Wrox Programmer Forums
|
BOOK: Beginning Cryptography with Java
This is the forum to discuss the Wrox book Beginning Cryptography with Java by David Hook; ISBN: 9780764596339
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning Cryptography with Java section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old August 30th, 2007, 01:16 AM
Registered User
 
Join Date: Aug 2007
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default BouncyCastle & multiple signatures

Hello, everybody!
I have a signed document, in p7m format- the document & the signature in one single file. What I have to do in order to sign that document with another signature using BouncyCastle? The old signature must remain in the file and the new one should be added; my p7m file will have 2 signatures attached, so when I read with some program that allows me to view certificates, both certificates should be displayed.

Thank you very much!

 
Old August 30th, 2007, 01:31 AM
dgh dgh is offline
Wrox Author
 
Join Date: Aug 2005
Posts: 206
Thanks: 0
Thanked 20 Times in 20 Posts
Default

CMSSignedDataGenerator has an addSigners() method which allows you to add a SignerInformationStore containing signers generated by other parties. You can use this to use the generator to resign the document and use addSigners() to add the old signer objects as well. This will result in a CMSSignedData object with both signers present. You'll need to copy the other signers certificates across as well if you want them included.

Regards,

David

 
Old August 30th, 2007, 05:18 AM
Registered User
 
Join Date: Aug 2007
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

And how can I create a SignerInformationStore from my p7m file containing the old signers?

Maybe using getSignerInfos() method of the CMSSignedData ?


Thank you,
Alex
 
Old August 30th, 2007, 06:13 AM
dgh dgh is offline
Wrox Author
 
Join Date: Aug 2005
Posts: 206
Thanks: 0
Thanked 20 Times in 20 Posts
Default

Wrap it in a CMSSignedData object. There's a method on it for getting the signer information.

Regards,

David

 
Old August 31st, 2007, 07:29 AM
Registered User
 
Join Date: Aug 2007
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have the following method:

private static void addSigner(CertStore certs){
        //generate signer
        CMSSignedDataGenerator signGen = new CMSSignedDataGenerator();
        signGen.addSigner(pk3, certificate3, CMSSignedDataGenerator.DIGEST_SHA1);

        byte[] buffer=loadFile();

        //get data
        CMSSignedData signedData=null;
        try{
            signedData = new CMSSignedData(buffer);
        }catch(Exception exc){
            exc.printStackTrace();
        }

        if (signedData!=null){
            try{
                SignerInformationStore signers=signedData.getSignerInfos();
                CertStore existingCerts=signedData.getCertificatesAndCRLs("C ollection", "BC");
                X509Store x509Store=signedData.getAttributeCertificates("Col lection", "BC");

                //add new certs
                signGen.addCertificatesAndCRLs(certs);
                //add existing certs
                signGen.addCertificatesAndCRLs(existingCerts);
                //add existing certs attributes
                signGen.addAttributeCertificates(x509Store);
                //add existing signers
                signGen.addSigners(signers);

            }catch(Exception exc){
                exc.printStackTrace();
            }
            CMSProcessable content = new CMSProcessableByteArray(buffer);
            try{
                signedData = signGen.generate(content, true, "BC");
                byte[] signeddata = signedData.getEncoded();
                saveFile(signeddata, OUTPUT_FILENAME);
            }catch(Exception exc){
                exc.printStackTrace();
            }
        }
    }

The signed data, initially contains 2 signatures, both of them do verify just fine. The above code adds a third signature and works just fine. The problem is when I'm trying to verify the newly generated file, I get the following error:

org.bouncycastle.cms.CMSException: invalid signature format in message: content hash found in signed attributes different
    at org.bouncycastle.cms.SignerInformation.doVerify(Un known Source)
    at org.bouncycastle.cms.SignerInformation.verify(Unkn own Source)
    at main.BouncyCastleVerify.main(BouncyCastleVerify.ja va:135)

Here is my verification code:
//load signed file
            File f = new File(INPUT_FILENAME);
            byte[] buffer = new byte[(int)f.length()];
            DataInputStream in = new DataInputStream(new FileInputStream(f));
            in.readFully(buffer);
            in.close();

            CMSSignedData signature = new CMSSignedData(buffer);

            // batch verification
            CertStore certs = signature.getCertificatesAndCRLs("Collection", "BC");
              SignerInformationStore signers = signature.getSignerInfos();
              Collection c = signers.getSigners();
              Iterator it = c.iterator();

              int verified=0;
              while (it.hasNext())
              {
                  SignerInformation signer = (SignerInformation)it.next();
                  Collection certCollection = certs.getCertificates(signer.getSID());

                  Iterator certIt = certCollection.iterator();
                  X509Certificate cert = (X509Certificate)certIt.next();
                  System.out.println(verified);
                  if (signer.verify(cert.getPublicKey(),"BC"))
                  {
                      verified++;
                  }
              }
              System.out.println(verified);
 
Old August 31st, 2007, 07:51 AM
Registered User
 
Join Date: Aug 2007
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

problem solved

I was processing the wrong content

instead of CMSProcessable content = new CMSProcessableByteArray(buffer);

I should have had
CMSProcessable content= signedData.getSignedContent();

Thank you very much for your support,
Alex





Similar Threads
Thread Thread Starter Forum Replies Last Post
Digital Signatures harpua PHP How-To 1 August 29th, 2006 11:02 PM
send secure email using bouncycastle Reshma24 J2EE 0 August 19th, 2006 01:04 PM
BOUNCYCASTLE by keytool? kiw J2EE 0 May 1st, 2005 10:18 PM
multiple definitions with identical signatures Galina Crystal Reports 0 February 14th, 2004 05:39 PM
sql & join tables & find a field in multiple table trangd Beginning PHP 2 January 29th, 2004 07:18 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.