英文:
Document altered/corrupted while attaching IAIK PKCS11 signing Hash
问题
I have a base64 encoded message digest (signing bytes of a pdf), which I want to sign and return PKCS7. Previously, I was using SUNPKCS11 and was able to attach the same to the pdf.
我有一个Base64编码的消息摘要(用于签署PDF的字节),我想要签名并返回PKCS7。以前,我使用SUNPKCS11并成功附加到PDF。
I have started using IAIK PKCS11 Wrapper. Below is the process, I have a IAIKPKCS11ContentSigner defined like:
我开始使用IAIK PKCS11包装器。下面是流程,我定义了一个名为IAIKPKCS11ContentSigner的类:
public class IAIKPKCS11ContentSigner implements ContentSigner {
private final Session session;
private final RSAPrivateKey privateKey;
private final ByteArrayOutputStream outputStream;
public IAIKPKCS11ContentSigner(Session session, RSAPrivateKey privateKey) {
this.session = session;
this.privateKey = privateKey;
this.outputStream = new ByteArrayOutputStream();
}
@Override
public byte[] getSignature() {
try {
AlgorithmIdentifier sha256Aid = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-256");
DigestInfo digestInfo = new DigestInfo(sha256Aid, this.outputStream.toByteArray());
byte[] encodedDigestInfo = digestInfo.getEncoded();
Mechanism signingMechanism = Mechanism.get(PKCS11Constants.CKM_SHA256_RSA_PKCS);
session.signInit(signingMechanism, privateKey);
return session.sign(encodedDigestInfo);
} catch (Exception e) {
throw new RuntimeException("Error", e);
}
}
@Override
public org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier() {
return new org.bouncycastle.asn1.x509.AlgorithmIdentifier(
org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.sha256WithRSAEncryption);
}
@Override
public OutputStream getOutputStream() {
return outputStream;
}
}
and now I am signing the hash like:
现在我正在签名哈希值:
//已经初始化会话并提取了RSAPrivateKey
//获取当前会话(iaik.pkcs.pkcs11)和RSAPrivateKey
IAIKPKCS11ContentSigner signer = new IAIKPKCS11ContentSigner(session, pk);
OutputStream outputStream = signer.getOutputStream();
outputStream.write(hash); //写入要签名的文档的哈希值
byte[] signature = signer.getSignature(); //从内容签名器获取签名
ContentInfo contentInfo = new ContentInfo(ContentInfo.DATA_OID, null);
X509Certificate[] certificates; //用于上面密钥的证书;
AlgorithmId[] digestAlgorithmIds; // SHA-256
SignerInfo si; //使用证书属性和签名内容签名创建SignerInfo;
SignerInfo[] signerInfos = {si};
PKCS7 p7 = new PKCS7(digestAlgorithmIds, contentInfo, certificates, signerInfos);
ByteArrayOutputStream bytes = new ByteArrayOutputStream();
p7.encodeSignedData(bytes);
output = bytes.toByteArray();
But while attaching this pkcs7 as deferred signature on a pdf, getting document has been altered or corrupted. Is this the right approach to sign? Any pointers if I am doing anything wrong here?
但是,在将此PKCS7附加为PDF上的延迟签名时,文档已被更改或损坏。这是否是正确的签名方法?如果我在这里做错了什么,是否有任何指导?
英文:
I have a base64 encoded message digest (signing bytes of a pdf), which I want to sign and return PKCS7. Previously, I was using SUNPKCS11 and was able to attach the same to the pdf.
I have started using IAIK PKCS11 Wrapper. Below is the process, I have a IAIKPKCS11ContentSigner defined like:
public class IAIKPKCS11ContentSigner implements ContentSigner {
private final Session session;
private final RSAPrivateKey privateKey;
private final ByteArrayOutputStream outputStream;
public IAIKPKCS11ContentSigner(Session session, RSAPrivateKey privateKey) {
this.session = session;
this.privateKey = privateKey;
this.outputStream = new ByteArrayOutputStream();
}
@Override
public byte[] getSignature() {
try {
AlgorithmIdentifier sha256Aid = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-256");
DigestInfo digestInfo = new DigestInfo(sha256Aid, this.outputStream.toByteArray());
byte[] encodedDigestInfo = digestInfo.getEncoded();
Mechanism signingMechanism = Mechanism.get(PKCS11Constants.CKM_SHA256_RSA_PKCS);
session.signInit(signingMechanism, privateKey);
return session.sign(encodedDigestInfo);
} catch (Exception e) {
throw new RuntimeException("Error", e);
}
}
@Override
public org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier() {
return new org.bouncycastle.asn1.x509.AlgorithmIdentifier(
org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.sha256WithRSAEncryption);
}
@Override
public OutputStream getOutputStream() {
return outputStream;
}
}
and now I am signing the hash like:
//already initialize session and extracted RSAPrivateKey
//taking current session (iaik.pkcs.pkcs11) and RSAPrivateKey
IAIKPKCS11ContentSigner signer = new IAIKPKCS11ContentSigner(session, pk);
OutputStream outputStream = signer.getOutputStream();
outputStream.write(hash); //writing the hash of the document to sign
byte[] signature = signer.getSignature(); //fetching signature from the content signer
ContentInfo contentInfo = new ContentInfo(ContentInfo.DATA_OID, null);
X509Certificate[] certificates; //certificate for the key above;
AlgorithmId[] digestAlgorithmIds; // SHA-256
SignerInfo si; //creating signer info using cert attributes and signed content signature;
SignerInfo[] signerInfos = {si};
PKCS7 p7 = new PKCS7(digestAlgorithmIds, contentInfo, certificates, signerInfos);
ByteArrayOutputStream bytes = new ByteArrayOutputStream();
p7.encodeSignedData(bytes);
output = bytes.toByteArray();
But while attaching this pkcs7 as deferred signature on a pdf, getting document has been altered or corrupted. Is this the right approach to sign? Any pointers if I am doing anything wrong here?
答案1
得分: 1
You use the mechanism PKCS11Constants.CKM_SHA256_RSA_PKCS. But that mechanism does calculate the hash of the data, wrap it in a DigestInfo structure, apply PKCS#1 1.5 padding, and encrypt.
As far as I understand your code, though, you already have calculated the hash and wrapped it in a DigestInfo structure. So you only want PKCS#1 1.5 padding and encryption to be applied.
Thus, you may want to use the mechanism PKCS11Constants.CKM_RSA_PKCS instead.
英文:
You use the mechanism PKCS11Constants.CKM_SHA256_RSA_PKCS. But that mechanism does calculate the hash of the data, wrap it in a DigestInfo structure, apply PKCS#1 1.5 padding, and encrypt.
As far as I understand your code, though, you already have calculated the hash and wrapped it in a DigestInfo structure. So you only want PKCS#1 1.5 padding and encryption to be applied.
Thus, you may want to use the mechanism PKCS11Constants.CKM_RSA_PKCS instead.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论