Robert Relyea wrote: >> The JSS method to create this is: >> SignerInfo(SignerIdentifier signerIdentifier, SET signedAttributes, >> SET unsignedAttributes, OBJECT_IDENTIFIER contentType, byte[] >> messageDigest, SignatureAlgorithm signingAlg, PrivateKey signingKey) >> > So just passing agentPrivateKey here doesn't work?
I can test it again to see for sure if you'd like, but I think the reason I went through the conversion process in the first place was because the SignerInfo constructor threw an exception complaining that the private key didn't belong to the JSS provider. Now that I'm working with a hardware token that isn't giving up its keybytes so I can build a key with the JSS provider I'm in trouble. That's why I'm thinking I might be stuck building the SignerInfo from scratch. That way I can use the Sun/Java signature methods/provider to do the signature and insert the raw data into the ASN1 structure. I'm just sure it's going to be very confusing for me. For instance I'm making progress on parsing the CMC Response and I was working on verifying the signature on the response and I had to do the following: EncapsulatedContentInfo eci = response.getContentInfo(); OCTET_STRING content = eci.getContent(); and then pass content.toByteArray() to the MessageDigest object. I got that from here: http://www.redhat.com/docs/manuals/cert-system/sdk/7.1/samples/servlets/processors/index.html I *never* would have thought to do that. I was trying to hash "ASN1Util.encode(eci)" and that wasn't working. Dave _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
