Using PKCS 7 Cryptography

问题

I need to encrypt and sign data using PKCS7(CMS). I am using bouncy castle provided api to achieve this using java . Till now what i understood is i need to follow these steps

1. Need to generate a key pair private & public key using some algorithm say RSA
2. Certify it with X509 certificate
3. Convert it into PKCS7 key format like p7b
4. Generate java key store using keytool some *.jks file
5. Generate the Certificate Signing Request (CSR) using keytool command *.crt
6. Become self CA(Certificate Autority) and certify
7. Import key from keystore created in previous stem and encrypt sign and decrypt data

I still need to figure out what steps i need to follow to sign,encrypt,decrypt data.
My question is

1. Is my steps are correct ?
2. How do i certify key pair generated by RSA algorithm and convert into PKCS7 key format
3. How do i become self CA and certify
4. I got this to encrypt and sign, still i am confused with steps to follow and also most of them are deprecated.

回答1:

What you need is not BouncyCastle.

You need OpenSSL and a guide.

1. OpenSSL

2. How to set up your own certificate authority

3. How to create a self-signed certificate

4. How to use a certificate in Java

Alternatively, to generate and store an RSA key using Java:

Generate RSA key pair and encode private as string

来源：https://stackoverflow.com/questions/11044888/using-pkcs-7-cryptography