如何使用充气城堡将证书重新打包为pkcs＃7证书？ [英] How do I repackage certificates into pkcs #7 certificate using bouncy castle?

问题描述

我具有根，中间和最终实体证书，并且我想使用弹性城堡将其打包为pkcs＃7格式。
我该怎么办？

I have root, intermediate and end entity certificates and, I want to package it in pkcs # 7 format using bouncy castle. How can I do it?

推荐答案

首先，您必须阅读有关PKCS＃7的最新RFC。 / CMS。请单击此 RFC链接以阅读。

At the very first, you have to read latest RFC on PKCS#7/CMS. Please click on this RFC Link to read.

现在要实现您的目标，请使用bouncycastle。您需要生成 CMSSignedData数据。为此，您需要准备私钥和证书链。在这里，我要假设，您已经有这些。现在，准备 CMSProcessableByteArray 。

Now to fulfill your objective, use bouncycastle. You need to generate CMSSignedData data. For that, you need to prepare private key and Certificate chain. Here, I am going to assume, you already have those. Now prepare CMSProcessableByteArray.

CMSProcessableByteArray msg = new CMSProcessableByteArray("Hello World".getBytes());

现在，使用证书列表准备商店。

Now, prepare the store with the List of certificates.

Store certs = new JcaCertStore(certList);

然后声明 CMSSignedDataGenerator 并添加signerInfo和证书。

Then declare CMSSignedDataGenerator and add signerInfo and certificates.

CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(......));
gen.addCertificates(certs);

然后使用CMSSignedDataGenerator和CMSProcessableByteArray生成CMSSignedData。

Then generate CMSSignedData with CMSSignedDataGenerator and CMSProcessableByteArray.

CMSSignedData cmsData = gen.generate(msg, true);

最后写入CMSSignedData的字节数组（ cmsSignedData.getEncoded（） ）扩展到.p7b文件的位置。打开文件以查看证书链。

Finally write the the byte array of the CMSSignedData (cmsSignedData.getEncoded()) to a location with .p7b file extension. Open the file to see the certificate chain.

这篇关于如何使用充气城堡将证书重新打包为pkcs＃7证书？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！