Document altered/corrupted while attaching IAIK PKCS11 signing Hash

huangapple go评论71阅读模式
英文:

Document altered/corrupted while attaching IAIK PKCS11 signing Hash

问题

I have a base64 encoded message digest (signing bytes of a pdf), which I want to sign and return PKCS7. Previously, I was using SUNPKCS11 and was able to attach the same to the pdf.

我有一个Base64编码的消息摘要(用于签署PDF的字节),我想要签名并返回PKCS7。以前,我使用SUNPKCS11并成功附加到PDF。

I have started using IAIK PKCS11 Wrapper. Below is the process, I have a IAIKPKCS11ContentSigner defined like:

我开始使用IAIK PKCS11包装器。下面是流程,我定义了一个名为IAIKPKCS11ContentSigner的类:

public class IAIKPKCS11ContentSigner implements ContentSigner {
   private final Session session;
   private final RSAPrivateKey privateKey;
   private final ByteArrayOutputStream outputStream;

   public IAIKPKCS11ContentSigner(Session session, RSAPrivateKey privateKey) {
     this.session = session;
     this.privateKey = privateKey;
     this.outputStream = new ByteArrayOutputStream();
   }

   @Override
   public byte[] getSignature() {
     try {
       AlgorithmIdentifier sha256Aid = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-256");
       DigestInfo digestInfo = new DigestInfo(sha256Aid, this.outputStream.toByteArray());
       byte[] encodedDigestInfo = digestInfo.getEncoded();
       Mechanism signingMechanism = Mechanism.get(PKCS11Constants.CKM_SHA256_RSA_PKCS);
       session.signInit(signingMechanism, privateKey);
       return session.sign(encodedDigestInfo);
       } catch (Exception e) {
        throw new RuntimeException("Error", e);
       }
   }

   @Override
   public org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier() {
      return new org.bouncycastle.asn1.x509.AlgorithmIdentifier(
            org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.sha256WithRSAEncryption);
   }

   @Override
   public OutputStream getOutputStream() {
      return outputStream;
   }
}

and now I am signing the hash like:

现在我正在签名哈希值:

//已经初始化会话并提取了RSAPrivateKey
//获取当前会话(iaik.pkcs.pkcs11)和RSAPrivateKey
IAIKPKCS11ContentSigner signer = new IAIKPKCS11ContentSigner(session, pk); 

OutputStream outputStream = signer.getOutputStream();
outputStream.write(hash); //写入要签名的文档的哈希值

byte[] signature = signer.getSignature(); //从内容签名器获取签名
ContentInfo contentInfo = new ContentInfo(ContentInfo.DATA_OID, null);
X509Certificate[] certificates; //用于上面密钥的证书;
AlgorithmId[] digestAlgorithmIds; // SHA-256 
SignerInfo si; //使用证书属性和签名内容签名创建SignerInfo;
SignerInfo[] signerInfos = {si};
PKCS7 p7 = new PKCS7(digestAlgorithmIds, contentInfo, certificates, signerInfos);
ByteArrayOutputStream bytes = new ByteArrayOutputStream();
p7.encodeSignedData(bytes);
output = bytes.toByteArray();

But while attaching this pkcs7 as deferred signature on a pdf, getting document has been altered or corrupted. Is this the right approach to sign? Any pointers if I am doing anything wrong here?

但是,在将此PKCS7附加为PDF上的延迟签名时,文档已被更改或损坏。这是否是正确的签名方法?如果我在这里做错了什么,是否有任何指导?

英文:

I have a base64 encoded message digest (signing bytes of a pdf), which I want to sign and return PKCS7. Previously, I was using SUNPKCS11 and was able to attach the same to the pdf.

I have started using IAIK PKCS11 Wrapper. Below is the process, I have a IAIKPKCS11ContentSigner defined like:

public class IAIKPKCS11ContentSigner implements ContentSigner {
   private final Session session;
   private final RSAPrivateKey privateKey;
   private final ByteArrayOutputStream outputStream;

   public IAIKPKCS11ContentSigner(Session session, RSAPrivateKey privateKey) {
     this.session = session;
     this.privateKey = privateKey;
     this.outputStream = new ByteArrayOutputStream();
   }

   @Override
   public byte[] getSignature() {
     try {
       AlgorithmIdentifier sha256Aid = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-256");
       DigestInfo digestInfo = new DigestInfo(sha256Aid, this.outputStream.toByteArray());
       byte[] encodedDigestInfo = digestInfo.getEncoded();
       Mechanism signingMechanism = Mechanism.get(PKCS11Constants.CKM_SHA256_RSA_PKCS);
       session.signInit(signingMechanism, privateKey);
       return session.sign(encodedDigestInfo);
       } catch (Exception e) {
        throw new RuntimeException("Error", e);
       }
   }

   @Override
   public org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier() {
      return new org.bouncycastle.asn1.x509.AlgorithmIdentifier(
            org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.sha256WithRSAEncryption);
   }

   @Override
   public OutputStream getOutputStream() {
      return outputStream;
   }
}

and now I am signing the hash like:

//already initialize session and extracted RSAPrivateKey
//taking current session (iaik.pkcs.pkcs11) and RSAPrivateKey
IAIKPKCS11ContentSigner signer = new IAIKPKCS11ContentSigner(session, pk); 

OutputStream outputStream = signer.getOutputStream();
outputStream.write(hash); //writing the hash of the document to sign 

byte[] signature = signer.getSignature(); //fetching signature from the content signer
ContentInfo contentInfo = new ContentInfo(ContentInfo.DATA_OID, null);
X509Certificate[] certificates; //certificate for the key above;
AlgorithmId[] digestAlgorithmIds; // SHA-256 
SignerInfo si; //creating signer info using cert attributes and signed content signature;
SignerInfo[] signerInfos = {si};
PKCS7 p7 = new PKCS7(digestAlgorithmIds, contentInfo, certificates, signerInfos);
ByteArrayOutputStream bytes = new ByteArrayOutputStream();
p7.encodeSignedData(bytes);
output = bytes.toByteArray();

But while attaching this pkcs7 as deferred signature on a pdf, getting document has been altered or corrupted. Is this the right approach to sign? Any pointers if I am doing anything wrong here?

答案1

得分: 1

You use the mechanism PKCS11Constants.CKM_SHA256_RSA_PKCS. But that mechanism does calculate the hash of the data, wrap it in a DigestInfo structure, apply PKCS#1 1.5 padding, and encrypt.

As far as I understand your code, though, you already have calculated the hash and wrapped it in a DigestInfo structure. So you only want PKCS#1 1.5 padding and encryption to be applied.

Thus, you may want to use the mechanism PKCS11Constants.CKM_RSA_PKCS instead.

英文:

You use the mechanism PKCS11Constants.CKM_SHA256_RSA_PKCS. But that mechanism does calculate the hash of the data, wrap it in a DigestInfo structure, apply PKCS#1 1.5 padding, and encrypt.

As far as I understand your code, though, you already have calculated the hash and wrapped it in a DigestInfo structure. So you only want PKCS#1 1.5 padding and encryption to be applied.

Thus, you may want to use the mechanism PKCS11Constants.CKM_RSA_PKCS instead.

huangapple
  • 本文由 发表于 2023年5月15日 08:22:00
  • 转载请务必保留本文链接:https://go.coder-hub.com/76250205.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定