This week's book giveaway is in the Agile and Other Processes forum.
We're giving away four copies of Real-World Software Development: A Project-Driven Guide to Fundamentals in Java and have Dr. Raoul-Gabriel Urma & Richard Warburton on-line!
See this thread for details.
Win a copy of Real-World Software Development: A Project-Driven Guide to Fundamentals in Java this week in the Agile and Other Processes forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Liutauras Vilda
  • Knute Snortum
  • Bear Bibeault
Sheriffs:
  • Devaka Cooray
  • Jeanne Boyarsky
  • Junilu Lacar
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • salvin francis
Bartenders:
  • Tim Holloway
  • Piet Souris
  • Frits Walraven

Decrypting pkcs#7 by certificate

 
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I'm working on project which collect data from some government portal.

To obatain valid data I had to make rerequest containing some exact xml data.
The xml data had also to contain public key of my certificate. The the portal then encrypts  
the returned data. With the the returned data I am expected to do the following:

1. Decode the xml element data from Base64 to array of bytes
- I did it. I got some binary data. I even see the "PostSignum Public CA 4" among the bytes.

2. Decrypt it according to CMS/PKCS #7 standard

3. Decompress it in gzip format

I am not able to do the second part. I googled all over, bud didnt't find anything working.
I know, how to get the certificate, the private key, the alias, but at this point my knowledge ends.

Would somebody be so kind and provide some working example, regarding decrypting pkcs#7 standard ?

Thanks.
 
Jiri Nejedly
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I finally googled the solution using the BouncyCastle library



But one question regarding the above code remains, the collection 'recipients' in my case has 2 items.
First fetched (next) KeyTransRecipientInformation ends with exception
org.bouncycastle.cms.CMSException: exception unwrapping key: bad padding: Decryption error
When I fetch the second, the decryptedData are finally ok.
Can I somehow find out which recipient is the right one, before I invoke the exception ?

Thanks, JN




 
Rancher
Posts: 144
9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
https://tools.ietf.org/html/rfc2315 should help
 
Jiri Nejedly
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, but it will be tough to understand it all... I rather learn by examples

But I have just one more question - above i wrote, that I am building some xml containing public key (base64) of my certificate. Something such as


And how am I getting the data for this tag? So far manually.
I found the certificate among other personal ones in Chrome browser.
Exported it into file, without private key, X.509, coding Base-64 (CER).
Then opened the exported file in the text editor, removed '-----BEGIN CERTIFICATE-----'
and '----END CERTIFICATE-----''and the rest put into XML

This all I need to repeat by java code. I think it will be easy,
but the examples are scarce.

Thanks.

 
Kristina Hansen
Rancher
Posts: 144
9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
CMS is defined by the linked RFC - if you want to know how it works and what may cause the issue you have to dive into the protocol spec - if you don't want to bother with the protocol then I doubt you're able to fix the issue yourself
about the other question: have a look at BouncyCastle - java itself can't handle those kind of files itself pretty well
 
Jiri Nejedly
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I finally googled the solution (BouncyCastle library). The JcaPEMWriter class did the trick.  

 
I am a man of mystery. Mostly because of this tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!