Oracle CMS 5-13 CMSSignedDataContentInfo sigdata = new CMSSignedDataContentInfonew CMSDataContentInfonew byte[0]; sigData.addCertificate ...; sigData.addCRL ...; sigData.output..; You can read in a CertificateCRL-only signed-data object as shown in Reading a CMS Signed-data Object .

5.3.2.6 The CMSEncryptedDataContentInfo Class

The class CMSEncryptedDataContentInfo represents an object of type id-encryptedData as defined by the constant CMS.id_encryptedData. Table 5–7 lists some useful methods of this class. Users of encryption operations, including RC2, DES, Triple-DES, AES, and so on, should note that the cipher providers are pluggable in the Oracle Security Engine implementation.

5.3.2.6.1 Constructing a CMS Encrypted-data Object

To create an encrypted-data object: 1. Create an instance of CMSEncryptedDataContentInfo. For example, if contentInfo is a CMSDataContentInfo object and the cipher is Triple-DES in CBC mode: SecretKey contentEncryptionKey = KeyGenerator.getInstanceDESede.generateKey; Table 5–7 Useful Methods of CMSEncryptedDataContentInfo Method Description AlgorithmIdentifier getContentEncryptionAlgID Returns the content encryption algorithm CMSContentInfo getEnclosedSecreKey decryptionKey Returns the decrypted content ASN1ObjectID getEnclosedContentType Returns the content type of the encrypted content byte[] getEncryptedContent Returns the encrypted content AttributeSet getUnprotectedAttributes Returns the set of unprotected attributes ASN1Integer getVersion Returns the version number boolean isDetached Indicates if this is a detached CMS object void setUnprotectedAttributes oracle.security.crypto.cert.AttributeSet unprotectedAttributes Sets the unprotected attributes void writeDetached boolean writeDetachedObject Indicates if the encryptedContent will be a part of the EncryptedContentInfo structure in this objects output encoding 5-14 Oracle Fusion Middleware Reference for Oracle Security Developer Tools CMSEncryptedDataContentInfo enc = new CMSEncryptedDataContentInfocontentInfo, contentEncryptionKey, CMS.des_ede3_cbc; 2. Write the encrypted-data object to a file, say data.p7m: enc.outputnew FileOutputStreamdata.p7m;

5.3.2.6.2 Reading a CMS Encrypted-data Object

The steps you need to read an encrypted-data object depend on whether you know the objects content type. 1. Open a connection to the data.p7m file using FileInputStream. If you know that the object stored in the file data.p7m is of content type id-encryptedData: CMSEncryptedDataContentInfo encdata = new CMSEncryptedDataContentInfonew FileInputStreamdata.p7m; However, if you do not know the content type in advance: CMSContentInfo cmsdata = CMSContentInfo.inputInstancenew FileInputStreamdata.p7m; if cmsdata instanceof CMSEncryptedDataContentInfo { CMSEncryptedDataContentInfo encdata = CMSEncryptedDataContentInfo cmsdata; ..... } 2. To access the information stored in the CMS encrypted-data object: int version = encdata.getVersion.intValue; AlgorithmIdentifier encAlgID = encdata.getContentEncryptionAlgID; byte[] encValue = encdata.getEncryptedContent; CMSContentInfo encContentInfo = encdata.getEnclosedContentEncryptionKey; Decrypt the Content if encData.getEnclosedContentType.equalsCMS.id_data CMSDataContentInfo contentInfo = CMSDataContentInfoencContentInfo;

5.3.2.6.3 Detached encrypted-data CMS Objects

If it is a detached object, the encrypted object is not a part of the resulting CMS encrypted-data structure. To generate a detached object, call the writeDetached .. method: encData.writeDetachedtrue; While you can read in a detached CMS encrypted-data object as shown in Reading a CMS Encrypted-data Object , the content decryption will fail because the original object that was encrypted is not present. Call the setEnclosed .. method to set the encryptedContent: encData.setEnclosedencryptedcontent; followed by content decryption: encdata.getEnclosedContentEncryptionKey; Oracle CMS 5-15

5.3.2.7 The CMSEnvelopedDataContentInfo Class