In Java, I tried to sign byte [] (this is my sha256 digest of my document) with a bouncy castle and a certificate in this specification:
http://www.ebics.org/fileadmin/unsecured/specification/spec_current_EN/EBICS_Specification_2.5_final-16-05-2011.pdf
in chapter 14.1.4.1.1 Generation of a digital signature.
I found this method in bouncy java doc:
public static byte[] signer(byte[] datas, Certificat cert) { try { List<X509Certificate> certList = new ArrayList<X509Certificate>(); CMSTypedData msg = new CMSProcessableByteArray(datas); certList.add(cert.getCertificat()); Store certs = new JcaCertStore(certList); CMSSignedDataGenerator gen = new CMSSignedDataGenerator(); ContentSigner sha256signer = new JcaContentSignerBuilder( "SHA256withRSA").setProvider("BC").build( cert.getPrivateKey()); gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder( new JcaDigestCalculatorProviderBuilder().setProvider("BC") .build()).build(sha256signer, cert.getCertificat())); gen.addCertificates(certs); CMSSignedData sigData = gen.generate(msg, true); return sigData.getEncoded(); } catch (Exception e) { throw new RuntimeException( "Erreur lors de la signature du document", e); }
I do not know if this signature really matches PKCS # 1 1.5 required by the specification. Do I need to manually add a registration? And the OID for RSA256?
source share