我有以下代码要签名,我遇到的问题是要签名的数据是通过网络发送的,我需要在另一个函数上处理它,但我不确定它有什么类型的编码或哈希?
CMSSignedDataGenerator signGenerator = new CMSSignedDataGenerator();
X509Certificate userCert = (X509Certificate) this.certificateChain[0];
ContentSigner mySigner = new CustomSigner(invoke,String.valueOf(userCert.getSerialNumber()),sad);
signGenerator.addSignerInfoGenerator(
new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build())
.build(mySigner, userCert));
signGenerator.addCertificates(new JcaCertStore(Arrays.asList(certificateChain)));
CMSProcessableInputStream msg = new CMSProcessableInputStream(content);
CMSSignedData signedData = signGenerator.generate(msg, false);
return signedData.getEncoded();
充气城堡发送什么来签名?它是用什么编码的?我在另一边收到以下
MYGYMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIxMDMyMzE3MTA0NVowLQYJKoZIhvcNAQk0MSAwHjANBglghkgBZQMEAgEFAKENBgkqhkiG9w0BAQsFADAvBgkqhkiG9w0BCQQxIgQgpJ/2Sz3j0sp6iqVKmyednqFjZ87SYEYhScT0sSKtHPU=
正如Jim Garrison和dave_thompson_085在评论中所说,这是一个base64编码的签名属性DER结构,具有内容类型、签名时间、消息摘要和算法保护属性。这里是ASN.1的转储:
SET (4 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.3 contentType (PKCS #9)
SET (1 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.7.1 data (PKCS #7)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.5 signingTime (PKCS #9)
SET (1 elem)
UTCTime 2021-03-23 17:10:45 UTC
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.52 cmsAlgorithmProtection (RFC 6211)
SET (1 elem)
SEQUENCE (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 (NIST Algorithm)
NULL
[1] (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
NULL
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.4 messageDigest (PKCS #9)
SET (1 elem)
OCTET STRING (32 byte) A49FF64B3DE3D2CA7A8AA54A9B279D9EA16367CED260462149C4F4B122AD1CF5
根据算法保护属性,BouncyCastle希望您返回一个对该结构进行签名的SHA256withRSA签名值。
特别是,当您想知道它有什么类型的编码或哈希时,该结构的哈希仍然必须作为签名服务的一部分进行计算。