Notes:
BCSignFile generates a standard detached CMS/pkcs#7 signature for any local file, using specified
Java 2 keystore and key alias. Adds entire certificate chain to signature.The output signature file BCsigned.p7s
in binary DER format, can be verified using any CMS signed data aware implementation: for example, CAPICOM SignedData.Verify(). Note that
the data encrypted is the ASCII data bytes (not UNICODE) of the file data.
VerifyP7s can verify standard CMS/pkcs#7 signatures with detached content. Signature files
in either binary DER or base64 encode binary-DER are supported. For example, detached signature files
generated by CAPICOM can be verified with VerifyP7s.
BCVerifyISig can verify standard CMS/pkcs#7 signatures with included content and extract
the signed data. Signature files in either binary DER or base64 encode binary-DER are supported. The signing certificate (containing
the public key required for signature verification)
can either be included in the signature file, or optionally can be specified as a certificate-file argument (signerCertFile).
For example, included content signature files generated by CAPICOM can be verified with BCVerifyISig.
The samples above were compiled with j2sdk1.4.1_02 and require the Bouncy Castle base provider and mail
provider Release 1.19+ for both compilation and at runtime.
EnvelopFile generates a standard enveloped data structure for any local file, and using one local
certificate file to specify a single recipient. The output enveloped-data file BCenveloped.p7 in binary DER format,
can be unencyrpted (de-enveloped) with any EnvelopedData aware implementation: for example, CAPICOM EnvelopedData.Decrypt().
Usage: java EnvelopFile [contentfile] [X509certfile]
Usage: java BCSignFile [contentfile] [keystore file] [key-entry alias] [key password]
Usage: java VerifyP7s [pkcs#7_signature_file] [contentfile]
Usage: java BCVerifyISig [pkcs#7_signature_file] [outputContentFile] [signerCertFile]
Michel I. Gallant
neutron@istar.ca