Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/366.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java PKCS#7加密_Java_Encryption_Cryptography_Pkcs#7 - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java PKCS#7加密

Java PKCS#7加密

java encryption cryptography

Java PKCS#7加密,java,encryption,cryptography,pkcs#7,Java,Encryption,Cryptography,Pkcs#7,使用java加密、签名、解密和验证签名需要遵循哪些步骤。 使用PKCS#7算法, java密钥存储的用途是什么?关于PKCS#7.步骤1使用keytool实用程序生成密钥。你会找到很好的教程 步骤2加载密钥库 import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.security.GeneralSecurity

使用java加密、签名、解密和验证签名需要遵循哪些步骤。 使用PKCS#7算法,
java密钥存储的用途是什么?关于PKCS#7.

步骤1使用keytool实用程序生成密钥。你会找到很好的教程

步骤2加载密钥库

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;

import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.SystemUtils;

public class MyKeystoreProvider {
  public KeyStore getKeystore(char[] password) throws GeneralSecurityException, IOException {
    KeyStore keystore = KeyStore.getInstance("jks");
    InputStream input = new FileInputStream(SystemUtils.USER_HOME + File.separator + ".keystore");
    try {
      keystore.load(input, password);
    } catch (IOException e) {
    } finally {
      IOUtils.closeQuietly(input);
    }
    return keystore;
  }
}
第3步下一步,假设您希望有一些代码对某些内容进行签名。假设您的内容是一组ASCII文本,可以表示为字节数组。因此,您将使用一些Bouncy Castle类来生成“CMS签名数据”:

  public byte[] sign(byte[] data) throws 
           GeneralSecurityException, CMSException, IOException {
      Security.addProvider(new BouncyCastleProvider());
      CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
      generator.addSigner(getPrivateKey(), (X509Certificate) getCertificate(),
          CMSSignedDataGenerator.DIGEST_SHA1);
      generator.addCertificatesAndCRLs(getCertStore());
      CMSProcessable content = new CMSProcessableByteArray(data);

      CMSSignedData signedData = generator.generate(content, true, "BC");
      return signedData.getEncoded();
    }

private CertStore getCertStore() throws GeneralSecurityException {
  ArrayList<Certificate> list = new ArrayList<Certificate>();
  Certificate[] certificates = getKeystore().getCertificateChain(this.alias);
  for (int i = 0, length = certificates == null ? 0 : certificates.length; i < length; i++) {
    list.add(certificates[i]);
  }
  return CertStore.getInstance("Collection", new CollectionCertStoreParameters(list), "BC");
}

private PrivateKey getPrivateKey() throws GeneralSecurityException {
  if (this.privateKey == null) {
     this.privateKey = initalizePrivateKey();
  }
  return this.privateKey;
}

private PrivateKey initalizePrivateKey() throws GeneralSecurityException {
   KeyStore keystore = new MyKeystoreProvider().getKeystore();
   return (PrivateKey) keystore.getKey(this.alias, getPasswordAsCharArray());
}

public byte[]符号(byte[]数据)抛出
GeneralSecurityException、CMSExException、IOException{
addProvider(新的BouncyCastleProvider());
CMSSignedDataGenerator生成器=新的CMSSignedDataGenerator();
generator.addSigner(getPrivateKey(),(X509Certificate)getCertificate(),
CMSSignedDataGenerator.DIGEST_SHA1);
generator.addCertificatesAndCRLs(getCertStore());
CMS可处理内容=新的CMS可处理字节数组(数据);
CMSSignedData signedData=generator.generate(content,true,“BC”);
返回signedData.getEncoded();
}
私有CertStore getCertStore()引发GeneralSecurityException{
ArrayList=新建ArrayList();
证书[]证书=getKeystore().getCertificateChain(this.alias);
for(int i=0,length=certificates==null?0:certificates.length;i
现在终于得到了原始的康坦特斯

CMSSignedData s = new CMSSignedData(signedBytes);
CertStore certs = s.getCertificatesAndCRLs("Collection", "BC");
SignerInformationStore signers = s.getSignerInfos();
boolean verified = false;

    for (Iterator i = signers.getSigners().iterator(); i.hasNext(); ) {
      SignerInformation signer = (SignerInformation) i.next();
      Collection<? extends Certificate> certCollection = certs.getCertificates(signer.getSID());
      if (!certCollection.isEmpty()) {
        X509Certificate cert = (X509Certificate) certCollection.iterator().next();
        if (signer.verify(cert.getPublicKey(), "BC")) {
          verified = true;
        }
      }
    }
    CMSProcessable signedContent = s.getSignedContent() ;
    byte[] originalContent  = (byte[]) signedContent.getContent();

CMSSignedData s=新的CMSSignedData(signedBytes);
CertStore certs=s.getCertificatesAndCRLs(“集合”、“BC”);
signerinformationstoresigners=s.getSignerInfos();
布尔验证=假;
for(迭代器i=signers.getSigners().Iterator();i.hasNext();){
SignerInformation signer=(SignerInformation)i.next();

收集步骤1使用keytool实用程序生成密钥。您将找到很好的教程

步骤2加载密钥库


import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;

import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.SystemUtils;

public class MyKeystoreProvider {
  public KeyStore getKeystore(char[] password) throws GeneralSecurityException, IOException {
    KeyStore keystore = KeyStore.getInstance("jks");
    InputStream input = new FileInputStream(SystemUtils.USER_HOME + File.separator + ".keystore");
    try {
      keystore.load(input, password);
    } catch (IOException e) {
    } finally {
      IOUtils.closeQuietly(input);
    }
    return keystore;
  }
}


第3步接下来,假设您想要一些代码对某些内容进行签名。假设您的内容是一组ASCII文本,可以表示为字节数组。因此,您将使用一些Bouncy Castle类生成“CMS签名数据”:


  public byte[] sign(byte[] data) throws 
           GeneralSecurityException, CMSException, IOException {
      Security.addProvider(new BouncyCastleProvider());
      CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
      generator.addSigner(getPrivateKey(), (X509Certificate) getCertificate(),
          CMSSignedDataGenerator.DIGEST_SHA1);
      generator.addCertificatesAndCRLs(getCertStore());
      CMSProcessable content = new CMSProcessableByteArray(data);

      CMSSignedData signedData = generator.generate(content, true, "BC");
      return signedData.getEncoded();
    }

private CertStore getCertStore() throws GeneralSecurityException {
  ArrayList<Certificate> list = new ArrayList<Certificate>();
  Certificate[] certificates = getKeystore().getCertificateChain(this.alias);
  for (int i = 0, length = certificates == null ? 0 : certificates.length; i < length; i++) {
    list.add(certificates[i]);
  }
  return CertStore.getInstance("Collection", new CollectionCertStoreParameters(list), "BC");
}

private PrivateKey getPrivateKey() throws GeneralSecurityException {
  if (this.privateKey == null) {
     this.privateKey = initalizePrivateKey();
  }
  return this.privateKey;
}

private PrivateKey initalizePrivateKey() throws GeneralSecurityException {
   KeyStore keystore = new MyKeystoreProvider().getKeystore();
   return (PrivateKey) keystore.getKey(this.alias, getPasswordAsCharArray());
}



public byte[]符号(byte[]数据)抛出
GeneralSecurityException、CMSExException、IOException{
addProvider(新的BouncyCastleProvider());
CMSSignedDataGenerator生成器=新的CMSSignedDataGenerator();
generator.addSigner(getPrivateKey(),(X509Certificate)getCertificate(),
CMSSignedDataGenerator.DIGEST_SHA1);
generator.addCertificatesAndCRLs(getCertStore());
CMS可处理内容=新的CMS可处理字节数组(数据);
CMSSignedData signedData=generator.generate(content,true,“BC”);
返回signedData.getEncoded();
}
私有CertStore getCertStore()引发GeneralSecurityException{
ArrayList=新建ArrayList();
证书[]证书=getKeystore().getCertificateChain(this.alias);
for(int i=0,length=certificates==null?0:certificates.length;i

现在终于得到了原始的康坦特斯


CMSSignedData s = new CMSSignedData(signedBytes);
CertStore certs = s.getCertificatesAndCRLs("Collection", "BC");
SignerInformationStore signers = s.getSignerInfos();
boolean verified = false;

    for (Iterator i = signers.getSigners().iterator(); i.hasNext(); ) {
      SignerInformation signer = (SignerInformation) i.next();
      Collection<? extends Certificate> certCollection = certs.getCertificates(signer.getSID());
      if (!certCollection.isEmpty()) {
        X509Certificate cert = (X509Certificate) certCollection.iterator().next();
        if (signer.verify(cert.getPublicKey(), "BC")) {
          verified = true;
        }
      }
    }
    CMSProcessable signedContent = s.getSignedContent() ;
    byte[] originalContent  = (byte[]) signedContent.getContent();



CMSSignedData s=新的CMSSignedData(signedBytes);
CertStore certs=s.getCertificatesAndCRLs(“集合”、“BC”);
signerinformationstoresigners=s.getSignerInfos();
布尔验证=假;
for(迭代器i=signers.getSigners().Iterator();i.hasNext();){
SignerInformation signer=(SignerInformation)i.next();

收集感谢步骤3中的Vipul
generator.addSigner(getPrivateKey(),(X509Certificate)getCertificate(),CMSSignedDataGenerator.DIGEST_SHA1);
什么是getCertificate()它是如何工作的?如果你可以参考bouncycastle PKCS。他们有很好的文档。我有一个关于P7的简单问题:pkcs7是否用于未加密的消息?我的意思是,有可能不加密就将简单消息转换为pkcs7格式吗?谢谢步骤3中的Vipul
generator.addSigner(getPrivateKey(),(X509Certificate)getCertificate(),cmssignedatagenerator.DIGEST_SHA1);
什么是getCertificate()它是如何工作的?如果你可以参考bouncycastle PKCS。他们有很好的文档。我有一个关于P7的简单问题:pkcs7是否用于未加密的消息?我的意思是,是否可以在不加密的情况下将简单消息转换为pkcs7格式?