Skip to Main Content
Forums

Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

How to generate digital signature using .PFX file?

User_2E0J1Nov 19 2015

Hi,

I am a novice in this. I am supposed to generate a digital signature. All I have is: 1. A private key with corresponding X.509 certificate (.PFX file), issued by designated Certification Authority. 2. A Root CA Certificate in .CRT and .CER formats. 3. A string which needs to be digitally signed.

I have imported the .PFX to a .JKS file.

I have the following resources with me:

  1. bcpkix-jdk15on-153.jar (downloaded from https://www.bouncycastle.org/latest_releases.html )
  2. A sample java program to create digital signature:

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import testjavadigitalsignature.Base64;

public class CMSSignedDataSigner {

   final PrivateKey privateKey;
   final X509Certificate signerCert;
   final String providerName;
   final String algorithm;

   public CMSSignedDataSigner(PrivateKey privkey, X509Certificate cert,
   String provider, String alg) {
  privateKey = privkey;
  signerCert = cert;
  providerName = provider;
  algorithm = alg;
   }

   private byte[] signSep(byte[] data) throws Exception {

   CMSTypedData typedData = new CMSProcessableByteArray(data);
   CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
   ContentSigner signer =
   new JcaContentSignerBuilder(algorithm).setProvider(providerName).build(privateKey);
   JcaSignerInfoGeneratorBuilder builder =
   new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().setProvider("BC").build());
  gen.addSignerInfoGenerator(builder.build(signer, signerCert));
   CMSSignedData signed = gen.generate(typedData, false);
   byte[] der = signed.getEncoded();
   return der;
   }

   public String signBlock4(String block4) throws Exception {

   final String stringToSign = block4.replaceAll("\\r\\n", "\\n");
   byte[] dataToSign = stringToSign.getBytes("UTF-16LE");
   return Base64.encodeBytes(signSep(dataToSign));
   }

   public static void main(String[] args) {


   String blk4 =
   ":20:P227588/102\n" + ":21:AQHH103112424\n" + ":76:STAT\n" +
   "ACSP/1511121323+0300\n" + ":11R:103\n" + "151112\n" +
   ":79:AQHHBHBM\n" + "151112\n" + "AQHH103112424";
   try {
   CMSSignedDataSigner obj =
   new CMSSignedDataSigner(??,??, "BC", "SHA256withRSA");
   System.out.println(obj.signBlock4(blk4));
   } catch (Exception e) {
  e.printStackTrace();
   }
   }
}


My questions are:

when I call the CMSSignedDataSigner constructor, how to I create the PrivateKey privkey and X509Certificate cert objects?

Do I need the Root CA Certificate for this, or the PFX will be enough?
Comments
Post Details
Added on Nov 19 2015
#java, #java-enterprise-edition
0 comments
1,852 views