Search code examples
c#rsabouncycastlepkcs#7

How to create an pkcs7 block for key exchange only (bouncy castle)


I am trying to create a file containing a pkcs 7 block. In this container, I need my public key and my signer info (no signed data!!!). I have already tried several alternatives without any luck. This is my code:

First the signature info:

 List<X509Certificate> certs = new List<X509Certificate> { cert };
 IX509Store x509Certs = X509StoreFactory.Create(
      "CERTIFICATE/COLLECTION",
      new X509CollectionStoreParameters(certs));

 var ias = new IssuerAndSerialNumber(cert.IssuerDN, cert.SerialNumber);
 SignerIdentifier sid = new SignerIdentifier(ias);
 AlgorithmIdentifier algoDigId = new AlgorithmIdentifierCmsSignedGenerator.DigestSha1);
 AlgorithmIdentifier algoCryptId = new AlgorithmIdentifier(CmsSignedGenerator.EncryptionRsa);

 SignerInfo si = new SignerInfo(sid, algoDigId, null, algoCryptId,
                                      new DerOctetString(contentSignature), null);

the contentSignature byte[] contains a signed digest for some info.

Now, when I try to create the SignedData, everything goes down

  var signedContent = new ContentInfo(CmsObjectIdentifiers.Data, DerNull.Instance);
  CmsSignedData csd = new CmsSignedData(signedContent);

I am not trying to send info, this is only for key exchange and verification purposes. I believe this is a valid scenario but somehow this does not work.

Thanks for your help.

UPDATE:

more context.

I am trying to sign a JAR from a .Net executable. I have pretty much done the rest of the process but jarsigner creates a pkcs7 file with:

  • ContentInfo set to type Data and no content. So far, making new ContentInfo( CmsObjectIdentifiers.Data, null) just throws an exception while adding the content info to the CmsData

  • A SignerInfo is added, this SignerInfo includes a signature previously derived from the JAR's content.


Solution

  • As this question is specifically related to signing an APK / JAR file, I will answer in that context.

    Assuming that:

    You have performed all the following setup steps:

    1. Generated a valid MANIFEST.MF
    2. Generated a valid CERT.SF
    3. Have a valid PFX file loaded into an X509Certificate2 variable named "cert"
    4. Have the binary contents of the CERT.SF file in a byte array named "manifestSFBytes"

    The following code will generate a valid detached pkcs7 signature which is effectively your CERT.RSA content:

    string OID_DATA = "1.2.840.113549.1.7.1";
    
    // setup the data to sign
    ContentInfo content = new ContentInfo( new Oid( OID_DATA ), manifestSFBytes );
    SignedCms signedCms = new SignedCms( content, true );
    CmsSigner signer = new CmsSigner( SubjectIdentifierType.IssuerAndSerialNumber, cert );
    
    // create the signature
    signedCms.ComputeSignature( signer );
    byte[] data = signedCms.Encode();
    

    This code relies on the System.Security.Cryptography.Pkcs namespace and does not require BouncyCastle.

    What is going on here is that the raw content (signature file binary data) is hashed and signed in one go by the ComputeSignature() call.

    Therefore no "null ContentInfo" tricks are necessary i.e. the ContentInfo contains the raw data to be signed and hashed unlike the Java implementation which signs and hashes the content prior to PKCS7 generation.

    HTH

    -(e)