大道至简,知易行难
广阔天地,大有作为

CMS(Cryptographic Message Syntax )PKCS#7合法性验证(签名、证书链)

PKCS#7合法性验证包括签名和证书链两部分,其中签名验证可以直接进行,而证书链验证需要从end entity遍历intermediate entity直到根证书,具体代码不再贴。

参考资料:
1、https://tools.ietf.org/html/rfc3852
2、https://stackoverflow.com/questions/43995011/cannot-verify-signature-cmssigneddata-bouncycastle
3、https://stackoverflow.com/questions/24451744/verify-a-signature-with-bouncy-castle
4、https://stackoverflow.com/questions/44704289/retrieving-cmssigneddata-from-asn-1-encoding-in-bouncy-castle
5、https://www.programcreek.com/java-api-examples/?code=williamgrosset/OSCAR-ConCert/OSCAR-ConCert-master/src/main/java/com/indivica/olis/Driver.java
6、https://stackoverflow.com/questions/16662408/correct-way-to-sign-and-verify-signature-using-bouncycastle
7、https://stackoverflow.com/questions/44026852/get-signing-chain-from-cmssigneddata
8、https://www.programcreek.com/java-api-examples/?code=damianofalcioni/Websocket-Smart-Card-Signer/Websocket-Smart-Card-Signer-master/src/main/java/df/sign/cms/PKCS7Manager.java#
9、https://stackoverflow.com/questions/43885980/getting-root-and-intermediate-certificates-from-an-end-entity?noredirect=1&lq=1
10、https://android.googlesource.com/platform/frameworks/base.git/+/076357b8567458d4b6dfdcf839ef751634cd2bfb/core/java/android/net/http/CertificateChainValidator.java
11、http://www.nakov.com/blog/2009/12/01/x509-certificate-validation-in-java-build-and-verify-chain-and-verify-clr-with-bouncy-castle/

转载时请保留出处,违法转载追究到底:进城务工人员小梅 » CMS(Cryptographic Message Syntax )PKCS#7合法性验证(签名、证书链)

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址