1

我想使用 PKCS #7 加密解密数据。在探索时,我发现一本书《Beginning Cryptography With Java
》在本书的第 9 章中有一个示例代码如下

import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.*;
import java.util.Arrays;

import org.bouncycastle.cms.CMSProcessable;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;

/**
 * Example of generating a detached signature.
 */
public class SignedDataExample
    extends SignedDataProcessor
{
    public static void main(String[] args) throws Exception
    {
        KeyStore         credentials = Utils.createCredentials();
        PrivateKey       key = (PrivateKey)credentials.getKey(
                                          Utils.END_ENTITY_ALIAS, Utils.KEY_PASSWD);
        Certificate[]    chain = credentials.getCertificateChain(
                                                           Utils.END_ENTITY_ALIAS);
        CertStore        certsAndCRLs = CertStore.getInstance(
                                "Collection", new CollectionCertStoreParameters(
                                                      Arrays.asList(chain)), "BC");
        X509Certificate  cert = (X509Certificate)chain[0];

        // set up the generator
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();

        gen.addSigner(key, cert, CMSSignedDataGenerator.DIGEST_SHA224);
        gen.addCertificatesAndCRLs(certsAndCRLs);

        // create the signed-data object
        CMSProcessable data = new CMSProcessableByteArray(
                                                     "Hello World!".getBytes());

        CMSSignedData signed = gen.generate(data, "BC");

        // re-create
        signed = new CMSSignedData(data, signed.getEncoded());

        // verification step
        X509Certificate rootCert = (X509Certificate)credentials.getCertificate(
                                                                Utils.ROOT_ALIAS);
        if (isValid(signed, rootCert))

        {
           System.out.println("verification succeeded");
        }
        else
        {
           System.out.println("verification failed");
        }
     }
  }

我有几个问题

  1. 加密数据在哪里以及如何将其写入文件
  2. 如何从加密数据中恢复原始数据
  3. 我是否需要将密钥库发送给解密加密数据的人。
  4. 我应该以什么格式发送加密数据

多谢

4

0 回答 0