自定义签名者正在签名什么?
What is being signed by the custom signer?
我有以下代码要签名,我遇到的问题是要签名的数据正在通过网络发送,我需要在另一个函数上处理它,但我不确定是什么类型的编码或它有哈希值吗?
CMSSignedDataGenerator signGenerator = new CMSSignedDataGenerator();
X509Certificate userCert = (X509Certificate) this.certificateChain[0];
ContentSigner mySigner = new CustomSigner(invoke,String.valueOf(userCert.getSerialNumber()),sad);
signGenerator.addSignerInfoGenerator(
new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build())
.build(mySigner, userCert));
signGenerator.addCertificates(new JcaCertStore(Arrays.asList(certificateChain)));
CMSProcessableInputStream msg = new CMSProcessableInputStream(content);
CMSSignedData signedData = signGenerator.generate(msg, false);
return signedData.getEncoded();
bouncy castle 发送什么来签名?它是什么编码?我在另一边收到以下[=12=]
MYGYMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDMyMzE3MTA0NVowLQYJKoZIhvcNAQk0MSAwHjANBglghkgBZQMEAgEFAKENBgkqhkiG9w0BAQsFADAvBgkqhkiG9w0BCQQxIgQgpJ/2Sz3j0sp6iqVKmyednqFjZ87SYEYhScT0sSKtHPU=
正如 Jim Garrison 和 dave_thompson_085 在评论中所说,这是一个 base64 编码的签名属性 DER 结构,具有内容类型、签名时间、消息摘要和算法保护属性。这里有 ASN.1 dump 个:
SET (4 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.3 contentType (PKCS #9)
SET (1 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.7.1 data (PKCS #7)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.5 signingTime (PKCS #9)
SET (1 elem)
UTCTime 2021-03-23 17:10:45 UTC
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.52 cmsAlgorithmProtection (RFC 6211)
SET (1 elem)
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 (NIST Algorithm)
NULL
[1] (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
NULL
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.4 messageDigest (PKCS #9)
SET (1 elem)
OCTET STRING (32 byte) A49FF64B3DE3D2CA7A8AA54A9B279D9EA16367CED260462149C4F4B122AD1CF5
根据算法保护属性,BouncyCastle 希望您return 签署此结构的 SHA256withRSA 签名值。
特别是,当您想知道它有什么类型的编码或散列时,此结构的散列仍然必须作为签名服务的一部分进行计算。
我有以下代码要签名,我遇到的问题是要签名的数据正在通过网络发送,我需要在另一个函数上处理它,但我不确定是什么类型的编码或它有哈希值吗?
CMSSignedDataGenerator signGenerator = new CMSSignedDataGenerator();
X509Certificate userCert = (X509Certificate) this.certificateChain[0];
ContentSigner mySigner = new CustomSigner(invoke,String.valueOf(userCert.getSerialNumber()),sad);
signGenerator.addSignerInfoGenerator(
new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build())
.build(mySigner, userCert));
signGenerator.addCertificates(new JcaCertStore(Arrays.asList(certificateChain)));
CMSProcessableInputStream msg = new CMSProcessableInputStream(content);
CMSSignedData signedData = signGenerator.generate(msg, false);
return signedData.getEncoded();
bouncy castle 发送什么来签名?它是什么编码?我在另一边收到以下[=12=]
MYGYMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDMyMzE3MTA0NVowLQYJKoZIhvcNAQk0MSAwHjANBglghkgBZQMEAgEFAKENBgkqhkiG9w0BAQsFADAvBgkqhkiG9w0BCQQxIgQgpJ/2Sz3j0sp6iqVKmyednqFjZ87SYEYhScT0sSKtHPU=
正如 Jim Garrison 和 dave_thompson_085 在评论中所说,这是一个 base64 编码的签名属性 DER 结构,具有内容类型、签名时间、消息摘要和算法保护属性。这里有 ASN.1 dump 个:
SET (4 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.3 contentType (PKCS #9)
SET (1 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.7.1 data (PKCS #7)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.5 signingTime (PKCS #9)
SET (1 elem)
UTCTime 2021-03-23 17:10:45 UTC
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.52 cmsAlgorithmProtection (RFC 6211)
SET (1 elem)
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 (NIST Algorithm)
NULL
[1] (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
NULL
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.4 messageDigest (PKCS #9)
SET (1 elem)
OCTET STRING (32 byte) A49FF64B3DE3D2CA7A8AA54A9B279D9EA16367CED260462149C4F4B122AD1CF5
根据算法保护属性,BouncyCastle 希望您return 签署此结构的 SHA256withRSA 签名值。
特别是,当您想知道它有什么类型的编码或散列时,此结构的散列仍然必须作为签名服务的一部分进行计算。