问题
I have root, intermediate and end entity certificates and, I want to package it in pkcs # 7 format using bouncy castle. How can I do it?
回答1:
At the very first, you have to read latest RFC on PKCS#7/CMS. Please click on this RFC Link to read.
Now to fulfill your objective, use bouncycastle. You need to generate CMSSignedData data. For that, you need to prepare private key and Certificate chain. Here, I am going to assume, you already have those. Now prepare CMSProcessableByteArray.
CMSProcessableByteArray msg = new CMSProcessableByteArray("Hello World".getBytes());
Now, prepare the store with the List of certificates.
Store certs = new JcaCertStore(certList);
Then declare CMSSignedDataGenerator and add signerInfo and certificates.
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSignerInfoGenerator(new JcaSignerInfoGeneratorBuilder(......));
gen.addCertificates(certs);
Then generate CMSSignedData with CMSSignedDataGenerator and CMSProcessableByteArray.
CMSSignedData cmsData = gen.generate(msg, true);
Finally write the the byte array of the CMSSignedData (cmsSignedData.getEncoded()) to a location with .p7b file extension. Open the file to see the certificate chain.
来源:https://stackoverflow.com/questions/29638061/how-do-i-repackage-certificates-into-pkcs-7-certificate-using-bouncy-castle