java - Digital Signature SunMSCAPI provider & MS Crypto API -


i want sign file sunmscapi provider. public key , signatures needs imported using ms crypto api.

generally generating signatures sha1withrsa, ends big-endian little-endian (byte order) conversion.

//generate keystore java keytool $keytool -genkey -alias tsign -keystore c:\test\tsignjks.p12 - keyalg rsa -storetype  pkcs12 

in java application:

//for signing , getting keystore, assuming windows certificate installed ..ks = keystore.getinstance("windows-my","sunmscapi");  privatekey priv = ks.getkey("tsign",password);  signature rsa = signature.getinstance("sha1withrsa","sunmscapi");  rsa.initsign(priv); ..  rsa.update(buffer, 0, len); .. byte[] realsig = rsa.sign();  //for writing public key ms crypto api or exporting windows certificate store certificate cert = ks.getcertificate("tsign"); byte[] encodedcert = cert.getencoded(); fileoutputstream certfos = new fileoutputstream("tsigncer.cer"); certfos.write(encodedcert);  //for writing signatures ms crypto api fileoutputstream sigfos = new fileoutputstream(targetpath + "/"                 + signaturename); sigfos.write(realsig); 

i believe sunmscapi can resolve problem, don't know when import public key using ms crypto api, never import @ at first stage (unless change big endian little endian byte order) below code crypto api.

lpcstr file = "tsigncer.cer"; //lpcstr file = "omsign.p12"; bool crypt_res = false;  hcryptprov crypt_prov_hndl = null;  crypt_res = cryptacquirecontext(&crypt_prov_hndl, null, null, prov_rsa_full, 0/*crypt_newkeyset*/); //crypt_res = cryptacquirecontext(&crypt_prov_hndl, null, null, prov_dss, crypt_verifycontext/*crypt_newkeyset*/);      if (!crypt_res) {         hresult decode_hr = __hresult_from_win32(getlasterror());         return decode_hr;     }      // load key file     handle filehandle = createfile(file, // name of write                        generic_read,          // open writing                        0,                      // not share                        null,                   // default security                        open_existing,             // create new file                        file_attribute_normal,  // normal file                        null);                  // no attr. template      if (filehandle == invalid_handle_value)     {         dword d = getlasterror();         return -1;     }      byte buffer[2056];     dword filesize = 0;     dword filesizeresult = getfilesize(filehandle, &filesize);      dword numbytesread = 0;     bool fileloadresult = readfile(filehandle, (pvoid)buffer, filesizeresult, &numbytesread, null);      // import key     bool result = importkey(crypt_prov_hndl, (lpbyte)buffer, numbytesread); //result false.. 

if work mscapi, assumed you've added key microsoft certificate store. can check if key present going "internet properties" > "content" > "certificates" gives list of certificates available. if certificate isn't there, can't use it. if it's there, need code:

sunmscapi providermscapi = new sunmscapi(); security.addprovider(providermscapi); keystore ks = keystore.getinstance("windows-my"); ks.load(null, null); 

from there on, code pretty standard. please consult my book on digital signatures more info (the book free).

important addition: forgot mention sunmscapi isn't present in 64-bit version of java 6 (i don't know java 7). can fix installing 32-bit version.


Comments

Popular posts from this blog

monitor web browser programmatically in Android? -

Shrink a YouTube video to responsive width -

wpf - PdfWriter.GetInstance throws System.NullReferenceException -