Search code examples
javaopensslrsadigital-signaturefile-format

How can I write a .RSA file containig the signature (with java)

My Task:

I have a Java Application that writes text files. These files should be signed with RSA/SHA1 by the application in order to guarantee that they are not changed during or after transport.

My first Idea was to append a "RSA Signature Block" at the end of the text file. But I found no information on how this block would have to be formated to be able to verify the file with a standard tool (OpenSSL?)

After searching the web for some hours I have the impression that the standard would be to write a file with an appended .rsa extension. (Say we have a Order123.txt we generate a file "Order123.txt.rsa") However I found no information on the format of these files.

The only thing I found are several links that there are .rsa files and that they can be opened with openssl, e.g: http://file.downloadatoz.com/rsa-file-extension.html

Furthermore http://download.java.net/jdk8/docs/technotes/guides/jar/jar.html talks about "META-INF/*.RSA" Files:

A digital signature is a signed version of the .SF signature file. These are binary files not intended to be interpreted by humans.

Digital signature files have the same filenames as the .SF files but different extensions. The extension varies depending on the type of digital signature.

.RSA (PKCS7 signature, SHA-256 + RSA)

So it seems to be a binary format...

Can somebody explain the format of an RSA file? And maybe how to write this format preferably in Java? (Assuming that the public/private key is in the keystore)

Solution

  • These files are PKCS#7 formatted signature files. Very common and virtually all S/Mime toolchains can create these. See for example

    http://www.cis.upenn.edu/~bcpierce/courses/629/jdkdocs/tooldocs/win32/javakey.html

    and note that this can be used for arbitrary files.

    Bouncy castle http://i-proving.com/2007/09/21/pkcs7-signatures-using-bouncy-castle/, Java implementation of C# SignedCms and http://www.jensign.com/JavaScience/javacrypto/index.html are some examples.

    A more limited version which needs no extra sundry: https://security.stackexchange.com/questions/13910/pkcs7-encoding-in-java-without-external-libs-like-bouncycastle-etc may be of use.

    Dw.