我生成了一个 CMSSignedData 对象,我想将其以人类可读的格式保存到文件中。
我现在得到:
saveSigToFile(CMSSignedData sigData) throws Exception {
FileOutputStream out = new FileOutputStream(new File(getFileName() + _sig));
try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
DEROutputStream dos = new DEROutputStream(out);
dos.writeObject(asn1.readObject());
dos.flush();
dos.close();
asn1.close();
}
}
但是我在哪里可以告诉函数将其写入文件“test.sig”?
最佳答案
您可能正在寻找 PEM。 PEM 由标题行、页脚行和其间的 base64 编码组成。 Base64编码提供了ASCII装甲,这意味着签名可以放入文本消息中。 PEM 是 OpenSSL 命令行的默认格式。不过,我仍然不会称其为人类可读的。
<小时/>在 Bouncy CaSTLe 中,您可以使用 JcaPEMWriter class从 ASN.1 对象转换为 PEM:
ContentInfo cmsSignedDataAsASN1 = cmsSignedData.toASN1Structure();
try (JcaPEMWriter writer = new JcaPEMWriter(new FileWriter("test.sig"))) {
writer.writeObject(cmsSignedDataAsASN1);
}
产生与此类似的结果:
-----BEGIN PKCS7-----
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAA
oIAwggH0MIIBPaADAgECAgYBXE94NwwwDQYJKoZIhvcNAQELBQAwEzERMA8GA1UE
AwwIb3dsc3RlYWQwHhcNMTcwNTI4MTQzMTM3WhcNMTgwNTI4MTQzMTM3WjATMREw
DwYDVQQDDAhvd2xzdGVhZDCBvzANBgkqhkiG9w0BAQEFAAOBrQAwgakCgaEAhWem
22+jOG8jVDLXFe7dAbqvcPkLUi5f9BRxAxwKZmw43OFwgT9yUkLItWD0d/r1o0AJ
I6hP8P82Q6Muj5gM3nG44g1PtooWeYvxMrZ8LKkNiduyEU1PhZKHVAwTf0ziyVWL
3CXoXNGX34pmwOG6W0e8leGsX6D/LZN9y7dvT0V/RUfTUvaHKteHBOO4rYHw6jQ4
+Fr4NSkAtCyoHUKTGQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
DQEBCwUAA4GhAD2ucR5gbwX9sghZpZ1OdzYNJKpMgWFTnacMLni6Ui69Em5Dx+wm
a6uOtHufs3BawWen6mhp0VkAqW6yVFjKAgRSpG17BZKbiItuICUJowyG5NTp0+Nj
0RhXJTiCa12QbcTXi2CVOJ4Khx7SWNV+Yb3dMxmbUYG98ZQRmY6QS+Mp9wVQLyYg
Ue86uN0IpvWc2I3BZIc3wpH4p4yCRLYwqskAADGB4jCB3wIBATAdMBMxETAPBgNV
BAMMCG93bHN0ZWFkAgYBXE94NwwwCQYFKw4DAhoFADANBgkqhkiG9w0BAQEFAASB
oEbWQTz6j4yjWB3jTkXRxSuFjex613RtRiZOSFTpqpEOAZe0oaLwuFmE9M+Wyke2
JXywB99y6dH1rJjKW3bXXyHpgM1Id7Tn3M4hegnmwOPhjwlXIYN9/QTUwSkKpohc
awXV7M+XifVGeB88G6Chatc3n3gvo6zv+6WsiqXUVEIUbj/9i/lXpg19ngxxT1OB
6sanLYVJicLIh6kqUSRRRBsAAAAAAAA=
-----END PKCS7-----
如果您想查看您可以使用的内容,例如openssl asn1parse -inform DER -in "test.sig" 或 openssl asn1parse -in "test.sig"(如果已进行 PEM 编码)。
结果如下:
0:d=0 hl=2 l=inf cons: SEQUENCE
2:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
13:d=1 hl=2 l=inf cons: cont [ 0 ]
15:d=2 hl=2 l=inf cons: SEQUENCE
17:d=3 hl=2 l= 1 prim: INTEGER :01
20:d=3 hl=2 l= 11 cons: SET
22:d=4 hl=2 l= 9 cons: SEQUENCE
24:d=5 hl=2 l= 5 prim: OBJECT :sha1
31:d=5 hl=2 l= 0 prim: NULL
33:d=3 hl=2 l=inf cons: SEQUENCE
35:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
46:d=4 hl=2 l= 0 prim: EOC
48:d=3 hl=2 l=inf cons: cont [ 0 ]
50:d=4 hl=4 l= 500 cons: SEQUENCE
54:d=5 hl=4 l= 317 cons: SEQUENCE
58:d=6 hl=2 l= 3 cons: cont [ 0 ]
60:d=7 hl=2 l= 1 prim: INTEGER :02
63:d=6 hl=2 l= 6 prim: INTEGER :015C4F78370C
71:d=6 hl=2 l= 13 cons: SEQUENCE
73:d=7 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
84:d=7 hl=2 l= 0 prim: NULL
86:d=6 hl=2 l= 19 cons: SEQUENCE
88:d=7 hl=2 l= 17 cons: SET
90:d=8 hl=2 l= 15 cons: SEQUENCE
92:d=9 hl=2 l= 3 prim: OBJECT :commonName
97:d=9 hl=2 l= 8 prim: UTF8STRING :owlstead
107:d=6 hl=2 l= 30 cons: SEQUENCE
109:d=7 hl=2 l= 13 prim: UTCTIME :170528143137Z
124:d=7 hl=2 l= 13 prim: UTCTIME :180528143137Z
139:d=6 hl=2 l= 19 cons: SEQUENCE
141:d=7 hl=2 l= 17 cons: SET
143:d=8 hl=2 l= 15 cons: SEQUENCE
145:d=9 hl=2 l= 3 prim: OBJECT :commonName
150:d=9 hl=2 l= 8 prim: UTF8STRING :owlstead
160:d=6 hl=3 l= 191 cons: SEQUENCE
163:d=7 hl=2 l= 13 cons: SEQUENCE
165:d=8 hl=2 l= 9 prim: OBJECT :rsaEncryption
176:d=8 hl=2 l= 0 prim: NULL
178:d=7 hl=3 l= 173 prim: BIT STRING
354:d=6 hl=2 l= 19 cons: cont [ 3 ]
356:d=7 hl=2 l= 17 cons: SEQUENCE
358:d=8 hl=2 l= 15 cons: SEQUENCE
360:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
365:d=9 hl=2 l= 1 prim: BOOLEAN :255
368:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF
375:d=5 hl=2 l= 13 cons: SEQUENCE
377:d=6 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
388:d=6 hl=2 l= 0 prim: NULL
390:d=5 hl=3 l= 161 prim: BIT STRING
554:d=4 hl=2 l= 0 prim: EOC
556:d=3 hl=3 l= 226 cons: SET
559:d=4 hl=3 l= 223 cons: SEQUENCE
562:d=5 hl=2 l= 1 prim: INTEGER :01
565:d=5 hl=2 l= 29 cons: SEQUENCE
567:d=6 hl=2 l= 19 cons: SEQUENCE
569:d=7 hl=2 l= 17 cons: SET
571:d=8 hl=2 l= 15 cons: SEQUENCE
573:d=9 hl=2 l= 3 prim: OBJECT :commonName
578:d=9 hl=2 l= 8 prim: UTF8STRING :owlstead
588:d=6 hl=2 l= 6 prim: INTEGER :015C4F78370C
596:d=5 hl=2 l= 9 cons: SEQUENCE
598:d=6 hl=2 l= 5 prim: OBJECT :sha1
605:d=6 hl=2 l= 0 prim: NULL
607:d=5 hl=2 l= 13 cons: SEQUENCE
609:d=6 hl=2 l= 9 prim: OBJECT :rsaEncryption
620:d=6 hl=2 l= 0 prim: NULL
622:d=5 hl=3 l= 160 prim: OCTET STRING [HEX DUMP]:46D6413CFA8F8CA3581DE34E45D1C52B858DEC7AD7746D46264E4854E9AA910E0197B4A1A2F0B85984F4CF96CA47B6257CB007DF72E9D1F5AC98CA5B76D75F21E980CD4877B4E7DCCE217A09E6C0E3E18F095721837DFD04D4C1290AA6885C6B05D5ECCF9789F546781F3C1BA0A16AD7379F782FA3ACEFFBA5AC8AA5D45442146E3FFD8BF957A60D7D9E0C714F5381EAC6A72D854989C2C887A92A512451441B
785:d=3 hl=2 l= 0 prim: EOC
787:d=2 hl=2 l= 0 prim: EOC
789:d=1 hl=2 l= 0 prim: EOC
我认为这是人类可读的(但不要仅像这样存储它,因为计算机无法读取最后一种格式)。
关于java - 将 CMS 签名写入可读文件,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44107763/