I also couldn’t find any C#-documentation for Bouncy Castle API. Seems, like it doesn’t exist. But you can go this way. Download library sources, and look at them a little. Code actually looks like Java-code, but it has minimal differences: Some base classes moved to interfaces All the methods and properties are named in ‘UpperCamelCase’ … Read more
The gen.generate(msg, false) means the signed data is not encapsulated in the signature. This is fine if you want to create a detached signature, but it does mean that when you go to verify the SignedData you have to use the CMSSignedData constructor that takes a copy of the data as well – in this … Read more
It is complicated, but I’ll try to explain as best I can. I think I’ll start with Java. My discussion is geared to Java 6, I’m not sure what has changed in Java 7. Java’ built-in cryptography is available through the Java Cryptography Extension (JCE). This extension has two parts to it, the application API … Read more
You need to change the type of the keystore, from BKS to BKS-v1 (BKS-v1 is an older version of BKS). Because the BKS version changed as said here There is another solution, that is much much easier: Using Portecle: Downloads Portecle http://portecle.sourceforge.net/ Open your bks file with the password and portecle Do Tools>>Change Keystore Type>>BKS-v1 … Read more
First a disclaimer: DO NOT ever use SecureRandom to derive a key! This is broken and doesn’t make sense! The following block of code from the question tries to deterministically derive a key from a password, called the “seed” as the password is used to “seed” the random number generator. KeyGenerator keygen = KeyGenerator.getInstance(“AES”); SecureRandom … Read more
Ok … I was looking to do the same stuff and for the life of me I couldn’t figure out how. The APIs all talk about generating the key pairs and then generating the cert but not how to sign a CSR. Somehow, quite by chance – here’s what I found. Since PKCS10 represents the … Read more
The difference The difference between signing with “SHA256withRSA” and computing the SHA256 hash and signing it with “RSA” (= “NONEwithRSA”) is foremost that in the former case the calculated SHA-256 hash value is first encapsulated in a DigestInfo structure DigestInfo ::= SEQUENCE { digestAlgorithm DigestAlgorithm, digest OCTET STRING } before being padded and then encrypted … Read more
Just to clarify, an X.509 certificate does not contain the private key. The word certificate is sometimes misused to represent the combination of the certificate and the private key, but they are two distinct entities. The whole point of using certificates is to send them more or less openly, without sending the private key, which … Read more
In short, the reason for the difference is that PBKDF2 algorithm in modes #1 and #2 uses PKCS #5 v2 scheme 2 (PKCS5S2) for iterative key generation, but the BouncyCastle provider for “PBEWITHHMACSHA1” in mode #3 uses the PKCS #12 v1 (PKCS12) algorithm instead. These are completely different key-generation algorithms, so you get different results. … Read more
Looking at the source of PGPUtil you can see what API to call when working with streams or arrays directly: public static void writeFileToLiteralData(OutputStream out, char fileType, File file, byte[] buffer) throws IOException { PGPLiteralDataGenerator lData = new PGPLiteralDataGenerator(); OutputStream pOut = lData.open(out, fileType, file.getName(), new Date(file.lastModified()), buffer); FileInputStream in = new FileInputStream(file); byte[] buf … Read more