我使用的是Java 1.6和Bouncy Castle的库bcmail-jdk-15-140.jar和bcprov-jdk15-140.jar。 我创建了一个加密和签名的消息,但是当检查该符号时,抛出异常。 具体来说,我的消息的签名是以这种方式创建的;
Security.addProvider(new BouncyCastleProvider());
byte[] bytes = message.getBytes();
FileInputStream fis = new FileInputStream(senderKeyStoreFileLocation);
KeyStore ks = KeyStore.getInstance("pkcs12","BC");
ks.load(fis, keyStorePass);
PrivateKey pKey = (PrivateKey)ks.getKey(senderAlias, keyStorePass);
X509Certificate cert = (X509Certificate)ks.getCertificate(senderAlias);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSigner(pKey, cert, CMSSignedDataGenerator.DIGEST_SHA1);
Certificate[] certChain = ks.getCertificateChain(senderAlias);
CertStore certs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(certChain)), "BC");
gen.addCertificatesAndCRLs(certs);
CMSProcessable content = new CMSProcessableByteArray(bytes);
CMSSignedData s = gen.generate(CMSSignedDataGenerator.DATA,content,false,"BC",true);
byte[] b = toDERObject(s.getEncoded()).getDEREncoded();
String sign = new String(Base64.encodeBase64(b, true));
验证如下:
KeyStore ks = KeyStore.getInstance("pkcs12", "BC");
ks.load(new FileInputStream(recipientKeyStoreFileLocation), keyStorePass);
EncryptionUtils cryptoUtils = EncryptionManager.getEncryptionUtils(EncryptionManager.SMIME);
Boolean verified = Boolean.FALSE;
Certificate senderCert = ks.getCertificate(recipientAlias);
MimeMessage m = new MimeMessage(encryptedSignedMsg);
Boolean verified = cryptoUtils.checkSignature(m, senderCert.getPublicKey());
例外是:
Exception in thread "main" javax.mail.MessagingException: org.bouncycastle.cms.CMSException:
invalid signature format in message: content hash found in signed attributes different
at net.suberic.crypto.bouncycastle.SMIMEEncryptionUtils.checkSignature(SMIMEEncryptionUtils.java:383)
at net.suberic.crypto.bouncycastle.SMIMEEncryptionUtils.checkSignature(SMIMEEncryptionUtils.java:320)
我无法弄清楚如何修复它。我做错了什么?