Cascading / chaining CMSEnvelopedDataStreamGenerato
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
Cascading / chaining CMSEnvelopedDataStreamGenerato |
||||||||||
|
|
Re: Cascading / chaining CMSEnvelopedDataStreamGenerato |
||||||||||
|
|
Ang. Re: Cascading / chaining CMSEnvelopedDataStreamGenerato |
| David Hook <dgh@...>
2008-09-27 11:47 |
|
Here's an example that does signing on compressed data, not quite the
same but the principal, at least as far as the API goes, is the same:
OutputStream bOut = ....
CMSSignedDataStreamGenerator gen = new
CMSSignedDataStreamGenerator();
gen.addSigner(_origKP.getPrivate(), _origCert,
CMSSignedDataStreamGenerator.DIGEST_SHA1, "BC");
gen.addCertificatesAndCRLs(certsAndCrls);
OutputStream sigOut = gen.open(bOut);
CMSCompressedDataStreamGenerator cGen = new
CMSCompressedDataStreamGenerator();
OutputStream cOut = cGen.open(sigOut,
CMSCompressedDataStreamGenerator.ZLIB);
cOut.write(TEST_MESSAGE.getBytes());
cOut.close();
sigOut.close();
The main thing to note is that the enclosed message has to be closed off
before the outer most message is.
Regards,
David
On Fri, 2008-09-26 at 13:45 +0200, Leo.Erlandsson@... wrote:
>
> Hi,
>
> I am using BC mail 1.40 trying to chain or cascade the OutputStreams
> from CMSEnvelopedDataStreamGenerator,CMSCompressedDataStreamGenerator
> and CMSSignedDataStreamGenerator to be able to get an OutputStream
> that does signing, compression and encryption in one go in a stream
> (to be able to handle large files efficiently, in one processing
> step).
>
> What I am trying to do is this
>
> OutputStream plainTextStream......
> OutputStream signedCompressedAndEnvelopedStream =
> encrypt(compress(sign(plainTextStream)));
>
>
> I have three methods to handle this:
>
> /**
> * Compress an output stream using CMS ZLIB.
> * @param uncompressed Uncompressed Stream
> * @return Compressed stream.
> **/
> private OutputStream compress(OutputStream uncompressed) throws
> IOException {
>
> CMSCompressedDataStreamGenerator gen = new
> CMSCompressedDataStreamGenerator();
> streamCloser.add(uncompressed);
> return gen.open(uncompressed,
> CMSCompressedDataStreamGenerator.ZLIB);
>
> }
>
> /**
> * Encrypt Stream using the given Certificate and given algorithm
> * @param unencrypted Unencrypted Stream.
> * @return Encrypted Stream
> **/
> private OutputStream encrypt(OutputStream unencrypted) throws
> NoSuchAlgorithmException,
> NoSuchProviderException, CMSException, IOException {
>
> CMSEnvelopedDataStreamGenerator edGen = new
> CMSEnvelopedDataStreamGenerator();
> edGen.addKeyTransRecipient(partnerCertificate);
> return edGen.open(unencrypted, encryptionAlgorithm,
> Utils.BOUNCYCASTLE_PROVIDER_NAME);
>
> }
>
>
> /**
> * Sign an output Stream
> * @param unsigned Unsigned Stream
> * @return Signed stream.
> **/
> private OutputStream sign(OutputStream unsigned) throws
> NoSuchAlgorithmException,
> NoSuchProviderException,
> InvalidKeyException, IOException, Exception {
> CMSSignedDataStreamGenerator gen = new
> CMSSignedDataStreamGenerator();
>
> gen.addSigner(privateKey, ourCertificate,
> CMSSignedDataStreamGenerator.DIGEST_SHA1,
> Utils.BOUNCYCASTLE_PROVIDER_NAME);
> return gen.open(unsigned,true);
> }
>
>
> But I get only "garbage" data that is invalid when I chain or cascade
> two or more operations (signing, compression, enveloping). I have
> tried to manually close the streams created in order, but that does
> not help.
>
>
> Thanks!
>
> Regards,
> Leo
Re: Ang. Re: Cascading / chaining CMSEnvelopedDataStreamGenerato
by David Hook-2
::
Rate this Message:
Is the format of the file a binary ASN.1 BER encoded blob? It might be
easier to get the code working with ByteArrayInput/OutputStream first in
order to isolate any transfer problems.
Regards,
David
On Mon, 2008-09-29 at 11:00 +0200, Leo.Erlandsson@... wrote:
>
> Hi,
>
> Thanks! I am now able to generate the compress and encrypted data in
> one go (by closing all the streams in the correct order). The
> generated data looks ok (I haven't analyzed it further though...)
>
> However, I get this Exception when trying to verify the signature on
> the generated file:
>
> CMSSignedDataParser parser = new CMSSignedDataParser(new
> FileInputStream("C:\\Users\\Leo\\Desktop\\david.txt"));
> InputStream in = parser.getSignedContent().getContentStream(); <----
>
>
> Exception in thread "main" java.lang.ClassCastException:
> org.bouncycastle.asn1.BERSequenceParser
> at org.bouncycastle.asn1.cms.ContentInfoParser.<init>(Unknown
> Source)
> at
> org.bouncycastle.asn1.cms.SignedDataParser.getEncapContentInfo(Unknown
> Source)
> at org.bouncycastle.cms.CMSSignedDataParser.<init>(Unknown
> Source)
> at org.bouncycastle.cms.CMSSignedDataParser.<init>(Unknown
> Source)
>
> I have also tried it the other way around with decompression first
> (although I feel that the verification should come first):
>
> CMSCompressedDataParser parser = new CMSCompressedDataParser(new
> FileInputStream("C:\\Users\\Leo\\Desktop\\david.txt"));
> InputStream in = parser.getContent().getContentStream(); <--------
>
> which results in a
>
> Exception in thread "main" java.lang.IllegalArgumentException: unknown
> object in factory: org.bouncycastle.asn1.DERSet
> at
> org.bouncycastle.asn1.x509.AlgorithmIdentifier.getInstance(Unknown
> Source)
> at
> org.bouncycastle.asn1.cms.CompressedDataParser.<init>(Unknown Source)
> at
> org.bouncycastle.cms.CMSCompressedDataParser.getContent(Unknown
> Source)
>
> I may be missing something obvious here, but I just can't see it...
>
> Regards,
> Leo
>
>
>
> David Hook <dgh@...>
>
> 2008-09-27 11:47
>
>
> Till
> Leo.Erlandsson@...
> Kopia
> dev-crypto@...
> Ärende
> Re: [dev-crypto]
> Cascading /
> chaining
> CMSEnvelopedDataStreamGenerator,CMSCompressedDataStreamGenerator and CMSSignedDataStreamGenerator
>
>
>
>
>
>
>
>
>
> Here's an example that does signing on compressed data, not quite the
> same but the principal, at least as far as the API goes, is the same:
>
> OutputStream bOut = ....
>
> CMSSignedDataStreamGenerator gen = new
> CMSSignedDataStreamGenerator();
>
> gen.addSigner(_origKP.getPrivate(), _origCert,
> CMSSignedDataStreamGenerator.DIGEST_SHA1, "BC");
>
> gen.addCertificatesAndCRLs(certsAndCrls);
>
> OutputStream sigOut = gen.open(bOut);
>
> CMSCompressedDataStreamGenerator cGen = new
> CMSCompressedDataStreamGenerator();
>
> OutputStream cOut = cGen.open(sigOut,
> CMSCompressedDataStreamGenerator.ZLIB);
>
> cOut.write(TEST_MESSAGE.getBytes());
>
> cOut.close();
>
> sigOut.close();
>
>
> The main thing to note is that the enclosed message has to be closed
> off
> before the outer most message is.
>
> Regards,
>
> David
>
> On Fri, 2008-09-26 at 13:45 +0200, Leo.Erlandsson@... wrote:
> >
> > Hi,
> >
> > I am using BC mail 1.40 trying to chain or cascade the OutputStreams
> > from
> CMSEnvelopedDataStreamGenerator,CMSCompressedDataStreamGenerator
> > and CMSSignedDataStreamGenerator to be able to get an OutputStream
> > that does signing, compression and encryption in one go in a stream
> > (to be able to handle large files efficiently, in one processing
> > step).
> >
> > What I am trying to do is this
> >
> > OutputStream plainTextStream......
> > OutputStream signedCompressedAndEnvelopedStream =
> > encrypt(compress(sign(plainTextStream)));
> >
> >
> > I have three methods to handle this:
> >
> > /**
> > * Compress an output stream using CMS ZLIB.
> > * @param uncompressed Uncompressed Stream
> > * @return Compressed stream.
> > **/
> > private OutputStream compress(OutputStream uncompressed) throws
> > IOException {
> >
> > CMSCompressedDataStreamGenerator gen = new
> > CMSCompressedDataStreamGenerator();
> > streamCloser.add(uncompressed);
> > return gen.open(uncompressed,
> > CMSCompressedDataStreamGenerator.ZLIB);
> >
> > }
> >
> > /**
> > * Encrypt Stream using the given Certificate and given
> algorithm
> > * @param unencrypted Unencrypted Stream.
> > * @return Encrypted Stream
> > **/
> > private OutputStream encrypt(OutputStream unencrypted) throws
> > NoSuchAlgorithmException,
> > NoSuchProviderException, CMSException, IOException {
> >
> > CMSEnvelopedDataStreamGenerator edGen = new
> > CMSEnvelopedDataStreamGenerator();
> > edGen.addKeyTransRecipient(partnerCertificate);
> > return edGen.open(unencrypted, encryptionAlgorithm,
> > Utils.BOUNCYCASTLE_PROVIDER_NAME);
> >
> > }
> >
> >
> > /**
> > * Sign an output Stream
> > * @param unsigned Unsigned Stream
> > * @return Signed stream.
> > **/
> > private OutputStream sign(OutputStream unsigned) throws
> > NoSuchAlgorithmException,
> > NoSuchProviderException,
> > InvalidKeyException, IOException, Exception {
> > CMSSignedDataStreamGenerator gen = new
> > CMSSignedDataStreamGenerator();
> >
> > gen.addSigner(privateKey, ourCertificate,
> > CMSSignedDataStreamGenerator.DIGEST_SHA1,
> > Utils.BOUNCYCASTLE_PROVIDER_NAME);
> > return gen.open(unsigned,true);
> > }
> >
> >
> > But I get only "garbage" data that is invalid when I chain or
> cascade
> > two or more operations (signing, compression, enveloping). I have
> > tried to manually close the streams created in order, but that does
> > not help.
> >
> >
> > Thanks!
> >
> > Regards,
> > Leo
>
>
>
>
Ang. Re: Ang. Re: Cascading / chaining CMSEnvelopedDataStreamGenerato
by Leo Erlandsson
::
Rate this Message:
Hi,
Thank you. I actually solved the problem yesterday. Indeed, I was still closing the streams in the incorrect order, which resulted in an invalid ASN.1 BER encoded blob. It works like a charm now!
Regards,
Leo
Med vänlig hälsning / Sincerely yours
Leo Erlandsson
Tyringekonsult AB
Phone: +46-(0)451- 594 54
Email: leo.erlandsson@...
Website: www.tyringe.com
| David Hook <dgh@...>
2008-09-30 00:09 |
|
Is the format of the file a binary ASN.1 BER encoded blob? It might be
easier to get the code working with ByteArrayInput/OutputStream first in
order to isolate any transfer problems.
Regards,
David
On Mon, 2008-09-29 at 11:00 +0200, Leo.Erlandsson@... wrote:
>
> Hi,
>
> Thanks! I am now able to generate the compress and encrypted data in
> one go (by closing all the streams in the correct order). The
> generated data looks ok (I haven't analyzed it further though...)
>
> However, I get this Exception when trying to verify the signature on
> the generated file:
>
> CMSSignedDataParser parser = new CMSSignedDataParser(new
> FileInputStream("C:\\Users\\Leo\\Desktop\\david.txt"));
> InputStream in = parser.getSignedContent().getContentStream(); <----
>
>
> Exception in thread "main" java.lang.ClassCastException:
> org.bouncycastle.asn1.BERSequenceParser
> at org.bouncycastle.asn1.cms.ContentInfoParser.<init>(Unknown
> Source)
> at
> org.bouncycastle.asn1.cms.SignedDataParser.getEncapContentInfo(Unknown
> Source)
> at org.bouncycastle.cms.CMSSignedDataParser.<init>(Unknown
> Source)
> at org.bouncycastle.cms.CMSSignedDataParser.<init>(Unknown
> Source)
>
> I have also tried it the other way around with decompression first
> (although I feel that the verification should come first):
>
> CMSCompressedDataParser parser = new CMSCompressedDataParser(new
> FileInputStream("C:\\Users\\Leo\\Desktop\\david.txt"));
> InputStream in = parser.getContent().getContentStream(); <--------
>
> which results in a
>
> Exception in thread "main" java.lang.IllegalArgumentException: unknown
> object in factory: org.bouncycastle.asn1.DERSet
> at
> org.bouncycastle.asn1.x509.AlgorithmIdentifier.getInstance(Unknown
> Source)
> at
> org.bouncycastle.asn1.cms.CompressedDataParser.<init>(Unknown Source)
> at
> org.bouncycastle.cms.CMSCompressedDataParser.getContent(Unknown
> Source)
>
> I may be missing something obvious here, but I just can't see it...
>
> Regards,
> Leo
>
>
>
> David Hook <dgh@...>
>
> 2008-09-27 11:47
>
>
> Till
> Leo.Erlandsson@...
> Kopia
> dev-crypto@...
> Ärende
> Re: [dev-crypto]
> Cascading /
> chaining
> CMSEnvelopedDataStreamGenerator,CMSCompressedDataStreamGenerator and CMSSignedDataStreamGenerator
>
>
>
>
>
>
>
>
>
> Here's an example that does signing on compressed data, not quite the
> same but the principal, at least as far as the API goes, is the same:
>
> OutputStream bOut = ....
>
> CMSSignedDataStreamGenerator gen = new
> CMSSignedDataStreamGenerator();
>
> gen.addSigner(_origKP.getPrivate(), _origCert,
> CMSSignedDataStreamGenerator.DIGEST_SHA1, "BC");
>
> gen.addCertificatesAndCRLs(certsAndCrls);
>
> OutputStream sigOut = gen.open(bOut);
>
> CMSCompressedDataStreamGenerator cGen = new
> CMSCompressedDataStreamGenerator();
>
> OutputStream cOut = cGen.open(sigOut,
> CMSCompressedDataStreamGenerator.ZLIB);
>
> cOut.write(TEST_MESSAGE.getBytes());
>
> cOut.close();
>
> sigOut.close();
>
>
> The main thing to note is that the enclosed message has to be closed
> off
> before the outer most message is.
>
> Regards,
>
> David
>
> On Fri, 2008-09-26 at 13:45 +0200, Leo.Erlandsson@... wrote:
> >
> > Hi,
> >
> > I am using BC mail 1.40 trying to chain or cascade the OutputStreams
> > from
> CMSEnvelopedDataStreamGenerator,CMSCompressedDataStreamGenerator
> > and CMSSignedDataStreamGenerator to be able to get an OutputStream
> > that does signing, compression and encryption in one go in a stream
> > (to be able to handle large files efficiently, in one processing
> > step).
> >
> > What I am trying to do is this
> >
> > OutputStream plainTextStream......
> > OutputStream signedCompressedAndEnvelopedStream =
> > encrypt(compress(sign(plainTextStream)));
> >
> >
> > I have three methods to handle this:
> >
> > /**
> > * Compress an output stream using CMS ZLIB.
> > * @param uncompressed Uncompressed Stream
> > * @return Compressed stream.
> > **/
> > private OutputStream compress(OutputStream uncompressed) throws
> > IOException {
> >
> > CMSCompressedDataStreamGenerator gen = new
> > CMSCompressedDataStreamGenerator();
> > streamCloser.add(uncompressed);
> > return gen.open(uncompressed,
> > CMSCompressedDataStreamGenerator.ZLIB);
> >
> > }
> >
> > /**
> > * Encrypt Stream using the given Certificate and given
> algorithm
> > * @param unencrypted Unencrypted Stream.
> > * @return Encrypted Stream
> > **/
> > private OutputStream encrypt(OutputStream unencrypted) throws
> > NoSuchAlgorithmException,
> > NoSuchProviderException, CMSException, IOException {
> >
> > CMSEnvelopedDataStreamGenerator edGen = new
> > CMSEnvelopedDataStreamGenerator();
> > edGen.addKeyTransRecipient(partnerCertificate);
> > return edGen.open(unencrypted, encryptionAlgorithm,
> > Utils.BOUNCYCASTLE_PROVIDER_NAME);
> >
> > }
> >
> >
> > /**
> > * Sign an output Stream
> > * @param unsigned Unsigned Stream
> > * @return Signed stream.
> > **/
> > private OutputStream sign(OutputStream unsigned) throws
> > NoSuchAlgorithmException,
> > NoSuchProviderException,
> > InvalidKeyException, IOException, Exception {
> > CMSSignedDataStreamGenerator gen = new
> > CMSSignedDataStreamGenerator();
> >
> > gen.addSigner(privateKey, ourCertificate,
> > CMSSignedDataStreamGenerator.DIGEST_SHA1,
> > Utils.BOUNCYCASTLE_PROVIDER_NAME);
> > return gen.open(unsigned,true);
> > }
> >
> >
> > But I get only "garbage" data that is invalid when I chain or
> cascade
> > two or more operations (signing, compression, enveloping). I have
> > tried to manually close the streams created in order, but that does
> > not help.
> >
> >
> > Thanks!
> >
> > Regards,
> > Leo
>
>
>
>
| Free Forum Powered by Nabble | Forum Help |
