ESYAE-imza Kütüphaneleri

User Tools

Site Tools


en:esya:smartcard:pkcs7

Smartcard Signature

PKCS7 is one of the simplest form of signature. The class PKCS7Signature is responsible for the creation of PKCS7 signatures which can create both attached and detached signatures. The method signExternalContent creates a detached signature whereas signInternalContent creates an attached signature.

In the code segment below, the creation of a detached PKCS7 signature is demonstrated. The content can be extracted from an attached signature by using the method getContentInfo().getContentBytes(). The code is only valid for Java and .NET API does not support PKCS7 signature.

PKCS7Signature pkcsSignature = new PKCS7Signature();
ByteArrayOutputStream signature = new ByteArrayOutputStream();

SmartCard sc = new SmartCard(CardType.AKIS);
long [] slots = sc.getSlotList();
//sc.getSlotInfo(slots[0]).slotDescription;
long session = sc.openSession(slots[0]);
sc.login(session, "12345");

//Gets first certificate, it must be asked to user if it is more than one certificate.
byte [] certBytes = sc.getSignatureCertificates(session).get(0);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(certBytes));

BaseSigner signer = new SCSignerWithCertSerialNo(sc, session, slots[0]
                                                                    ,cert.getSerialNumber().toByteArray() 
                                                                    , Algorithms.SIGNATURE_RSA_SHA1);

ByteArrayInputStream bais = new ByteArrayInputStream(toBeSigned);
pkcsSignature.signExternalContent(bais, cert, signature, signer);

Assert.assertEquals(true, validate(new ByteArrayInputStream(signature.toByteArray()), cert));
PKCS7 p = new PKCS7(signature);
//validates the signature, not the person.
SignerInfo  [] signerInfo = p.verify(toBeSigned);
if(signerInfo == null)
	returnfalse;
else
{
	//Checks whether the expected person signed the data.
	return signerInfo[0].getCertificateSerialNumber().equals(cert.getSerialNumber()) == true;
}

en/esya/smartcard/pkcs7.txt · Son değiştirilme: 2013/09/12 08:48 Değiştiren: Dindar Öz