While it is possible to verify CMS messages using the Java
Security APIs directly, the Mozilla JSS and the BouncyCastle
providers provide CMS-specific classes that encapsulate a lot
of the lower-level APIs, making it easier to deal with CMS
objects.
http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/pkix/cms/package-summary.html
http://www.bouncycastle.org/docs/docs1.5/index.html
Arshad Noor
StrongAuth, Inc.
Nelson B wrote:
Ian Coates wrote:
I used crypto.signtext() method on FireFox 1.5 to sign a Text, now I want to
verify that signature on a Java server.
I looked the documentation but I don't understand how to verify the
signature without the signer certificate. I suppose the certificate comes in
the signature, but I don't know how to access it.
The signature conforms to CMS ("Cryptographic Message Syntax", RFC 3369),
which is a superset of PKCS#7 v1.5.
The signature produced by signtext is an "external signature" (a term defined
in those standards, also known as a "detached signature").
I'm sure there is some standard java class/method for checking these CMS
signatures, but off hand I don't know what it is named.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
