Andrew Backer
2014-08-31 07:46:38 UTC
I am a bit new to this, and migrating some old code to newer versions of BC (and replacing most of it). I have an old snippet that signs and encrypts mail for AS2
I can only get the signing to be accepted by the other server we use (Older Cyclone AS2) using bcmail-jdk14-125.jar. Upgrading causes the server to complain that the integrity-check-failed. Upgrading here means upgrading to a version that is API compatible (e.g. jdk14-1.38). Newer versions with the API change have the same issue.
Ive tried all manner of new certificates, making a V3 cert, exporting the ones the other server creates, etc. Learned all this during the process of trying to figure out why its not working, so I could really use smarter eyes to take a look and tell me if there is something simple I am missing... I am out of ideas, short of becoming an expert on this in the short time I have, and if I cant get it working we might stop this branch of development and I wont have a chance to :(
* I am using jdk-1.7 and 1.8
* bcmail-jdk14-125.jar works fine with the server (on any JDK version)
* encryption works fine, regardless of which version of BC
* signing fails to verify on the remote server if I upgrade BC
* two copies of the new code can communicate/sign/verify ok. 3rd party server has issue
* certs are self signed, using openssl to generate everything.
* cert works fine from old version to remote server, it is trusted there
Here is what the original code, using jdk14-1.25 looks like this, and is quite simple:
MimeBodyPart body = new MimeBodyPart();
bodyPart.setDataHandler(new DataHandler(
new ByteArrayDataSource(bytes[], contentType, null);));
SMIMESignedGenerator sGen = new SMIMESignedGenerator();
sGen.addSigner(senderKey, senderCert, "1.3.14.3.2.26"); // SHA1 algorithm
MimeMultipart signedData = sGen.generate(part, "BC");
// this is then encrypted (if needed), wrapped in a new MimeBodyPart
This is the simple version of the new code. I am using 'bcmail-jdk15on:1.51' and 'bcprov-jdk15on:1.51'. A more complicated version follows the more complex example and includes all sorts of stuff about capabilities and so on. That version comes from the example included in the JAR
SMIMESignedGenerator gen = new SMIMESignedGenerator("binary");
gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder()
.setProvider("BC")
.build("SHA1withRSA", senderKey, senderCert));
gen.addCertificates(new JcaCertStore(list(senderCert)));
MimeMultipart smime = gen.generate(part); // MimeBodyPart passed in to function
MimeBodyPart tmpBody = new MimeBodyPart();
tmpBody.setContent(signedData);
tmpBody.setHeader("Content-Type", signedData.getContentType()
Thanks for any hints or pointers, even code samples or reading, anyone has. I am out of other options at the moment, short of writing a new server in C# and trying the certs there, just for funsies.
~ Andrew Backer
Ive tried all manner of new certificates, making a V3 cert, exporting the ones the other server creates, etc. Learned all this during the process of trying to figure out why its not working, so I could really use smarter eyes to take a look and tell me if there is something simple I am missing... I am out of ideas, short of becoming an expert on this in the short time I have, and if I cant get it working we might stop this branch of development and I wont have a chance to :(
* I am using jdk-1.7 and 1.8
* bcmail-jdk14-125.jar works fine with the server (on any JDK version)
* encryption works fine, regardless of which version of BC
* signing fails to verify on the remote server if I upgrade BC
* two copies of the new code can communicate/sign/verify ok. 3rd party server has issue
* certs are self signed, using openssl to generate everything.
* cert works fine from old version to remote server, it is trusted there
Here is what the original code, using jdk14-1.25 looks like this, and is quite simple:
MimeBodyPart body = new MimeBodyPart();
bodyPart.setDataHandler(new DataHandler(
new ByteArrayDataSource(bytes[], contentType, null);));
SMIMESignedGenerator sGen = new SMIMESignedGenerator();
sGen.addSigner(senderKey, senderCert, "1.3.14.3.2.26"); // SHA1 algorithm
MimeMultipart signedData = sGen.generate(part, "BC");
// this is then encrypted (if needed), wrapped in a new MimeBodyPart
This is the simple version of the new code. I am using 'bcmail-jdk15on:1.51' and 'bcprov-jdk15on:1.51'. A more complicated version follows the more complex example and includes all sorts of stuff about capabilities and so on. That version comes from the example included in the JAR
SMIMESignedGenerator gen = new SMIMESignedGenerator("binary");
gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder()
.setProvider("BC")
.build("SHA1withRSA", senderKey, senderCert));
gen.addCertificates(new JcaCertStore(list(senderCert)));
MimeMultipart smime = gen.generate(part); // MimeBodyPart passed in to function
MimeBodyPart tmpBody = new MimeBodyPart();
tmpBody.setContent(signedData);
tmpBody.setHeader("Content-Type", signedData.getContentType()
Thanks for any hints or pointers, even code samples or reading, anyone has. I am out of other options at the moment, short of writing a new server in C# and trying the certs there, just for funsies.
~ Andrew Backer