I want to sign a text file (may be a .exe file or something else in the future) using PKCS#7 and verify the signature using Java.
.jar and documentation)?Please provide me code snippet if possible.
I reckon you need the following 2 Bouncy Castle jars to generate the PKCS7 digital signature:
bcprov-jdk15on-147.jar (for JDK 1.5 - JDK 1.7)
bcmail-jdk15on-147.jar (for JDK 1.5 - JDK 1.7)
You can download the Bouncy Castle jars from here.
You need to setup your keystore with the public & private key pair. You need only the private key to generate the digital signature & the public key to verify it.
Here's how you'd pkcs7 sign content (Exception handling omitted for brevity) :
import java.io.FileInputStream; import java.io.InputStream; import java.security.KeyStore; import java.security.PrivateKey; import java.security.Security; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import org.bouncycastle.cert.jcajce.JcaCertStore; import org.bouncycastle.cms.CMSProcessableByteArray; import org.bouncycastle.cms.CMSSignedData; import org.bouncycastle.cms.CMSSignedDataGenerator; import org.bouncycastle.cms.CMSTypedData; import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; import org.bouncycastle.util.Store; import org.bouncycastle.util.encoders.Base64; public final class PKCS7Signer { private static final String PATH_TO_KEYSTORE = "/path/to/keyStore"; private static final String KEY_ALIAS_IN_KEYSTORE = "My_Private_Key"; private static final String KEYSTORE_PASSWORD = "MyPassword"; private static final String SIGNATUREALGO = "SHA1withRSA"; public PKCS7Signer() { } KeyStore loadKeyStore() throws Exception { KeyStore keystore = KeyStore.getInstance("JKS"); InputStream is = new FileInputStream(PATH_TO_KEYSTORE); keystore.load(is, KEYSTORE_PASSWORD.toCharArray()); return keystore; } CMSSignedDataGenerator setUpProvider(final KeyStore keystore) throws Exception { Security.addProvider(new BouncyCastleProvider()); Certificate[] certchain = (Certificate[]) keystore.getCertificateChain(KEY_ALIAS_IN_KEYSTORE); final List certlist = new ArrayList(); for (int i = 0, length = certchain == null ? 0 : certchain.length; i PKCS#7 is known as CMS now (Cryptographic Message Syntax), and you will need the Bouncy Castle PKIX libraries to create one. It has ample documentation and a well established mailing list.
I won't supply code snippet, it is against house rules. Try yourself first.