Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Java, Digital Signature with BouncyCastle

Tags:

java

digital-signature

bouncycastle

In Java, I tried to sign a byte[] (which is my sha256 digest of my document) with bouncy castle and a certificate in this specification:

http://www.ebics.org/fileadmin/unsecured/specification/spec_current_EN/EBICS_Specification_2.5_final-16-05-2011.pdf

in chapter 14.1.4.1.1 Digital signature generation.

I found in bouncy's java doc this method:

public static byte[] signer(byte[] datas, Certificat cert) {
    try {
        List<X509Certificate> certList = new ArrayList<X509Certificate>();
        CMSTypedData msg = new CMSProcessableByteArray(datas);

        certList.add(cert.getCertificat());

        Store certs = new JcaCertStore(certList);

        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        ContentSigner sha256signer = new JcaContentSignerBuilder(
                "SHA256withRSA").setProvider("BC").build(
                cert.getPrivateKey());

        gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(
                new JcaDigestCalculatorProviderBuilder().setProvider("BC")
                        .build()).build(sha256signer, cert.getCertificat()));

        gen.addCertificates(certs);

        CMSSignedData sigData = gen.generate(msg, true);
        return sigData.getEncoded();
    } 
    catch (Exception e) {
        throw new RuntimeException(
                "Erreur lors de la signature du document", e);
    }

I don't know if this signature is really in accordance with PKCS#1 1.5 required by the specification. Do I have to add the padding manually? And the OID for RSA256?

like image 608
Bastiflew Avatar asked Sep 01 '25 04:09

Bastiflew

1 Answers

EBICS signature A005 is a RSA signature with SHA-256 digest algorithm and PKCS#1 1.5 padding. However the code sample you pasted here is creating a CMS signature which uses a "low level" RSA signature but is a much more complex structure (for comprehensive details, see RFC 5652 http://www.rfc-editor.org/rfc/rfc5652.txt).

Hopefully, generating the signature you are trying to get is really simple with the java crypto API:

public static byte[] signer(byte[] data, PrivateKey key) {
    Signature signer = Signature.getInstance("SHA256WithRSA", "BC");
    signer.initSign(key);
    signer.update(data);
    return signer.sign();
}
like image 177
Jcs Avatar answered Sep 02 '25 19:09

Jcs
Sign in to Comment

Related questions

how to hide the insert caret in a JTextField?
Prometheus monitoring for Apache Ignite via JMX
RestControllerAdvice not called with Spring Boot 2.3
How can I use an UUID as an @Id for my @Entity properly?
Subscribe / Iterate a List of Mono
What is Mapped Buffer Pool / Direct Buffer Pool and how to increase their size?
Formatting MonthDay using DateTimeFormatter.ofLocalizedDate [duplicate]
Converting docx into pdf in java
Basic Authentication for JAVA Application using OkHttp
How do we do a purge of the database in between junit tests
How to get string value from Onclick() to onSaveInstanceState() in Android Studio
Eclipse hangs when I use Content Assist
How to save output Log4j sends to STDOUT in a JUnit test?
Spring Data REST PUT Method Not Allowed
Changing enabled to required throws an error in gradle
Should I use singleton everytime I have a class that should have only 1 instance? [duplicate]
How can I set a filepath in java by using Environmental Variables from windows?
Java: JSONObject.toString() - adding extra space after colon (":" -> ": ")
Is there a DTLS implementation in JSSE
Installing Java OpenJDK with HomeBrew: why there are same versions of java on different locations?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!