David Stutzman wrote: > Robert Relyea wrote: > >>> The JSS method to create this is: >>> SignerInfo(SignerIdentifier signerIdentifier, SET signedAttributes, >>> SET unsignedAttributes, OBJECT_IDENTIFIER contentType, byte[] >>> messageDigest, SignatureAlgorithm signingAlg, PrivateKey signingKey) >>> >>> >> So just passing agentPrivateKey here doesn't work? >> > > I can test it again to see for sure if you'd like, but I think the > reason I went through the conversion process in the first place was > because the SignerInfo constructor threw an exception complaining that > the private key didn't belong to the JSS provider. Now that I'm working > with a hardware token that isn't giving up its keybytes so I can build a > key with the JSS provider I'm in trouble. > hi dave,
how did you construct agentPrivateKey ? Is a type PK11PrivKey? http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/pkcs11/PK11PrivKey.java what happens when you do agentPrivateKey.getOwningToken().getName() does it refer to your hardware token ? you should be able to pass in agentPrivateKey to the JSS method http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/pkcs7/SignerInfo.java#292 -glen > That's why I'm thinking I might be stuck building the SignerInfo from > scratch. That way I can use the Sun/Java signature methods/provider to > do the signature and insert the raw data into the ASN1 structure. I'm > just sure it's going to be very confusing for me. > > For instance I'm making progress on parsing the CMC Response and I was > working on verifying the signature on the response and I had to do the > following: > EncapsulatedContentInfo eci = response.getContentInfo(); > OCTET_STRING content = eci.getContent(); > and then pass content.toByteArray() to the MessageDigest object. I got > that from here: > http://www.redhat.com/docs/manuals/cert-system/sdk/7.1/samples/servlets/processors/index.html > I *never* would have thought to do that. I was trying to hash > "ASN1Util.encode(eci)" and that wasn't working. > > Dave > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
