algorithm - 如果没有明确指定,bouncycaSTLe CMSSignedDataGenerator 的默认签名算法是什么

标签 algorithm cryptography bouncycastle signature

我想知道如果您没有像下面的代码那样明确指定,BouncyCaSTLe 默认使用什么签名算法(digestOID):

  List             certList = new ArrayList();
  CMSTypedData     msg = new CMSProcessableByteArray("Hello world!".getBytes());

  certList.add(signCert);

  Store           certs = new JcaCertStore(certList);

  CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
  ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(signKP.getPrivate());

  gen.addSignerInfoGenerator(
            new JcaSignerInfoGeneratorBuilder(
                 new JcaDigestCalculatorProviderBuilder().setProvider("BC").build())
                 .build(sha1Signer, signCert));

  gen.addCertificates(certs);

  CMSSignedData sigData = gen.generate(msg, false);

下面是我想知道的代码示例,因为您看到没有digestOID(SHA1withRSA),所以它使用什么类型的签名:

import java.io.*;
import java.util.*;
import java.security.*;
import java.security.Security;
import java.security.cert.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.cms.*;


/* Create CMS/pkcs #7 signature using BC provider
                 M. Gallant  07/02/2003  */

class BCSignFile {
 static final boolean DEBUG = false;

 public static void main(String args[]) {
 System.out.println("");

  if (args.length < 4)
    usage();

 Security.addProvider(new BouncyCastleProvider());

 String INFILE   = args[0]; // Input file to be signed
 String KEYSTORE = args[1]; // Java 2 keystore file
 String ALIAS    = args[2]; // Java 2 key entry alias
 String PSWD     = args[3]; // keystore password

 // ---- in real implementation, provide some SECURE way to get keystore
 // ---- password from user! -------

 KeyStore keystore = null;
 PublicKey pub = null;
 PrivateKey priv = null;
 java.security.cert.Certificate storecert = null;
 java.security.cert.Certificate[] certChain = null;
 ArrayList certList = new ArrayList();
 CertStore certs =null;

 try{
   keystore = KeyStore.getInstance("JKS");
   keystore.load(new FileInputStream(KEYSTORE), PSWD.toCharArray());

   certChain = keystore.getCertificateChain(ALIAS);
   for ( int i = 0; i < certChain.length;i++)
    certList.add(certChain[i]);      
   certs = CertStore.getInstance("Collection", new     CollectionCertStoreParameters(certList), "BC");

       priv = (PrivateKey)(keystore.getKey(ALIAS, PSWD.toCharArray()));

   storecert = keystore.getCertificate(ALIAS);
   pub = keystore.getCertificate(ALIAS).getPublicKey();
 }
 catch(Exception exc){
  System.out.println("Problem with keystore access: " + exc.toString()) ;
  return;
  }


  if(DEBUG){
   System.out.println("Public Key Format: " + pub.getFormat()) ;
   System.out.println("Certificate " + storecert.toString()) ;
  }

  FileInputStream freader = null;
  File f = null;

    //------  Get the content data from file -------------
      f = new File(INFILE) ;
  int sizecontent = ((int) f.length());
  byte[] contentbytes = new byte[sizecontent];

  try {
    freader = new FileInputStream(f);
    System.out.println("\nContent Bytes: " + freader.read(contentbytes, 0,     sizecontent));
    freader.close();
   }
  catch(IOException ioe) {
    System.out.println(ioe.toString());
    return;
    }


// --- Use Bouncy Castle provider to create CSM/PKCS#7 signed message ---
 try{
  CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
  signGen.addSigner(priv, (X509Certificate)storecert,     CMSSignedDataGenerator.DIGEST_SHA1);
  signGen.addCertificatesAndCRLs(certs);
  CMSProcessable content = new CMSProcessableByteArray(contentbytes);

  CMSSignedData signedData = signGen.generate(content,"BC");
  byte[] signeddata = signedData.getEncoded();
  System.out.println("Created signed message: " + signeddata.length + " bytes") ;
  FileOutputStream envfos = new FileOutputStream("BCsigned.p7s");
                  envfos.write(signeddata);
  envfos.close();
 }
 catch(Exception ex){
  System.out.println("Couldn't generate CMS signed message\n" + ex.toString()) ;
 }
}


 private static void usage() {
  System.out.println("Usage:\n java BCSignFile  <contentfile> <keystore> <alias>     <keypasswd>") ;
  System.exit(1);
 }
    }

最佳答案

相关行是这样的:

signGen.addSigner(priv, (X509Certificate)storecert, CMSSignedDataGenerator.DIGEST_SHA1);

此行指定摘要算法将为 SHA-1,并且签名算法将根据 priv 中的私钥类型决定。

如果 priv 包含 RSA key ,它将使用 PKCS#1 v.1.5 和 SHA-1(“SHA1withRSA”)进行签名。您可以查看 CMSSignedGenerator.getEncOID() 的源代码,了解其他类型的私钥会发生什么情况。

关于algorithm - 如果没有明确指定,bouncycaSTLe CMSSignedDataGenerator 的默认签名算法是什么,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9734115/

上一篇:java - 塔防中寻路的最佳算法

下一篇:c# - 检查列表成员是否以 4 人为一组,连续

相关文章:

java - 得到了 org.bouncycaSTLe.jcajce.provider.symmetry.util.BaseBlockCipher$1 : nonce must have length from 7 to 13 octets while decrypt bytes

algorithm - 将命令式 for 循环转换为惯用的 haskell

java - 使用深度优先搜索查找到节点的唯一路由数

php mcrypt_encrypt 到 C/C++/MFC equalivilent

c# - 如何计算特定 block 的 AES GCM IV

java - 使用 EC X509 证书加密电子邮件

algorithm - 计算向量中的抖动字符串

algorithm - 如何在 Clojure 中将序列划分为递增的子序列?

c - 生成没有良好随机源的初始化 vector

java - 如何以编程方式生成自签名证书?

©2024 IT工具网  联系我们