Java 将CMS签名写入可读文件
我生成了一个Java 将CMS签名写入可读文件,java,arrays,cryptography,digital-signature,Java,Arrays,Cryptography,Digital Signature,我生成了一个CMSSignedData对象,我想将其以人类可读的格式保存到文件中 我现在明白了: saveSigToFile(CMSSignedData sigData) throws Exception { FileOutputStream out = new FileOutputStream(new File(getFileName() + _sig)); try (ASN1InputStream asn1 = new ASN1InputStream(sigD
CMSSignedDatasaveSigToFile(CMSSignedData sigData) throws Exception {
FileOutputStream out = new FileOutputStream(new File(getFileName() + _sig));
try (ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded())) {
DEROutputStream dos = new DEROutputStream(out);
dos.writeObject(asn1.readObject());
dos.flush();
dos.close();
asn1.close();
}
}
但是在哪里可以告诉函数将其写入文件“test.sig”?您可能正在寻找PEM。PEM由页眉行、页脚行和中间的base64编码组成。base64编码提供了ASCII保护,这意味着签名可以放入文本消息中。PEM是OpenSSL命令行的默认格式。但我还是不认为它是人类可读的
在Bouncy Castle中,您可以使用将ASN.1对象转换为PEM:
ContentInfo cmsSignedDataAsASN1 = cmsSignedData.toASN1Structure();
try (JcaPEMWriter writer = new JcaPEMWriter(new FileWriter("test.sig"))) {
writer.writeObject(cmsSignedDataAsASN1);
}
——开始PKCS7-----
Miagcsqgsib3dqehaqcamiacaqexczajbgurdgmgguamiagcsqgsib3dqehaqa
oIAwggH0MIIBPaADAgECAgYBXE94NwwwDQYJKoZIhvcNAQELBQAwEzERMA8GA1UE
AWWIB3DSC3RLYWQWHHCNMTCWNTI4MTQSMTM3WHCNMTGWNTI4MTQSMTM3WJATMREW
Dwydvqddahvd2xzdgvhzdcbvzanbgkqhkig9w0baqefaaobrqawgakcgaehwem
22+JOG8JVDLXFE7DABQVCPKLUI5F9BRXAXWKZMW43OfGT9YULITWD0D/r1o0AJ
I6HP8P82Q6MUJ5GM3NG44G1PTOWEYVxMRZ8LKNIDUYEU1PHZKHVAWTF0ZIYWL
3CXoXNGX34pmwOG6W0e8leGsX6D/LZN9y7dvT0V/RUfTUvaHKteHBOO4rYHw6jQ4
+FR4NSKATCYOHUKTGQIDAQABOXMWETAPBGNVHRMBAF8EBTADAKH/MA0GCSqGSIb3
DQEBCWUA4GHAD2UCR5GBWX9SGHZPZ1ODZYNJKPMGWFTNACMLNI6UI69EM5DX+wm
A6UOTHUFS3BAWWEN6HP0VKAQW6YVFJKAGRSPG17BZKBIITUICUJOWYG5NTP0+Nj
0RhXJTiCa12QbcTXi2CVOJ4Khx7SWNV+Yb3dMxmbUYG98ZQRmY6QS+Mp9wVQLyYg
Ue86uN0IpvWc2I3BZIc3wpH4p4yCRLYwqskAADGB4jCB3wIBATAdMBMxETAPBgNV
BAMCG93BHN0ZWFKAGYBXE94NWWWCQYFKW4DAHOFADANBGKQHKIG9W0BAQEFAAASB
oEbWQTz6j4yjWB3jTkXRxSuFjex613RtRiZOSFTpqpEOAZe0oaLwuFmE9M+Wyke2
JXYWB99Y6DH1RJKW3BXXYHPGM1ID7TN3M4EGNMWOPHJWLXiYN9/QTUWSKpOHC
awXV7M+XifVGeB88G6Chatc3n3gvo6zv+6WSIQXUVIEUBJ/9i/lXpg19ngxxT1OB
6Sanlyvjiclih6KQusrrrbsaaaaaaaaaaa=
-----完PKCS7-----
如果您想查看内容,您可以使用
openssl asn1parse-在“test.sig”中通知DER-或openssl asn1parse-在“test.sig”中使用
结果如下:
0:d=0 hl=2 l=inf cons: SEQUENCE
2:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
13:d=1 hl=2 l=inf cons: cont [ 0 ]
15:d=2 hl=2 l=inf cons: SEQUENCE
17:d=3 hl=2 l= 1 prim: INTEGER :01
20:d=3 hl=2 l= 11 cons: SET
22:d=4 hl=2 l= 9 cons: SEQUENCE
24:d=5 hl=2 l= 5 prim: OBJECT :sha1
31:d=5 hl=2 l= 0 prim: NULL
33:d=3 hl=2 l=inf cons: SEQUENCE
35:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
46:d=4 hl=2 l= 0 prim: EOC
48:d=3 hl=2 l=inf cons: cont [ 0 ]
50:d=4 hl=4 l= 500 cons: SEQUENCE
54:d=5 hl=4 l= 317 cons: SEQUENCE
58:d=6 hl=2 l= 3 cons: cont [ 0 ]
60:d=7 hl=2 l= 1 prim: INTEGER :02
63:d=6 hl=2 l= 6 prim: INTEGER :015C4F78370C
71:d=6 hl=2 l= 13 cons: SEQUENCE
73:d=7 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
84:d=7 hl=2 l= 0 prim: NULL
86:d=6 hl=2 l= 19 cons: SEQUENCE
88:d=7 hl=2 l= 17 cons: SET
90:d=8 hl=2 l= 15 cons: SEQUENCE
92:d=9 hl=2 l= 3 prim: OBJECT :commonName
97:d=9 hl=2 l= 8 prim: UTF8STRING :owlstead
107:d=6 hl=2 l= 30 cons: SEQUENCE
109:d=7 hl=2 l= 13 prim: UTCTIME :170528143137Z
124:d=7 hl=2 l= 13 prim: UTCTIME :180528143137Z
139:d=6 hl=2 l= 19 cons: SEQUENCE
141:d=7 hl=2 l= 17 cons: SET
143:d=8 hl=2 l= 15 cons: SEQUENCE
145:d=9 hl=2 l= 3 prim: OBJECT :commonName
150:d=9 hl=2 l= 8 prim: UTF8STRING :owlstead
160:d=6 hl=3 l= 191 cons: SEQUENCE
163:d=7 hl=2 l= 13 cons: SEQUENCE
165:d=8 hl=2 l= 9 prim: OBJECT :rsaEncryption
176:d=8 hl=2 l= 0 prim: NULL
178:d=7 hl=3 l= 173 prim: BIT STRING
354:d=6 hl=2 l= 19 cons: cont [ 3 ]
356:d=7 hl=2 l= 17 cons: SEQUENCE
358:d=8 hl=2 l= 15 cons: SEQUENCE
360:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
365:d=9 hl=2 l= 1 prim: BOOLEAN :255
368:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF
375:d=5 hl=2 l= 13 cons: SEQUENCE
377:d=6 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
388:d=6 hl=2 l= 0 prim: NULL
390:d=5 hl=3 l= 161 prim: BIT STRING
554:d=4 hl=2 l= 0 prim: EOC
556:d=3 hl=3 l= 226 cons: SET
559:d=4 hl=3 l= 223 cons: SEQUENCE
562:d=5 hl=2 l= 1 prim: INTEGER :01
565:d=5 hl=2 l= 29 cons: SEQUENCE
567:d=6 hl=2 l= 19 cons: SEQUENCE
569:d=7 hl=2 l= 17 cons: SET
571:d=8 hl=2 l= 15 cons: SEQUENCE
573:d=9 hl=2 l= 3 prim: OBJECT :commonName
578:d=9 hl=2 l= 8 prim: UTF8STRING :owlstead
588:d=6 hl=2 l= 6 prim: INTEGER :015C4F78370C
596:d=5 hl=2 l= 9 cons: SEQUENCE
598:d=6 hl=2 l= 5 prim: OBJECT :sha1
605:d=6 hl=2 l= 0 prim: NULL
607:d=5 hl=2 l= 13 cons: SEQUENCE
609:d=6 hl=2 l= 9 prim: OBJECT :rsaEncryption
620:d=6 hl=2 l= 0 prim: NULL
622:d=5 hl=3 l= 160 prim: OCTET STRING [HEX DUMP]:46D6413CFA8F8CA3581DE34E45D1C52B858DEC7AD7746D46264E4854E9AA910E0197B4A1A2F0B85984F4CF96CA47B6257CB007DF72E9D1F5AC98CA5B76D75F21E980CD4877B4E7DCCE217A09E6C0E3E18F095721837DFD04D4C1290AA6885C6B05D5ECCF9789F546781F3C1BA0A16AD7379F782FA3ACEFFBA5AC8AA5D45442146E3FFD8BF957A60D7D9E0C714F5381EAC6A72D854989C2C887A92A512451441B
785:d=3 hl=2 l= 0 prim: EOC
787:d=2 hl=2 l= 0 prim: EOC
789:d=1 hl=2 l= 0 prim: EOC
我想这是人类可读的(但不要只这样存储,因为计算机无法读取最后一种格式)。您可能正在寻找PEM。PEM由页眉行、页脚行和中间的base64编码组成。base64编码提供了ASCII保护,这意味着签名可以放入文本消息中。PEM是OpenSSL命令行的默认格式。但我还是不认为它是人类可读的
在Bouncy Castle中,您可以使用将ASN.1对象转换为PEM:
ContentInfo cmsSignedDataAsASN1 = cmsSignedData.toASN1Structure();
try (JcaPEMWriter writer = new JcaPEMWriter(new FileWriter("test.sig"))) {
writer.writeObject(cmsSignedDataAsASN1);
}
这将产生与以下类似的结果:
——开始PKCS7-----
Miagcsqgsib3dqehaqcamiacaqexczajbgurdgmgguamiagcsqgsib3dqehaqa
oIAwggH0MIIBPaADAgECAgYBXE94NwwwDQYJKoZIhvcNAQELBQAwEzERMA8GA1UE
AWWIB3DSC3RLYWQWHHCNMTCWNTI4MTQSMTM3WHCNMTGWNTI4MTQSMTM3WJATMREW
Dwydvqddahvd2xzdgvhzdcbvzanbgkqhkig9w0baqefaaobrqawgakcgaehwem
22+JOG8JVDLXFE7DABQVCPKLUI5F9BRXAXWKZMW43OfGT9YULITWD0D/r1o0AJ
I6HP8P82Q6MUJ5GM3NG44G1PTOWEYVxMRZ8LKNIDUYEU1PHZKHVAWTF0ZIYWL
3CXoXNGX34pmwOG6W0e8leGsX6D/LZN9y7dvT0V/RUfTUvaHKteHBOO4rYHw6jQ4
+FR4NSKATCYOHUKTGQIDAQABOXMWETAPBGNVHRMBAF8EBTADAKH/MA0GCSqGSIb3
DQEBCWUA4GHAD2UCR5GBWX9SGHZPZ1ODZYNJKPMGWFTNACMLNI6UI69EM5DX+wm
A6UOTHUFS3BAWWEN6HP0VKAQW6YVFJKAGRSPG17BZKBIITUICUJOWYG5NTP0+Nj
0RhXJTiCa12QbcTXi2CVOJ4Khx7SWNV+Yb3dMxmbUYG98ZQRmY6QS+Mp9wVQLyYg
Ue86uN0IpvWc2I3BZIc3wpH4p4yCRLYwqskAADGB4jCB3wIBATAdMBMxETAPBgNV
BAMCG93BHN0ZWFKAGYBXE94NWWWCQYFKW4DAHOFADANBGKQHKIG9W0BAQEFAAASB
oEbWQTz6j4yjWB3jTkXRxSuFjex613RtRiZOSFTpqpEOAZe0oaLwuFmE9M+Wyke2
JXYWB99Y6DH1RJKW3BXXYHPGM1ID7TN3M4EGNMWOPHJWLXiYN9/QTUWSKpOHC
awXV7M+XifVGeB88G6Chatc3n3gvo6zv+6WSIQXUVIEUBJ/9i/lXpg19ngxxT1OB
6Sanlyvjiclih6KQusrrrbsaaaaaaaaaaa=
-----完PKCS7-----
如果您想查看内容,您可以使用openssl asn1parse-在“test.sig”中通知DER-或openssl asn1parse-在“test.sig”中使用
结果如下:
0:d=0 hl=2 l=inf cons: SEQUENCE
2:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
13:d=1 hl=2 l=inf cons: cont [ 0 ]
15:d=2 hl=2 l=inf cons: SEQUENCE
17:d=3 hl=2 l= 1 prim: INTEGER :01
20:d=3 hl=2 l= 11 cons: SET
22:d=4 hl=2 l= 9 cons: SEQUENCE
24:d=5 hl=2 l= 5 prim: OBJECT :sha1
31:d=5 hl=2 l= 0 prim: NULL
33:d=3 hl=2 l=inf cons: SEQUENCE
35:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
46:d=4 hl=2 l= 0 prim: EOC
48:d=3 hl=2 l=inf cons: cont [ 0 ]
50:d=4 hl=4 l= 500 cons: SEQUENCE
54:d=5 hl=4 l= 317 cons: SEQUENCE
58:d=6 hl=2 l= 3 cons: cont [ 0 ]
60:d=7 hl=2 l= 1 prim: INTEGER :02
63:d=6 hl=2 l= 6 prim: INTEGER :015C4F78370C
71:d=6 hl=2 l= 13 cons: SEQUENCE
73:d=7 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
84:d=7 hl=2 l= 0 prim: NULL
86:d=6 hl=2 l= 19 cons: SEQUENCE
88:d=7 hl=2 l= 17 cons: SET
90:d=8 hl=2 l= 15 cons: SEQUENCE
92:d=9 hl=2 l= 3 prim: OBJECT :commonName
97:d=9 hl=2 l= 8 prim: UTF8STRING :owlstead
107:d=6 hl=2 l= 30 cons: SEQUENCE
109:d=7 hl=2 l= 13 prim: UTCTIME :170528143137Z
124:d=7 hl=2 l= 13 prim: UTCTIME :180528143137Z
139:d=6 hl=2 l= 19 cons: SEQUENCE
141:d=7 hl=2 l= 17 cons: SET
143:d=8 hl=2 l= 15 cons: SEQUENCE
145:d=9 hl=2 l= 3 prim: OBJECT :commonName
150:d=9 hl=2 l= 8 prim: UTF8STRING :owlstead
160:d=6 hl=3 l= 191 cons: SEQUENCE
163:d=7 hl=2 l= 13 cons: SEQUENCE
165:d=8 hl=2 l= 9 prim: OBJECT :rsaEncryption
176:d=8 hl=2 l= 0 prim: NULL
178:d=7 hl=3 l= 173 prim: BIT STRING
354:d=6 hl=2 l= 19 cons: cont [ 3 ]
356:d=7 hl=2 l= 17 cons: SEQUENCE
358:d=8 hl=2 l= 15 cons: SEQUENCE
360:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
365:d=9 hl=2 l= 1 prim: BOOLEAN :255
368:d=9 hl=2 l= 5 prim: OCTET STRING [HEX DUMP]:30030101FF
375:d=5 hl=2 l= 13 cons: SEQUENCE
377:d=6 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
388:d=6 hl=2 l= 0 prim: NULL
390:d=5 hl=3 l= 161 prim: BIT STRING
554:d=4 hl=2 l= 0 prim: EOC
556:d=3 hl=3 l= 226 cons: SET
559:d=4 hl=3 l= 223 cons: SEQUENCE
562:d=5 hl=2 l= 1 prim: INTEGER :01
565:d=5 hl=2 l= 29 cons: SEQUENCE
567:d=6 hl=2 l= 19 cons: SEQUENCE
569:d=7 hl=2 l= 17 cons: SET
571:d=8 hl=2 l= 15 cons: SEQUENCE
573:d=9 hl=2 l= 3 prim: OBJECT :commonName
578:d=9 hl=2 l= 8 prim: UTF8STRING :owlstead
588:d=6 hl=2 l= 6 prim: INTEGER :015C4F78370C
596:d=5 hl=2 l= 9 cons: SEQUENCE
598:d=6 hl=2 l= 5 prim: OBJECT :sha1
605:d=6 hl=2 l= 0 prim: NULL
607:d=5 hl=2 l= 13 cons: SEQUENCE
609:d=6 hl=2 l= 9 prim: OBJECT :rsaEncryption
620:d=6 hl=2 l= 0 prim: NULL
622:d=5 hl=3 l= 160 prim: OCTET STRING [HEX DUMP]:46D6413CFA8F8CA3581DE34E45D1C52B858DEC7AD7746D46264E4854E9AA910E0197B4A1A2F0B85984F4CF96CA47B6257CB007DF72E9D1F5AC98CA5B76D75F21E980CD4877B4E7DCCE217A09E6C0E3E18F095721837DFD04D4C1290AA6885C6B05D5ECCF9789F546781F3C1BA0A16AD7379F782FA3ACEFFBA5AC8AA5D45442146E3FFD8BF957A60D7D9E0C714F5381EAC6A72D854989C2C887A92A512451441B
785:d=3 hl=2 l= 0 prim: EOC
787:d=2 hl=2 l= 0 prim: EOC
789:d=1 hl=2 l= 0 prim: EOC
我想这是人类可读的(但不要像这样存储,因为计算机无法读取最后一种格式)。使用FileOutputStream而不是ByteArrayoutPutStream来读取文件,但它的格式不好。看起来很奇怪。你知道如何正确格式化吗?二进制文件的“正确方式”是什么?我指的是签名的正确方式。请注意,我没有看到这个问题,因为1。标签不见了,有2个。是用于方法签名,您应该使用。使用FileOutputStream而不是ByteArrayoutPutStream来读取文件,但它的格式不好。看起来很奇怪。你知道如何正确格式化吗?二进制文件的“正确方式”是什么?我指的是签名的正确方式。请注意,我没有看到这个问题,因为1。标签不见了,有2个。对于方法签名,您应该使用。