Question

I need to encrypt and sign data using PKCS7(CMS). I am using bouncy castle provided api to achieve this using java . Till now what i understood is i need to follow these steps

  1. Need to generate a key pair private & public key using some algorithm say RSA
  2. Certify it with X509 certificate
  3. Convert it into PKCS7 key format like p7b
  4. Generate java key store using keytool some *.jks file
  5. Generate the Certificate Signing Request (CSR) using keytool command *.crt
  6. Become self CA(Certificate Autority) and certify
  7. Import key from keystore created in previous stem and encrypt sign and decrypt data

I still need to figure out what steps i need to follow to sign,encrypt,decrypt data.
My question is

  1. Is my steps are correct ?
  2. How do i certify key pair generated by RSA algorithm and convert into PKCS7 key format
  3. How do i become self CA and certify
  4. I got this to encrypt and sign, still i am confused with steps to follow and also most of them are deprecated.
Was it helpful?

Solution

What you need is not BouncyCastle.

You need OpenSSL and a guide.

  1. OpenSSL

  2. How to set up your own certificate authority

  3. How to create a self-signed certificate

  4. How to use a certificate in Java

Alternatively, to generate and store an RSA key using Java:

Generate RSA key pair and encode private as string

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top