I'm new in crypto with Java and I have a simple question. I have JKS keystore with SHA1withRSA trusted private key and certificate and I need to generate PKCS#7 signature for SOAP message. I tried found some info about this and at the moment, I have this:
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(...);//load ks from ks path
//initiate signature(if I do it - Web-Service send me exception:Error while
//ASN.1-decoding PKCS#7 message
RSAPrivateKey = (RSAPrivateKey) ks.getKey(...);
Signature sign = Signature.getInstance("SHA1WithRSA);
sign.initSign(privatKey);
sign.update(data)//data - final byte[] data - method argument
byte[] bb = sign.sign();
BASE64Encoder enc = new BASE64Encoder();
return encoder.encode(bb);
Please, tell me, where my mistake? Maybe I skiped need classes and this code don't work as good, as I want. Thanks.
No, just generating a PKCS#1 signature is not enough.
PKCS#7 specifies the Cryptographic Message Syntax (CMS). This is a container format, not just a signature. You need an implementation of CMS to create such a signature. A well known library that contains an implementation of CMS is Bouncy Castle: