Edifact DigitalSign with Bouncy Castle

Discussion:

Giulio Rizzo

2014-08-07 13:32:59 UTC

Dear all,

I need to implement Edifact DigitalSign with one of our partner, so I
choose to go with Bouncy Castle with bcprov-jdk15on-147.jar.

Algorithm=RSA
hash=SHA1
padding=ISO 9796-2 (scheme 2)

Following some examples I found on internet, I make the following simple

import java.security.Signature;
import java.security.KeyPair;
Signature signer = signature.getInstance("SHA1WithRSA/ISO9796-2", "BC");
File plainTextFile = new File(plainTextFilePath);
FileInputStream plainTextFileFIN = plainTextFileFIN = new
FileInputStream(plainTextFile);
byte[] stringToSignDataBytes =
plainTextFileFIN.read(stringToSignDataBytes);
signer.initSign(keyPair.getPrivate());
signer.update(stringToSignDataBytes);
byte[] digitalSignature = digitalSignature = signer.sign();

But our partner is claiming that the sign is not correct.
Making more research I found that maybe I should use

org.bouncycastle.crypto.signers.ISO9796d2PSSSigner

but as I don't found any example on this I would like to know if

Signature signer = signature.getInstance("SHA1WithRSA/ISO9796-2", "BC");

gives a ISO 9796-2 (scheme 2) sign or only a ISO 9796-2 before checking
on how to do with ISO9796d2PSSSigner.
If someone have an example on how to sign, you are more then welcome to
point me to it.
Thank you.

Best regards.

Giulio Rizzo

David Hook

2014-08-12 01:06:02 UTC

Permalink

At the moment the provider only supports the initial style of ISO9796-2
signatures.

You can find examples of use for ISO9796d2PSSSigner in
org.bouncycastle.crypto.test.ISO9796Test

Regards,

David

Post by Giulio Rizzo
Dear all,
I need to implement Edifact DigitalSign with one of our partner, so I
choose to go with Bouncy Castle with bcprov-jdk15on-147.jar.

Algorithm=RSA
hash=SHA1
padding=ISO 9796-2 (scheme 2)

Following some examples I found on internet, I make the following

But our partner is claiming that the sign is not correct.
Making more research I found that maybe I should use

org.bouncycastle.crypto.signers.ISO9796d2PSSSigner

but as I don't found any example on this I would like to know if

Signature signer = signature.getInstance("SHA1WithRSA/ISO9796-2", "BC");

gives a ISO 9796-2 (scheme 2) sign or only a ISO 9796-2 before
checking on how to do with ISO9796d2PSSSigner.
If someone have an example on how to sign, you are more then welcome
to point me to it.
Thank you.
Best regards.
Giulio Rizzo

Giulio Rizzo

2014-08-20 06:13:17 UTC

Permalink

Hello,

I've managed to create the ISO9796-2 signatures phase 2 following the
example and can successfully test it on my side, below the code I've made

PrivateKey privateKey = keyPair.getPrivate();
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPrivateCrtKeySpec privateKeySpec =
keyFactory.getKeySpec(privateKey, RSAPrivateCrtKeySpec.class);
RSAKeyParameters privParameters = new RSAKeyParameters(true,
privateKeySpec.getModulus(), privateKeySpec.getPrivateExponent());
RSAEngine rsa = new RSAEngine();
File plainTextFile = new File(plainTextFilePath);
FileInputStream plainTextFileFIN = new FileInputStream(plainTextFile);
SHA1Digest digest = new SHA1Digest();
ISO9796d2PSSSigner signer = new ISO9796d2PSSSigner(rsa, digest,
digest.getDigestSize());
signer.init(true, privParameters);
signer.update(stringToSignDataBytes, 0, stringToSignDataBytes.length);
digitalSignature = signer.generateSignature();

Still I can't get the sign accepted on receiver side. I've seen that it
could be added a salt, but there is no salt description in Edifact
documentation for Digital Sign so I don't know if this needs to be added
or not.
Anyone with experience with Edifact Sign can help? The EDC filter have
been applied and tested so this is not the problem as it works on the
certificate sent with the edifact.
Thank you for your help.

Giulio

At the moment the provider only supports the initial style of
ISO9796-2 signatures.
You can find examples of use for ISO9796d2PSSSigner in
org.bouncycastle.crypto.test.ISO9796Test
Regards,
David

Post by Giulio Rizzo
Dear all,
I need to implement Edifact DigitalSign with one of our partner, so I
choose to go with Bouncy Castle with bcprov-jdk15on-147.jar.

Algorithm=RSA
hash=SHA1
padding=ISO 9796-2 (scheme 2)

Following some examples I found on internet, I make the following

But our partner is claiming that the sign is not correct.
Making more research I found that maybe I should use

org.bouncycastle.crypto.signers.ISO9796d2PSSSigner

but as I don't found any example on this I would like to know if

Signature signer = signature.getInstance("SHA1WithRSA/ISO9796-2", "BC");

gives a ISO 9796-2 (scheme 2) sign or only a ISO 9796-2 before
checking on how to do with ISO9796d2PSSSigner.
If someone have an example on how to sign, you are more then welcome
to point me to it.
Thank you.
Best regards.
Giulio Rizzo

--
Cordiali Saluti // Mit freundlichen Grüßen // Best Regards

Giulio Rizzo
Senior EDI Consultant

Web: www.derwid.com
LinkedIn: www.linkedin.com/company/derwid
Xing: www.xing.com/company/derwid

DERWID.it s.r.l. Unip. soggetta a direz. e coord. di DERWID.com GmbH
I - 33075 Morsano al Tagliamento (PN), Via Interna 66/2
Tel: +39/0434/696521, Fax: +39/0434/696522

DERWID.com GmbH
A - 5732 Bramberg, Schweinegg 11
Tel: +43/6566/20138, Fax: +43/6566/20182

DERWID.de GmbH
D - 42657 Solingen, Grünewalder Straße 29-31
Tel: +49/212/52087935, Fax: +49/212/52087949