[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] pkcs7 SignerInfo



Hello,

You have two options:

1. using method setEncryptedDigest (in this case you must do all the hashing
by yourself)
2. writing a provider for your smartcard for doing RSA cipher encryption
(see below)


When using iaik.pkcs.pkcs7.SignedData(Stream) and iaik.pkcs.pkcs7.SignerInfo
immediately you may use method setEncryptedDigest of class SignerInfo to
explicitly set the encrypted digest. In this case you will have to so all
the hashing by yourself (please be aware that this has to be done in a
different way when authenticated attributes are present or not). In this way
you may "change" method createSignedData(Stream) of demo.pkcs.PKCS7Stream
like:

 public byte[] createSignedDataStream(byte[] message, int mode) throws
PKCSException, IOException  {

    System.out.println("Create a new message signed by user 1:");
    // we are testing the stream interface
    ByteArrayInputStream is = new ByteArrayInputStream(message);
    // create a new SignedData object which includes the data
    SignedDataStream signed_data = new SignedDataStream(is, mode);
    // SignedData shall include the certificate chain for verifying
    signed_data.setCertificates(certificates);

    // cert at index 0 is the user certificate
    IssuerAndSerialNumber issuer = new IssuerAndSerialNumber(user1);

    // create a new SignerInfo (set null as "private key")
    SignerInfo signer_info = new SignerInfo(issuer, AlgorithmID.sha, null);

    try {
      // create some authenticated attributes
      // the message digest attribute is automatically added
      Attribute[] attributes = new Attribute[3];
      // content type is data
      attributes[0] = new Attribute(ObjectID.contentType, new ASN1Object[]
{ObjectID.pkcs7_data});
      // signing time is now
      attributes[1] = new Attribute(ObjectID.signingTime, new ASN1Object[]
{new ChoiceOfTime().toASN1Object()});
      // message digest attribute
      java.security.MessageDigest sha =
java.security.MessageDigest.getInstance("SHA");
      sha.update(message);
      byte[] digest = sha.digest();
      attributes[2] = new Attribute(ObjectID.messageDigest,
                                  new ASN1Object[] {new
iaik.asn1.OCTET_STRING(digest)});
      // set the attributes
      signer_info.setAuthenticatedAttributes(attributes);
      // now explicitly calculate the encrypted digest, e.g:
      java.security.Signature rsaSHA =
java.security.Signature.getInstance("SHA/RSA");
      rsaSHA.initSign(user1_pk);
      rsaSHA.update(DerCoder.encode(iaik.asn1.ASN.createSetOf(attributes,
true)));
      byte[] signature1 = rsaSHA.sign();
      signer_info.setEncryptedDigest(signature1);
      signed_data.addSignerInfo(signer_info);

      // another SignerInfo without authenticated attributes and MD5 as hash
algorithm
      signer_info = new SignerInfo(new IssuerAndSerialNumber(user2),
          AlgorithmID.md5, null);
      java.security.Signature rsaMD5 =
java.security.Signature.getInstance("MD5/RSA");
      rsaMD5.initSign(user2_pk);
      rsaMD5.update(message);
      byte[] signature2 = rsaMD5.sign();
      signer_info.setEncryptedDigest(signature2);
      // the message digest itself is protected
      signed_data.addSignerInfo(signer_info);

    } catch (NoSuchAlgorithmException ex) {
      throw new PKCSException("No implementation for signature algorithm:
"+ex.getMessage());
    } catch (Exception ex) {
      throw new PKCSException(ex.getMessage());
    }

    // write the data through SignedData to any out-of-band place
    if (mode == SignedDataStream.EXPLICIT) {
      InputStream data_is = signed_data.getInputStream();
      byte[] buf = new byte[1024];
      int r;
      while ((r = data_is.read(buf)) > 0)
        ;   // skip data
    }

    // return the SignedData as DER encoded byte array with block size 2048
    ByteArrayOutputStream os = new ByteArrayOutputStream();
    signed_data.writeTo(os, 2048);
    return os.toByteArray();
  }

where hashing and signing is done outside SignerInfo (SignedDataStream). Of
course, you will have to adjust the digest encryption (signature
calculation) process so that it can be handled by your smart card.

However, if you have a JCE provider for your smart card that is able to
handle RSA Cipher encryption with private keys you may use
iaik.pksc.pksc7.SignedData(Stream) in the common way only ensuring to supply
a proper private ("dummy") key object that can be handled by your provider.
The only time SignerInfo calls the RSA Cipher is:

          Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
          rsa.init(Cipher.ENCRYPT_MODE, private_key);
          encrypted_digest = rsa.doFinal(...);

where private_key is the one supplied when creating a SignerInfo object:

public SignerInfo(IssuerAndSerialNumber issuerAndSerialNumber,
      AlgorithmID digestAlgorithm, PrivateKey privateKey) {


Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von Andrei Savitsky
Gesendet: Freitag, 10. November 2000 11:17
An: iaik-jce@iaik.at
Betreff: [iaik-jce] pkcs7 SignerInfo


Hello All,

  There is non-documented function setEncryptedDigest(...), for
  inserting ready signature in SignerInfo object, in situation when we
  can't send private key to constructor (it is at smartcard).
  (Great thanks to Mauro Marini who tells it too me!!!)
  But for example in version 5.7 we haven't it. I understand, that last
  version has it:), BUT.... is there way to work without it?

  May be smb can help me how collect SignerInfo object in DER
  array myself, and then send it to SignerInfo constructor?

--
Best regards,
 Andrey                          mailto:andrey.s@belcaf.minsk.by


--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce




***************************************************************************
*                                                                         *
* IAIK S/MIME Mapper Security Info                                        *
* ===================================                                     *
*                                                                         *
* for message:                                                            *
*   From: "Dieter Bratko" <Dieter.Bratko@iaik.at>                         *
*   Date: Tue, 14 Nov 2000 17:56:21 +0100                                 *
*   Subject: AW: [iaik-jce] pkcs7 SignerInfo                              *
*                                                                         *
* Message S/MIME properties:                                              *
*                                                                         *
*   Encrypted using:    not encrypted                                     *
*                                                                         *
*   Digitally signed:   yes                                               *
*   Signature valid:    yes                                               *
*   Signature trusted:  yes                                               *
*                                                                         *
*                                                                         *
* Compliance with policy for email addresses *@iaik.at:                   *
*                                                                         *
*   Encryption:         OK (None or better required)                      *
*                                                                         *
*   Digital Signature:  OK (digital signature required)                   *
*                                                                         *
***************************************************************************