

    } catch (NoSuchAlgorithmException ex) {
      throw new PKCSException("No implementation for signature algorithm:
"+ex.getMessage());
    } catch (Exception ex) {
      throw new PKCSException(ex.getMessage());
    }

    // write the data through SignedData to any out-of-band place
    if (mode == SignedDataStream.EXPLICIT) {
      InputStream data_is = signed_data.getInputStream();
      byte[] buf = new byte[1024];
      int r;
      while ((r = data_is.read(buf)) > 0)
        ;   // skip data
    }

    // return the SignedData as DER encoded byte array with block size 2048
    ByteArrayOutputStream os = new ByteArrayOutputStream();
    signed_data.writeTo(os, 2048);
    return os.toByteArray();
  }

where hashing and signing is done outside SignerInfo (SignedDataStream).

Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von Schneider,
Wolfgang
Gesendet: Freitag, 27. Oktober 2000 14:22
An: Iaik-Jce (E-Mail)
Betreff: [iaik-jce] PKCS7 hash


Hi,

I want to create a pkcs7 signedData signature with authenticated attributes.
My problem is, that I want to do the encryption of the hash seperately (on a
smartcard).
My question: how can I get the hash (not encrypted) of the pkcs7?
One possibility is to generate the hash by myself, but therefore I have to
know, how the hash is created. Where could I find a specification, WHAT is
WHEN hashed?

Thx

Wolfgang Schneider


GFT Technologies AG
Otto-Lilienthal-Strasse 36
D-71034 Boeblingen
Telefon: 07031/714-835
Telefax: 07031/714 -840
Email: wolfgang.schneider@gft.de
Internet: www.gft.com

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce




***************************************************************************
*                                                                         *
* IAIK S/MIME Mapper Security Info                                        *
* ===================================                                     *
*                                                                         *
* for message:                                                            *
*   From: "Dieter Bratko" <Dieter.Bratko@iaik.at>                         *
*   Date: Fri, 27 Oct 2000 21:49:45 +0200                                 *
*   Subject: AW: [iaik-jce] PKCS7 hash                                    *
*                                                                         *
* Message S/MIME properties:                                              *
*                                                                         *
*   Encrypted using:    not encrypted                                     *
*                                                                         *
*   Digitally signed:   yes                                               *
*   Signature valid:    yes                                               *
*   Signature trusted:  yes                                               *
*                                                                         *
*                                                                         *
* Compliance with policy for email addresses *@iaik.at:                   *
*                                                                         *
*   Encryption:         OK (None or better required)                      *
*                                                                         *
*   Digital Signature:  OK (digital signature required)                   *
*                                                                         *
***************************************************************************