The PKCS package, com.ibm.security.pkcs7, consists of a variety of classes to help in the signing and encryption of data. The pkcs7 package implements version 1.5 of the PKCS #7 standards and includes a number of enhancements from RFC 2630.
Depending on the action you need to perform, you may need to use one or more of the following classes.
The SignedData class allows you to represent the various forms of signed data:
This form of the SignedData object bundles all the elements together: the contents, signing certificate(s), and SignerInfo signature information.
This form of the SignedData object removes the contents after generating the signature. This allows the contents to be packaged and/or transported separately to the detached contents SignedData object.
This form of the SignedData object is useful for encapsulating an issued certificate.
When you create a SignedData object, specify a signature algorithm to be used in the signing operation. Valid signature algorithms are: MD2withRSA, MD5withRSA, SHA1withRSA, and SHA1withDSA.
Consult the PKCS7SignedData.java file for a sample of how to create a SignedData object and verify its contents.
All the sample .java files can be found within docs\pkcs\pkcssamples.jar and on a Unix system in docs/pkcs/pkcssamples.jar. Within the jar file there is a src directory containing the source code for the samples.
The EnvelopedData class allows you to encapsulate encrypted data so that only the recipient can view the information.
When you create the EnvelopedData object, you will need to specify an encryption algorithm to use to protect the data and a keysize. Valid values for the algorithm are DES, DESede and RC2. Valid values for the keysize are 56 (for DES or RC2) and 112 or 168 (for DESede).
Note that the receiver must use their private key to extract the contents. The private key must correspond to the public key in the certificate and the certificate must have been added to the EnvelopedData object with the addRecipient method.
Consult the PKCS7EnvelopedData.java file for a sample of how to create a EnvelopedData object and decrypt its contents.
All the sample .java files can be found within
docs\pkcs\pkcssamples.jar
and on a Unix system in
docs/pkcs/pkcssamples.jar.
Within the jar file there is a
src directory containing the source code for the samples.