0

I need to encrypt and sign data using PKCS7(CMS). I am using bouncy castle provided api to achieve this using java . Till now what i understood is i need to follow these steps

  1. Need to generate a key pair private & public key using some algorithm say RSA
  2. Certify it with X509 certificate
  3. Convert it into PKCS7 key format like p7b
  4. Generate java key store using keytool some *.jks file
  5. Generate the Certificate Signing Request (CSR) using keytool command *.crt
  6. Become self CA(Certificate Autority) and certify
  7. Import key from keystore created in previous stem and encrypt sign and decrypt data

I still need to figure out what steps i need to follow to sign,encrypt,decrypt data.
My question is

  1. Is my steps are correct ?
  2. How do i certify key pair generated by RSA algorithm and convert into PKCS7 key format
  3. How do i become self CA and certify
  4. I got this to encrypt and sign, still i am confused with steps to follow and also most of them are deprecated.
Community
  • 1
  • 1
Arvind Purohit
  • 49
  • 2
  • 5
  • 10

1 Answers1

1

What you need is not BouncyCastle.

You need OpenSSL and a guide.

  1. OpenSSL

  2. How to set up your own certificate authority

  3. How to create a self-signed certificate

  4. How to use a certificate in Java

Alternatively, to generate and store an RSA key using Java:

Generate RSA key pair and encode private as string

Community
  • 1
  • 1
Lai Xin Chu
  • 2,462
  • 15
  • 29