[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] Doubt in PKCS7 SignerInfo



Hello,

if you want to convert a SignerInfo to an ASN1Object you yourself have to
take care to set the message digest attribute and the encrypted digest
value, e.g.:
...
attributes[2] = new Attribute(ObjectID.messageDigest,
   new ASN1Object[] {new iaik.asn1.OCTET_STRING(digest)});
...
signerInfo.setEncryptedDigest(encryptedDigest);

However, usually it is not necessary to explicitly call
SignerInfo.toASN1Object since SignerInfo encoding is done automatically when
encoding a SignedData object.
When trying your sample with IAIK-JCE 2.61 I get an exception that the
digest cannot be encrypted (since it not has been set).

Regards,
Dieter Bratko


-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von phani
Gesendet: Mittwoch, 31. Januar 2001 12:23
An: iaik-jce@iaik.at
Betreff: [iaik-jce] Doubt in PKCS7 SignerInfo


I am using PKCS7 SingerInfo class and i have created the signerinfo object
like the way given in the sample code in the documentation.
then i used the dercoder class to encode the asn object and get back the asn
object. but the sequence that is there before sending into dercoder contains
6 elements where as the one returned contained only 2 elements. i don't know
why this is turning out like this. any suggestions in this issue will be a
great help to me. please send the reply only in unsigned format. i am unable
to see the signed messages.
thanks in advance
phani
the following code fragment is having that problem:

import iaik.pkcs.pkcs7.SignerInfo;
import iaik.pkcs.pkcs7.IssuerAndSerialNumber;
import java.io.FileInputStream;
import iaik.x509.X509Certificate;
import iaik.security.rsa.RSAPrivateKey;
import iaik.asn1.structures.AlgorithmID;
import iaik.asn1.structures.Attribute;
import iaik.asn1.ASN1Object;
import iaik.asn1.ObjectID;
import iaik.asn1.structures.ChoiceOfTime;
import iaik.security.provider.IAIK;
import iaik.asn1.DerCoder;

public class SigInfoTest {
  public static void main(String[] args) throws Exception{
    java.security.Security.addProvider(new IAIK());
    FileInputStream fis = new FileInputStream("Ravi.cert.der");
    X509Certificate cert = new X509Certificate(fis);
    IssuerAndSerialNumber isanum = new IssuerAndSerialNumber(cert);
    fis.close();
    fis = new FileInputStream("Ravi.prv");
    RSAPrivateKey priv_key = new RSAPrivateKey(fis);
    SignerInfo sgin = new
SignerInfo(isanum,AlgorithmID.sha1,AlgorithmID.rsaEncryption,priv_key);
    Attribute[] auth_attribute = new Attribute[2];
    auth_attribute[0] = new Attribute(ObjectID.contentType,new ASN1Object[]
{ObjectID.pkcs7_data});
    auth_attribute[1] = new Attribute(ObjectID.signingTime,new ASN1Object[]
{new ChoiceOfTime().toASN1Object()});
    sgin.setAuthenticatedAttributes(auth_attribute);
 ASN1Object asn1 = sgin.toASN1Object();
    System.out.println("ASN Before Encoding "+asn1);
    byte[] s = DerCoder.encode(asn1);
    ASN1Object asn = DerCoder.decode(s);
    System.out.println("ASN After Decoding "+asn);
   }
}

the output coming is
ASN Before Encoding SEQUENCE[C] = 6 elements
ASN After Decoding SEQUENCE[C] = 2 elements


--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce



--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce