如何使用充气城堡将证书重新打包为pkcs#7证书? [英] How do I repackage certificates into pkcs #7 certificate using bouncy castle?
问题描述
我具有根,中间和最终实体证书,并且我想使用弹性城堡将其打包为pkcs#7格式。
我该怎么办?
I have root, intermediate and end entity certificates and, I want to package it in pkcs # 7 format using bouncy castle. How can I do it?
推荐答案
首先,您必须阅读有关PKCS#7的最新RFC。 / CMS。请单击此 RFC链接以阅读。
At the very first, you have to read latest RFC on PKCS#7/CMS. Please click on this RFC Link to read.
现在要实现您的目标,请使用bouncycastle。您需要生成 CMSSignedData数据。为此,您需要准备私钥和证书链。在这里,我要假设,您已经有这些。现在,准备 CMSProcessableByteArray 。
Now to fulfill your objective, use bouncycastle. You need to generate CMSSignedData data. For that, you need to prepare private key and Certificate chain. Here, I am going to assume, you already have those. Now prepare CMSProcessableByteArray.
CMSProcessableByteArray msg = new CMSProcessableByteArray("Hello World".getBytes());
现在,使用证书列表准备商店。
Now, prepare the store with the List of certificates.
Store certs = new JcaCertStore(certList);
然后声明 CMSSignedDataGenerator 并添加signerInfo和证书。
Then declare CMSSignedDataGenerator and add signerInfo and certificates.
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(......));
gen.addCertificates(certs);
然后使用CMSSignedDataGenerator和CMSProcessableByteArray生成CMSSignedData。
Then generate CMSSignedData with CMSSignedDataGenerator and CMSProcessableByteArray.
CMSSignedData cmsData = gen.generate(msg, true);
最后写入CMSSignedData的字节数组( cmsSignedData.getEncoded()
)扩展到.p7b文件的位置。打开文件以查看证书链。
Finally write the the byte array of the CMSSignedData (cmsSignedData.getEncoded()
) to a location with .p7b file extension. Open the file to see the certificate chain.
这篇关于如何使用充气城堡将证书重新打包为pkcs#7证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!