I haven't seen any examples on the internet for this so as far as I know this is the first time someone is trying this in Java which I find hard to believe.
I'm just trying to work with the .pem, .p12 and .cer files I've been given to generate a signature file for my manifest.json. Here is what I have, which gives me an InvalidKeyException version mismatch: (supported: 00, parsed: 03
See the comment in the code below where the error is happening. I've viewed a few examples in another languages of how people are doing this with openssl but there must be a Java equivalent??
File pemFile = new File("AWWdevCert.pem");
File passCer = new File("pass.cer");
File passP12 = new File("pass.p12");
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
KeySpec ks = new PKCS8EncodedKeySpec(FileUtils.readFileToByteArray(passP12));
PrivateKey privKey = keyFactory.generatePrivate(ks); // ERROR HERE
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
InputStream in = new ByteArrayInputStream(FileUtils.readFileToByteArray(passCer));
X509Certificate passCert = (X509Certificate)certFactory.generateCertificate(in); //don't know what to do with this
File inputFile = new File("WebContent/WEB-INF/Lowes.raw/manifest.json");
FileInputStream freader = null;
int sizecontent = ((int) inputFile.length());
byte[] contentbytes = new byte[sizecontent];
freader = new FileInputStream(inputFile);
System.out.println("\nContent Bytes: " + freader.read(contentbytes, 0, sizecontent));
freader.close();
Signature signature = Signature.getInstance("Sha1WithRSA");
signature.initSign(privKey);
signature.update(contentbytes);
byte[] signedData = signature.sign();
//create signature file
File signatureFile = new File(passDirectory.getAbsolutePath()+File.separator+"signature");
Check this jpasskit project on github
You can also generate signature by using only native sun.security package. Here is an example in Scala (can be easily rewritten for Java)
import java.security.cert.X509Certificate
import java.security.{MessageDigest, PrivateKey, Signature}
import java.util.Date
import sun.security.pkcs._
import sun.security.util.DerOutputStream
import sun.security.x509.{AlgorithmId, X500Name}
object PKPassSigner {
def sign(
signingCert: X509Certificate,
privateKey: PrivateKey,
intermediateCert: X509Certificate,
dataToSing: Array[Byte]
): Array[Byte] = {
val digestAlgorithmId = new AlgorithmId(AlgorithmId.SHA_oid)
val md = MessageDigest.getInstance(digestAlgorithmId.getName)
val attributes = new PKCS9Attributes(Array(
new PKCS9Attribute(PKCS9Attribute.SIGNING_TIME_OID, new Date()),
new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(dataToSign)),
new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID)
))
val signature = Signature.getInstance("Sha1WithRSA")
signature.initSign(privateKey)
signature.update(attributes.getDerEncoding)
val signedData = signature.sign()
val signerInfo = new SignerInfo(
X500Name.asX500Name(signingCert.getIssuerX500Principal),
signingCert.getSerialNumber,
digestAlgorithmId,
attributes,
AlgorithmId.get(privateKey.getAlgorithm),
signedData,
null
)
val p7 = new PKCS7(
Array(digestAlgorithmId),
new ContentInfo(ContentInfo.DATA_OID, null),
Array(signingCert, intermediateCert),
Array(signerInfo)
)
val out = new DerOutputStream()
p7.encodeSignedData(out)
out.flush()
val res = out.toByteArray
out.close()
res
}
}
Related
tldr:
Is there a way to create CMS Enveloped Data when i have already encrypted content with AES and secret key which is already encrypted with public key?
Long version:
I have an application which encrypts and decrypts data with AES (CBC and GCM mode). Symetric key is encrypted/decrypted with RSA key pairs. When user requests for data we decrypt it in backend (Java) and send it to the browser
Usually we have public key and private key but there is requirement that in some cases we dont have private key and the decryption should take place in browser (user provides PFX with privatkey). The solution for this is PKI.js which can decrypt data using PFX and CMS Enveloped Data.
The problem is that we already encrypted the data and dont have access to plain data which we can use to build CMS Enveloped Data.
Edit:
#dave_thompson_085 thank you for reply! I have an follow-up question. I dont hold certificates in system so only thing i have is public key. Is there a way to adjust your code to this requirement?
Before your answer i was encrypting data for second time just for CMS Enveloped Object. In this code i used only public key for generating reciepents. Is there a way to adjust your code to generate reciepent with public key only?
My previous code:
SubjectKeyIdentifier subjectKeyIdentifier = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey);
JcaAlgorithmParametersConverter paramsConverter = new JcaAlgorithmParametersConverter();
OAEPParameterSpec oaepSpec = new OAEPParameterSpec(digest, "MGF1", new MGF1ParameterSpec(mgfDigest), PSource.PSpecified.DEFAULT);
AlgorithmIdentifier oaepAlgId = paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, oaepSpec);
RecipientInfoGenerator recipientInfoGenerator = new JceKeyTransRecipientInfoGenerator(subjectKeyIdentifier.getEncoded(),oaepAlgId,publicKey).setProvider("BC");
envelopedDataGenerator.addRecipientInfoGenerator(recipientInfoGenerator);
And what about Hashing Algorithm? Do i need one or it is only additional protection to ensure that CMS Enveloped Object didnt changed?
FWIW you can use BouncyCastle only to do the DER formatting (plus set the versions, a minor convenience), plus PEM if you want that (also a minor convenience), after you do all the rest of the work yourself. Example:
import java.io.*;
import java.security.*;
import java.security.cert.*;
import java.security.spec.*;
import java.util.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import org.bouncycastle.asn1.*;
import org.bouncycastle.asn1.cms.*;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
// sample data and encryption, replace as needed
byte[] input = "testdata".getBytes();
X509Certificate cert = null;
try(InputStream is = new FileInputStream(args[0])){
cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
}
byte[] skey = new byte[16], snonce = new byte[16];
SecureRandom rand = new SecureRandom(); rand.nextBytes(skey); rand.nextBytes(snonce);
Cipher aes = Cipher.getInstance("AES/CBC/PKCS5Padding");
aes.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(skey,"AES"), new IvParameterSpec(snonce));
byte[] ctx1 = aes.doFinal(input);
Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsa.init(Cipher.ENCRYPT_MODE, cert.getPublicKey());
byte[] ctx2 = rsa.doFinal(skey);
// now build the message
byte[] issuer = cert.getIssuerX500Principal().getEncoded();
ASN1Set recips = new DERSet( new KeyTransRecipientInfo(
new RecipientIdentifier(
new IssuerAndSerialNumber(X500Name.getInstance(issuer),cert.getSerialNumber() )),
new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption),
new DEROctetString(ctx2) ));
EnvelopedData env = new EnvelopedData (null/*no originfo*/, recips,
new EncryptedContentInfo(CMSObjectIdentifiers.data,
new AlgorithmIdentifier(NISTObjectIdentifiers.id_aes128_CBC,
new DEROctetString(snonce) ),
new DEROctetString(ctx1) ),
new DERSet() /*no attributes*/ );
ContentInfo msg = new ContentInfo(CMSObjectIdentifiers.envelopedData, env);
try(OutputStream os = new FileOutputStream(args[1]) ){
os.write(msg.getEncoded());
}
// or use PemWriter (and a PemObject) if you want PEM
Ok, i figured out how to adjust code to fit my needs so i can share.
Generating recipients:
public RecipientInfo generateRecipientInfo(){
try{
SubjectKeyIdentifier subjectKeyIdentifier = new JcaX509ExtensionUtils().createSubjectKeyIdentifier(publicKey);
RecipientIdentifier recipId = new RecipientIdentifier(new DEROctetString(subjectKeyIdentifier));
return new RecipientInfo(new KeyTransRecipientInfo(recipId, getOAEPAlgorithmIdentifier(),
new DEROctetString(encryptedOaepKey)));
}catch(Exception e){
return null;
}
}
AlgorithIdentifier for RSA-OAEP:
private AlgorithmIdentifier getOAEPAlgorithmIdentifier(){
try{
String digest = "SHA-1";
String mgfDigest = "SHA-1";
JcaAlgorithmParametersConverter paramsConverter = new JcaAlgorithmParametersConverter();
OAEPParameterSpec oaepSpec = new OAEPParameterSpec(digest, "MGF1", new MGF1ParameterSpec(mgfDigest), PSource.PSpecified.DEFAULT);
AlgorithmIdentifier oaepAlgId = paramsConverter.getAlgorithmIdentifier(PKCSObjectIdentifiers.id_RSAES_OAEP, oaepSpec);
return oaepAlgId;
}catch (Exception e){
return null;
}
}
AlgorithmIdentifier for AES CBC (or GCM as well after changing CMSAlgorithm.*)
public AlgorithmIdentifier getAlgorithmIdentifier() {
try{
AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("AES","BC");
algorithmParameters.init(new IvParameterSpec(new byte[keyLength/8]));
return new AlgorithmIdentifier(CMSAlgorithm.AES128_CBC, AlgorithmParametersUtils.extractParameters(algorithmParameters));
}catch (Exception e){
return null;
}
}
And finally generating CMS Enveloped Object:
public CMSEnvelopedData generate() throws CMSException {
ASN1EncodableVector recipientInfos = new ASN1EncodableVector();
AlgorithmIdentifier encAlgId = aesCryptography.getAlgorithmIdentifier();;
ASN1OctetString encContent = new BEROctetString(encryptedContent);;
recipientInfos.add(generateRecipientInfo());
EncryptedContentInfo eci = new EncryptedContentInfo(
CMSObjectIdentifiers.data,
encAlgId,
encContent);
ContentInfo contentInfo = new ContentInfo(
CMSObjectIdentifiers.envelopedData,
new EnvelopedData(null, new DERSet(recipientInfos), eci, (ASN1Set)null));
return new CMSEnvelopedData(contentInfo);
}
I have file creation process in which we create a signature using RSAPKCS1Signature class for signing & validating in c#.
Now we are moving to Java, we are using the same algorithm used in c# but it's not validating the same file in java which is created in c#.
I have attached the sample code using. Please suggest need full.
Thanks..!
C#:
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
byte[] Hash = {59,4,248,102,77,97,142,201,210,12,224,93,25,41,100,197,213,134,130,135};
RSAPKCS1SignatureFormatter RSAFormatter = new RSAPKCS1SignatureFormatter(RSA);
RSAFormatter.SetHashAlgorithm("SHA1");
byte[] SignedHash = RSAFormatter.CreateSignature(Hash);
RSAPKCS1SignatureDeformatter RSADeformatter = new
RSAPKCS1SignatureDeformatter(RSA);
RSADeformatter.SetHashAlgorithm("SHA1");
Console.WriteLine(RSADeformatter.VerifySignature(Hash, SignedHash));
Java:
KeyStore ex = KeyStore.getInstance("JKS");
ex.load("c://sample.jks", "password");
PrivateKey privateKey = (PrivateKey) ex.getKey("1", "password");
Signature signature = Signature.getInstance("SHA1WithRSA");
signature.initSign(privateKey);
String line = null;
while ((line = reader.readLine()) != null) {
signature.update(line.getBytes());
}
signature.sign();
I have a pkcs7 file, and I want to load it and extract its contents.
I tried these two methods:
byte[] bytes = Files.readAllBytes(Paths.get("myfile.p7b"));
FileInputStream fi = new FileInputStream(file);
//Creating PKCS7 object
PKCS7 pkcs7Signature = new PKCS7(bytes);
or this
FileInputStream fis = new FileInputStream(new File("myfile.p7b"));
PKCS7 pkcs7Signature = new PKCS7(fis);
but I got IOException: Sequence tag error
So how can I load this .p7b file ?
Finally I did it with BouncyCastle library.
PKCS#7 is a complex format, also called CMS. Sun JCE has no direct support to PKCS#7.
This is the code that I used to extract my content:
// Loading the file first
File f = new File("myFile.p7b");
byte[] buffer = new byte[(int) f.length()];
DataInputStream in = new DataInputStream(new FileInputStream(f));
in.readFully(buffer);
in.close();
//Corresponding class of signed_data is CMSSignedData
CMSSignedData signature = new CMSSignedData(buffer);
Store cs = signature.getCertificates();
SignerInformationStore signers = signature.getSignerInfos();
Collection c = signers.getSigners();
Iterator it = c.iterator();
//the following array will contain the content of xml document
byte[] data = null;
while (it.hasNext()) {
SignerInformation signer = (SignerInformation) it.next();
Collection certCollection = cs.getMatches(signer.getSID());
Iterator certIt = certCollection.iterator();
X509CertificateHolder cert = (X509CertificateHolder) certIt.next();
CMSProcessable sc = signature.getSignedContent();
data = (byte[]) sc.getContent();
}
If you want to verify the signature of this PKCS7 file against X509 certificate, you must add the following code to the while loop:
// ************************************************************* //
// ********************* Verify signature ********************** //
//get CA public key
// Create a X509 certificat
CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509");
// Open the certificate file
FileInputStream fileinputstream = new FileInputStream("myCA.cert");
//get CA public key
PublicKey pk = certificatefactory.generateCertificate(fileinputstream).getPublicKey();
X509Certificate myCA = new JcaX509CertificateConverter().setProvider("BC").getCertificate(cert);
myCA.verify(pk);
System.out.println("Verfication done successfully ");
I have been trying to serialize the object PKCS10CertificationRequest for a while now. I figured the right way to do it is to create an ASN1Primitive class, send it over the network, then deserialize it. However, there seems to be only serialization into ASN1, but there seems to be no deserialization from ASN1, and I don't want to manually parse and reconstruct the Request. What should I do? My code so far is
Security.addProvider(new BouncyCastleProvider());
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "SC");
kpg.initialize(1024);
KeyPair kp = kpg.genKeyPair();
System.out.println("Private: " + kp.getPrivate());
System.out.println("Public: " + kp.getPublic());
X500NameBuilder x500NameBld = new X500NameBuilder(BCStyle.INSTANCE);
x500NameBld.addRDN(BCStyle.C, "AU");
x500NameBld.addRDN(BCStyle.O, "The Legion of the Bouncy Castle");
x500NameBld.addRDN(BCStyle.L, "Melbourne");
x500NameBld.addRDN(BCStyle.ST, "Victoria");
x500NameBld.addRDN(BCStyle.EmailAddress, "feedback-crypto#bouncycastle.org");
X500Name subject = x500NameBld.build();
PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, kp.getPublic());
PKCS10CertificationRequest req1 = requestBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider("SC").build(
kp.getPrivate()));
JcaPKCS10CertificationRequest req2 = new JcaPKCS10CertificationRequest(req1.getEncoded()).setProvider("SC");
//serialization
ByteArrayOutputStream abOut = new ByteArrayOutputStream();
ASN1OutputStream berOut = new ASN1OutputStream(abOut);
berOut.writeObject(req2.toASN1Structure());
byte[] serializedData = abOut.toByteArray();
ASN1Primitive asn1Primitive = ASN1Primitive.fromByteArray(serializedData);
System.out.println("");
System.out.println("" + asn1Primitive.toString());
And the output is
[[0, [[[2.5.4.6, AU]], [[2.5.4.10, The Legion of the Bouncy Castle]], [[2.5.4.7, Melbourne]], [[2.5.4.8, Victoria]], [[1.2.840.113549.1.9.1, feedback-crypto#bouncycastle.org]]], [[1.2.840.113549.1.1.1, NULL], #03818D0030818902818100A...
I don't want to parse this manually. What should I do instead?
Forget about ASN1, it is a mess, and there seems to be no automatic deserialization. However, you can use the JcaPEMWriter and PEMParser classes in BouncyCastle to create a String object to serialize or deserialize the data, and send it over the network.
StringWriter sw = new StringWriter();
JcaPEMWriter pemWriter = new JcaPEMWriter(sw);
pemWriter.writeObject(req2);
pemWriter.close();
PEMParser pemParser = null;
try
{
pemParser = new PEMParser(new StringReader(sw.toString()));
Object parsedObj = pemParser.readObject();
System.out.println("PemParser returned: " + parsedObj);
if (parsedObj instanceof PKCS10CertificationRequest)
{
JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest = new JcaPKCS10CertificationRequest((PKCS10CertificationRequest)parsedObj);
System.out.println("" + jcaPKCS10CertificationRequest.getPublicKey());
}
}
catch (IOException ex)
{
ex.printStackTrace();
}
finally
{
if (pemParser != null)
{
pemParser.close();
}
}
EDIT: Although if someone really needs to get elements out of ASN1Encodable object (like an RDN of X500Name, apparently you need the IETFUtils class as per https://stackoverflow.com/a/5527171/2413303 .
I have a PDF file and I use this code to sign this file:
certificate = (X509Certificate) loadKeyStore(certificateFile, password).getCertificate(alias);
privateKey = (PrivateKey) loadKeyStore(certificateFile, password).getKey(alias, alias.toCharArray());
Security.addProvider(new BouncyCastleProvider());
BufferedInputStream inFile = new BufferedInputStream(new FileInputStream(origem));
byte[] dates = new byte[inFile.available()];
entrada.read(dates);
entrada.close();
CMSSignedDataGenerator genetateSign = new CMSSignedDataGenerator();
geradorAss.addSigner(privateKey, certificate, CMSSignedDataGenerator.DIGEST_SHA1);
List certList = new ArrayList();
certList.add(certificate);
CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList));
geradorAss.addCertificatesAndCRLs(certs);
// Efetivamente assinar os dados de entrada
CMSProcessable content = new CMSProcessableByteArray(dates);
String providerName;
if (ks.getType().equalsIgnoreCase("JKS")) {
providerName = BouncyCastleProvider.PROVIDER_NAME;
} else {
providerName = ks.getProvider().getName();
}
CMSSignedData signedDate = genetateSign.generate(content, providerName);
signedDate = new CMSSignedData(content, signedDate.getEncoded());
File f = Converter.converter("signedFile.pdf", signedDate.getEncoded());
But, the file f no open on reader. When I get the file f and run this code:
CMSSignedData data = new CMSSignedData(new FileInputStream(f));
Occur this error:
org.bouncycastle.cms.CMSException: Malformed content.
Someone can help me?
Summarizing:
I need to generate the final file after signing. For example, I have a test.pdf file, I want to sign and generate test_signed.pdf file. And this test_signed.pdf file must have the signature and should still be readable in your reader.
I'm waiting...
PDF has an embedded signature inside the document, while CMS is signature itself. To extract and verify signature from PDF use iText library. Here is an example.