Oracle CMS 5-13
CMSSignedDataContentInfo sigdata = new CMSSignedDataContentInfonew CMSDataContentInfonew byte[0];
sigData.addCertificate ...; sigData.addCRL ...;
sigData.output..;
You can read in a CertificateCRL-only signed-data object as shown in Reading a
CMS Signed-data Object .
5.3.2.6 The CMSEncryptedDataContentInfo Class
The class CMSEncryptedDataContentInfo represents an object of type id-encryptedData as defined by the constant CMS.id_encryptedData.
Table 5–7 lists some useful methods of this class.
Users of encryption operations, including RC2, DES, Triple-DES, AES, and so on, should note that the cipher providers are pluggable in the Oracle Security Engine
implementation.
5.3.2.6.1 Constructing a CMS Encrypted-data Object
To create an encrypted-data object:
1.
Create an instance of CMSEncryptedDataContentInfo. For example, if contentInfo is a CMSDataContentInfo object and the cipher is Triple-DES in
CBC mode:
SecretKey contentEncryptionKey = KeyGenerator.getInstanceDESede.generateKey;
Table 5–7 Useful Methods of CMSEncryptedDataContentInfo
Method Description
AlgorithmIdentifier getContentEncryptionAlgID
Returns the content encryption algorithm
CMSContentInfo getEnclosedSecreKey decryptionKey
Returns the decrypted content ASN1ObjectID
getEnclosedContentType Returns the content type of the
encrypted content byte[] getEncryptedContent
Returns the encrypted content AttributeSet
getUnprotectedAttributes Returns the set of unprotected
attributes ASN1Integer getVersion
Returns the version number boolean isDetached
Indicates if this is a detached CMS object
void setUnprotectedAttributes oracle.security.crypto.cert.AttributeSet
unprotectedAttributes Sets the unprotected attributes
void writeDetached boolean writeDetachedObject
Indicates if the encryptedContent will be a part of the
EncryptedContentInfo structure in this objects output encoding
5-14 Oracle Fusion Middleware Reference for Oracle Security Developer Tools
CMSEncryptedDataContentInfo enc = new CMSEncryptedDataContentInfocontentInfo, contentEncryptionKey,
CMS.des_ede3_cbc;
2.
Write the encrypted-data object to a file, say data.p7m: enc.outputnew FileOutputStreamdata.p7m;
5.3.2.6.2 Reading a CMS Encrypted-data Object
The steps you need to read an encrypted-data object depend on whether you know the objects content type.
1.
Open a connection to the data.p7m file using FileInputStream. If you know that the object stored in the file data.p7m is of content type
id-encryptedData: CMSEncryptedDataContentInfo encdata =
new CMSEncryptedDataContentInfonew FileInputStreamdata.p7m; However, if you do not know the content type in advance:
CMSContentInfo cmsdata = CMSContentInfo.inputInstancenew FileInputStreamdata.p7m;
if cmsdata instanceof CMSEncryptedDataContentInfo {
CMSEncryptedDataContentInfo encdata = CMSEncryptedDataContentInfo cmsdata;
..... }
2.
To access the information stored in the CMS encrypted-data object: int version = encdata.getVersion.intValue;
AlgorithmIdentifier encAlgID = encdata.getContentEncryptionAlgID; byte[] encValue = encdata.getEncryptedContent;
CMSContentInfo encContentInfo =
encdata.getEnclosedContentEncryptionKey; Decrypt the Content if encData.getEnclosedContentType.equalsCMS.id_data
CMSDataContentInfo contentInfo = CMSDataContentInfoencContentInfo;
5.3.2.6.3 Detached encrypted-data CMS Objects
If it is a detached object, the encrypted object is not a part of the resulting CMS encrypted-data structure. To generate a detached object, call the writeDetached
.. method:
encData.writeDetachedtrue; While you can read in a detached CMS encrypted-data object as shown in
Reading a CMS Encrypted-data Object
, the content decryption will fail because the original object that was encrypted is not present. Call the setEnclosed .. method to set
the encryptedContent: encData.setEnclosedencryptedcontent;
followed by content decryption: encdata.getEnclosedContentEncryptionKey;
Oracle CMS 5-15
5.3.2.7 The CMSEnvelopedDataContentInfo Class