java - Digital Signature SunMSCAPI provider & MS Crypto API -
i want sign file sunmscapi
provider. public key , signatures needs imported using ms crypto api.
generally generating signatures sha1withrsa
, ends big-endian little-endian (byte order) conversion.
//generate keystore java keytool $keytool -genkey -alias tsign -keystore c:\test\tsignjks.p12 - keyalg rsa -storetype pkcs12
in java application:
//for signing , getting keystore, assuming windows certificate installed ..ks = keystore.getinstance("windows-my","sunmscapi"); privatekey priv = ks.getkey("tsign",password); signature rsa = signature.getinstance("sha1withrsa","sunmscapi"); rsa.initsign(priv); .. rsa.update(buffer, 0, len); .. byte[] realsig = rsa.sign(); //for writing public key ms crypto api or exporting windows certificate store certificate cert = ks.getcertificate("tsign"); byte[] encodedcert = cert.getencoded(); fileoutputstream certfos = new fileoutputstream("tsigncer.cer"); certfos.write(encodedcert); //for writing signatures ms crypto api fileoutputstream sigfos = new fileoutputstream(targetpath + "/" + signaturename); sigfos.write(realsig);
i believe sunmscapi
can resolve problem, don't know when import public key using ms crypto api, never import @ at first stage (unless change big endian little endian byte order) below code crypto api.
lpcstr file = "tsigncer.cer"; //lpcstr file = "omsign.p12"; bool crypt_res = false; hcryptprov crypt_prov_hndl = null; crypt_res = cryptacquirecontext(&crypt_prov_hndl, null, null, prov_rsa_full, 0/*crypt_newkeyset*/); //crypt_res = cryptacquirecontext(&crypt_prov_hndl, null, null, prov_dss, crypt_verifycontext/*crypt_newkeyset*/); if (!crypt_res) { hresult decode_hr = __hresult_from_win32(getlasterror()); return decode_hr; } // load key file handle filehandle = createfile(file, // name of write generic_read, // open writing 0, // not share null, // default security open_existing, // create new file file_attribute_normal, // normal file null); // no attr. template if (filehandle == invalid_handle_value) { dword d = getlasterror(); return -1; } byte buffer[2056]; dword filesize = 0; dword filesizeresult = getfilesize(filehandle, &filesize); dword numbytesread = 0; bool fileloadresult = readfile(filehandle, (pvoid)buffer, filesizeresult, &numbytesread, null); // import key bool result = importkey(crypt_prov_hndl, (lpbyte)buffer, numbytesread); //result false..
if work mscapi, assumed you've added key microsoft certificate store. can check if key present going "internet properties" > "content" > "certificates" gives list of certificates available. if certificate isn't there, can't use it. if it's there, need code:
sunmscapi providermscapi = new sunmscapi(); security.addprovider(providermscapi); keystore ks = keystore.getinstance("windows-my"); ks.load(null, null);
from there on, code pretty standard. please consult my book on digital signatures more info (the book free).
important addition: forgot mention sunmscapi isn't present in 64-bit version of java 6 (i don't know java 7). can fix installing 32-bit version.
Comments
Post a Comment