Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

signedData to String

843811Apr 17 2008 — edited Apr 30 2008

Hi,

I am working on J2ME and I ported part of the BouncyCastle library so it can
work on mobile systems. With it, I create a simple signedData object
manually:

-----------------------------------

        SignedData signedData = null;
        TBSCertificateStructure tbs = ..... ;
        
        DERInteger _version = new DERInteger(1);
        
        ASN1Encodable[] algorithms = new ASN1Encodable[1];
        algorithms[0] = new AlgorithmIdentifier(new  DERObjectIdentifier("1.3.14.3.2.26"));
        ASN1Set           _digestAlgorithms = new DERSet(algorithms);
        
        ContentInfo _contentInfo = new ContentInfo( new  DERObjectIdentifier("1.2.840.113549.1.7.1"),  new  DEROctetString(encryptContent(document)));
       
        ASN1Encodable[] certificates = new ASN1Encodable[1];
        certificates[0] = estructura;
        ASN1Set           _certificates = new DERSet(certificates);
        
        ASN1Set           _crls = new DERSet(new DERNull());
        
        X509Name x509Name = tbs.getSubject();
        IssuerAndSerialNumber issuerAndSerialNumber =  new IssuerAndSerialNumber(x509Name, tbs.getSerialNumber());      
        ASN1Encodable[] signerInfo = new SignerInfo[1];
        signerInfo[0] = new SignerInfo(new DERInteger(1),  issuerAndSerialNumber,  new AlgorithmIdentifier(new DERObjectIdentifier("1.3.14.3.2.26")), 
                                        null, 
                                        new AlgorithmIdentifier(new DERObjectIdentifier("1.2.840.113549.1.1.1")), 
                                        new DEROctetString(signed_data), 
                                        null);
        ASN1Set           _signerInfos = new DERSet(signerInfo);
        
        signedData = new SignedData(_version, 
                                        _digestAlgorithms, 
                                        _contentInfo, 
                                        _certificates,
                                        _crls, 
                                        _signerInfos);

----------------------------------------------------------------

I have this signedData object and I want to write it to a file in pkcs7.
How can I do it?
Should I use the getEncoded() function or the getDEREncoded()?
Should I use a special character set?
How can I test if the pkcs7 is well formed? (The key is longer to what the
restricted Java version let me)

When I try to check the pkcs7 I obtain with this signedData, openssl can't
understand it (I tried with Base64 encoding, with the getEncoded() function,
with the getDEREncoded(),...):

------------------------------------------------
marias@marias-desktop:~/j2mewtk/2.5.2/appdb/DefaultColorPhone/filesystem/root1$
openssl pkcs7 -print_certs -inform DER -in pkcs7
unable to load PKCS7 object
+15195:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong+
tag:tasn_dec.c:1291:
+15195:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1+
error:tasn_dec.c:380:Type=PKCS7

marias@marias-desktop:~/j2mewtk/2.5.2/appdb/DefaultColorPhone/filesystem/root1$
openssl pkcs7 -print_certs -inform DER -in /home/marias/pkcs7
unable to load PKCS7 object
+15206:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong+
tag:tasn_dec.c:1291:
+15206:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1+
error:tasn_dec.c:830:
+15206:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested+
asn1 error:tasn_dec.c:749:Field=type, Type=PKCS7

----------------------------------------------------

But the nesting should be right! Won't it?

Edited by: Delawen on 17-abr-2008 11:46

Locked Post

New comments cannot be posted to this locked post.

Locked on May 28 2008

Added on Apr 17 2008

#cryptography

1 comment

303 views