Bouncycastle in wtk2.2

Similar Messages

• WTK2.2 Installation Problem on Suse 9.2

  Hi,
  I can't seem to install WTK2.2 on Suse 9.2 pro. I am using the JDK packaged with SUSE 9.2. Below is the version info:
  java version "1.4.2_05"
  Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_05-b04)
  Java HotSpot(TM) Client VM (build 1.4.2_05-b04, mixed mode)
  When I execute the WTK2.2 installation file, it terminates when it tries to extract the binary files from the installation file. Below is the error message:
  Extracting the installation files...
  Error! CRCs do not match! Got e61aebb2, expected f53ddfb0
  Failed to extract files. Installation will stop now.
  Please try to install J2ME Wireless Toolkit again, or contact [email protected] for assistance.
  Any pointer will be greatly appreciated.
  Thanks.

  Thanks. That works fine.
  I've found that /etc/alternatives/java_sdk
  and also works and is a bit more generic.
  I installed in /opt/WTK2.2 as root, and found the following was necessary to allow
  end users to run the toolkit. (NOTE: I cannot even BEGIN to tell you if this is anything
  but functional. It is most likely a security NIGHTMARE waiting to happen. You have
  been warned!)
  chmod o+w WTK2.2/apps
  chmod o+w WTK2.2/wtklib
  chmod o+w WTK2.2/sessions
  cd WTK2.2/bin
  chmod o+x defaultdevice emulator ktoolbar libjmcustommpx.so libzayit.so \
          mekeytool prefs preverify preverify1.0 preverify1.1 runmidlet utils \
          wscompile zayit

• GetKeyStates problem in WTK2.5

  Hi,
  I am developing a card game for my Final Year Project. It's already in the final stage but I got a strange problem recently after I installed some 'new' development software. I am using Eclipse 3.2.1, WTK 2.5, Carbide 1.5, and S60 Emulator 3rd edition.
  My game can run perfectly in the S60 emulator but problems occur when testing in the WTK 2.5. The problems are not occur in the game but a simple menu, when the user press up, the choice go up, press down then go down, that's very simple. The class is extends GameCanvas and implements Runnable and CommandListener. There is a method "chkInput()" inside the game loop (run()) for checking the key states.
       private void chkInput() {
            int keyStates = getKeyStates();
            if ((keyStates & UP_PRESSED) != 0)
                 selectMenu(-1);
            if ((keyStates & DOWN_PRESSED) != 0)
                 selectMenu(1);
            if ((keyStates & FIRE_PRESSED) != 0)
                 if (!players[currSelection].isEmpty())
                      chkPlayerInfo();               
       }The system will display the binary value of ketStates when I am debugging it. When I was testing it in S60 Emulator, the keyStates are very normal such that it was "10" when the user pressed up, "1000000" when the user pressed down and "100000000" when the user pressed fire.
  However, when I was testing in WTK2.5, the keyStates became weird such that it was "100000010" when I pressed up at the first time, after that, the game loop is running and the system is keep displaying that the keyStates is "100000000" which is the fire button!!!?? But actually I haven't touch anything! The keyStates became "100000010" even I pressed up.
  I really got crazy and still cannot fix it for a day! Please help........

  I am also facing the same problem in WTK 2.5
  The getKeyStates() returns 256 instead of 0 when no key is being pressed. What could be the problem? It works normally in WTK 2.2 and Sony Ericsson Tool Kits. Is this a bug in WTK 2.5?

• What error is this? for BouncyCastle

  I tried to run this bouncycastle example but encounter this error? what happen to this?? can someone enlighten me? thanks.
  D:\testing>java PKCS12Example
  Exception in thread "main" java.io.IOException: exception encrypting data - java
  .security.NoSuchProviderException: JCE cannot authenticate the provider BC: java
  .lang.SecurityException: Cannot verify jar:file:/D:/testing/!/: java.security.Pr
  ivilegedActionException <<java.util.zip.ZipException: Access is denied>>
  at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.wrapKey(JDKPKCS12KeyS
  tore.java:562)
  at org.bouncycastle.jce.provider.JDKPKCS12KeyStore.engineStore(JDKPKCS12
  KeyStore.java:1003)
  at java.security.KeyStore.store(KeyStore.java:576)
  at PKCS12Example.main(PKCS12Example.java:478)

  If you installed the Sun JCE in your jre/lib/ext directory (which I suggest unless you have some reason not to), you probably neglected to add both the policy files to the same directory. Unfortunately, I'm pretty sure that this is the same Exception you will see no matter what goes wrong when trying to load the classes, so frankly, it's difficult to diagnose the problem.
  Also make sure your system's date and time are set correctly.
  If you still have problems, may I suggest the BouncyCastle provider (http://www.bouncycastle.org) that most people in this forum seem to be using.

• Problem with WTK2.5.1 in Solaris 10

  Greetings,
  I've installed Wireless ToolKit 2.5.1 in Solaris 10 OS and after successful installation when I run the application from path /WTK2.5.1/bin/ktoolbar it gives me error like:
  ktoolbar : MMAPI_GM_SOUNDBANK=/WTK2.5.1/lib/soundman.dls is not a valid identifier.
  I've checked my audio device and multimedia supports it is working perfectly and I am stuck in between.
  I would like to clear that I am not very proficient in Solaris, so please guide me so, that I can successfully run ktoolbar from solaris.
  Thank you all

  parag.rughani
  Perhaps you might have a better chance of getting a meaningful response in the New to Solaris forum
  http://forum.java.sun.com/forum.jspa?forumID=863
  or even the General Solaris 10 Discussion forum
  http://forum.java.sun.com/forum.jspa?forumID=844
  If you decide to post there, please provide a reference and link to this post so that you are not accused of cross-posting.
  All of this may already be known to you -- providing my analysis in the hope that it may throw some small light on the problem.
  MMAPI_GM_SOUNDBANK=/WTK2.5.1/lib/soundman.dlsMMAPI -- MultiMedia API for j2me
  GM -- General Midi
  SOUNDBANK -- self-explanatory :-)
  soundman.dls -- *.dls files are Drum Kits for MIDI audio. They contain audio clips for the various drum sounds implemented through the MIDI interface, in a specified format.
  In Windows, if a custom dls file cannot be loaded, the system reverts to the default one provided by M$. Whether any error is notified or not depends on the circumstances.
  If Solaris has any similarities on this, you may be able to configure the soundman.dls from whatever is the equivalent of Windows Control Panel.
  I know that's not very helpful.
  Wish you luck, Darryl

• PGP error in PI 7.4 - BouncyCastle Provider not found

  Hi ,
  I am working on PGP encryption in SAP PI7.4 .
  I have followed below link :
  PGPEncryption Module: A Simple How to Guide
  Using PGP in Process Integration
  But while doing end to end scenario it is givingg error :
  Exception caught by adapter framework: Could not process message, BouncyCastle Provider not found (java.security.NoSuchProviderException: unable to find provider.)
  In my sandbox it was woking fine but when trying to do the same thing in Dev box it staretd giving error .
  Can somebody help me .
  Thanks ,
  Anurag

  Hi Anurag
  You should check if the Secure Connectivity add on was deployed correctly in your Dev system. Maybe there are some missing JAR or SCA files.
  Refer to the Secure connectivity add-on installation guide on how to download and deploy the SCA files. You can find this guide on the Service Marketplace (search for PI SFTP PGP ADDON.)
  You can also refer to the following How-to guide on checking the installation via NWA. The guide is for SFTP but you can follow the same steps in page 2 to check.
  How To Configure SFTP Adapter in SAP PI
  Rgds
  Eng Swee

• BouncyCastle+Verify Signature

  Hi all,
  I am currently developing an application for a mobile phone that needs to check a signature received in an xml message. The problem is that I'm using bouncycastle to check that signature, but I am not using bouncycastle for signing the message (I'm just using the security packages that come with J2SE 1.4.2).
  Are there any differences in the way the signatures are processed by J2SE and BouncyCastle for J2ME?
  I am using SHA-1 to create a digest of the message and then sign it using an RSA key!
  Thanks in advance,
  Joao!

  Hi Joao!,
  Bouncycastle is created according specific rfc's. These rfc's describe how things should be used. If your other product uses the same rfc's you may say they do the same thing. If not, i wouldn/'t be so sure. Look at http://www.bouncycastle.org/docs/mdocs1.4/index.html. It say's bouncycastle they use rfc 3369 (formely 2630). Check your other product if they are using the same rfc.
  Good luck,
  Remy de Boer
  Oh, i've read somwhere that rfc 3369 is compatible with rfc 2630. If somebody say's otherwise please respond.

• OpenPGP encryption using bouncycastle in XI

  Hi All,
  I am trying to encrypt IDOC flat files with PGP encryption before ftp them to a remote server. I am using bouncycastle libraries. I tested outside XI using their sample programs. Everything works fine. But when I deploy to XI, I receive the following error messages:
  "The provider BC may not be signed by a trusted party"
  I tried with two different ways in XI:
  1. Using Java mapping - this is not a standard approach. First, I have an ABAP map to convert the IDOC from XML to flat file. Then use the second Java map to encrypt the content. With this approach, I need to import the bouncycastle libraries into "Imported Archives". I think XI actually unpack the jar files during the import process. So it did modify the signed jar files from boucycastle. This error message makes a lot of sense.
  2. Using adapter module - this is the recommended approach. I developed a module EAR and bundled the libraries and deployed to XI using NWDS SDM. But I still got the same error. I am going to try again with visual administrator and see if that will make any difference.
  I am running out of ideas. Does anyone have successful experience using bouncycastle within XI? Any help is greatly appreciated.
  Thanks in advance!
  Kenny

  Hi folks!
  Kenny, did you solve this?
  How have your approch been?
  (could you acutally write the steps in here so that folks like me can understand what to do!)
  Is it even possible to paste the code you are using for this? I am right trying to do the same thing but I am not 100% sure on the Java coding.
  I need to PGP encrypt a flatfile, and then FTP the file to another system. Seems pretty much to be a perfect match for what you have done!
  Thanks in advance.
  Mattias Kardell

• Anyone had problems with BouncyCastle on AIX using IBM's JVM 1.3.0?

  I'm having an issue on AIX with IBM's JVM 1.3.0; the same code and configuration has worked on other OSs and JVMs, including the IBM JVM on Linux and Win2K. The JVM is barfing with a ClassCastException before even the first line of my code is being executed. The rather cryptic (no pun intended) error message is:
  Exception in thread "main" java.lang.ClassCastException: org.bouncycastle.jce.X509Principal
  The only reference I've seen on this is here:
  http://groups.google.com/groups?q=java.lang.ClassCastException:+org.bouncycastle.jce.X509Principal&hl=en&safe=off&rnum=1&selm=8s3l7u%249ks1%40webint.na.informix.com
  Anyone else seen this? Any AIX/IBM JVM 1.3.0/BouncyCastle users out there?
  TIA,
  Matthew
  Matthew T. Adams [[email protected]]
  Software Engineer, Architecture Group
  www.highwire.com

  You have the same problem that I was very annoyed.
  Remove your IBMJCEfw.jar from %JAVA_HOME%/jre/lib/ext directory.
  Anyway , I believe this message and exception is not appropriate ,
  or at least unkind one.
  I hope the ClassCastException will be handled and another message
  and Exception thrown such as "UnverifiedProviderException" in
  future release of JCE.
  # I'll submit a bug-report later.
  UKAI Hiroshi

• How to remove Jar signature in BouncyCastle jar file

  My problem is: When I expand bcprov.jar (Bouncycastle) and then I pack it into a one jar file with my application and other expanded jar files, I getting an error about the signature of Bouncycastle).
  I am using Ant to expand and create my jar file.
  Any Ideas , I would like to remove the signature of the bouncycastle jar file.
  thx in advance
  espinraf

  It's actually not easy to do it. There are various regexp ways of doing it. If you search you'll find them. But they are only partial solutions. What you really need to do is write an HTML parser, perhaps using Java's built-in HTML parser. That's the only way to really and truly extract text from HTML. It's a bit of an advanced programming task, though.

• Problem signing PDF from smart card - BouncyCastle, IAIK Wrapper, iText

  Hello!
  I need to sign and timestamp a PDF document with a smartcard. I'm using Java 1.6, iText to manage PDF, BouncyCastle to deal with cryptography and the free IAIK WRAPPER to access the smartcard.
  I've already searched the Internet to solve my problem, read the PDF specifications about the signature and followed snippets that should've worked, but after a couple of weeks I still don't have working code, not even for the signature. All the tries I made yield messages like "Signature has been corrupted" or "Invalid signature" (I can't remember the exact messages, but they're not in English anyway :D ) when I verify the signature in Adobe Reader.
  My first goal was to use an encapsulated signature, using filter Adobe.PPKLITE, subfilter adbe.pkcs7.sha1 and a DER-Encoded PKCS#7 object as content.
  Among the tries I made, I used code such as (I don't include all modifications, just the ones I deem closer to the right approach):
       // COMMON - START
       ///// selectedKey is a iaik.pkcs.pkcs11.objects.Key instance of the private key I'm taking from the SC
       RSAPrivateKey signerPrivKey=(RSAPrivateKey)selectedKey;
       CertificateFactory certificateFactory=CertificateFactory.getInstance("X.509");
       ///// correspondingCertificate is a iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate instance of the certificate I'm taking from the SC
       byte[] derEncodedCertificate=correspondingCertificate.getValue().getByteArrayValue();
       X509Certificate signerCert=(X509Certificate)certificateFactory.generateCertificate(new ByteArrayInputStream(derEncodedCertificate));
       Provider provider=new BouncyCastleProvider();
       Security.addProvider(provider);
       ///// session is an instance of iaik.pkcs.pkcs11.Session
       session.signInit(Mechanism.SHA1_RSA_PKCS, signerPrivKey);
       File theFile = new File("C:\\toSign.pdf");
       FileInputStream fis = new FileInputStream(theFile);
       byte[] contentData = new byte[(int) theFile.length()];
       fis.read(contentData);
       fis.close();          
       PdfReader reader = new PdfReader(contentData);
       ByteArrayOutputStream baos = new ByteArrayOutputStream();
       PdfStamper stp = PdfStamper.createSignature(reader, baos, '\0');
       PdfSignatureAppearance sap = stp.getSignatureAppearance();
       // COMMON - END
       java.security.cert.X509Certificate[] certs=new java.security.cert.X509Certificate[1];
       CertificateFactory factory=CertificateFactory.getInstance("X.509");          
       certs[0]=(X509Certificate)factory.generateCertificate(new ByteArrayInputStream(correspondingCertificate.getValue().getByteArrayValue()));
       sap.setSignDate(new GregorianCalendar());
       sap.setCrypto(null, certs, null, null);
       sap.setReason("This is the reason");
       sap.setLocation("This is the Location");
       sap.setContact("This is the Contact");
       sap.setAcro6Layers(true);
       PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_SHA1);
       dic.setDate(new PdfDate(sap.getSignDate()));
       dic.setName(PdfPKCS7.getSubjectFields((X509Certificate)certs[0]).getField("CN"));
       sap.setCryptoDictionary(dic);
       int csize = 4000;
       HashMap exc = new HashMap();
       exc.put(PdfName.CONTENTS, new Integer(csize * 2 + 2));
       sap.preClose(exc);
       MessageDigest md = MessageDigest.getInstance("SHA1");
       InputStream s = sap.getRangeStream();
       int read = 0;
       byte[] buff = new byte[8192];
       while ((read = s.read(buff, 0, 8192)) > 0)
            md.update(buff, 0, read);
       byte[] signature=session.sign(buff);
       CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
       ArrayList list = new ArrayList();
       for (int i = 0; i < certs.length; i++)
            list.add(certs);
       CertStore chainStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(list), provider);
       generator.addCertificatesAndCRLs(chainStore);
       CMSProcessable content = new CMSProcessableByteArray(md.digest());
       CMSSignedData signedData = generator.generate(CMSSignedDataGenerator.ENCRYPTION_RSA, content, true, provider);
       byte[] pk = signedData.getEncoded();
       byte[] outc = new byte[csize];
       PdfDictionary dic2 = new PdfDictionary();
       System.arraycopy(pk, 0, outc, 0, pk.length);
       dic2.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true));
       sap.close(dic2);
       File newOne = new File("C:\\signed.pdf");
       FileOutputStream fos = new FileOutputStream(newOne);
       fos.write(baos.toByteArray());
       fos.close();
  I figured this is the right approach, but I need a way to generate the CMSSignedData instance, which can't be done using addSigner (the only documented way I found), since the private key is not extractable from a smart card...
  Then I decided to give up and try with a detached signature:
       // COMMON - START
       // Same as above
       // COMMON - END
       sap.setSignDate(new GregorianCalendar());
       java.security.cert.X509Certificate[] certs=new java.security.cert.X509Certificate[1];
       CertificateFactory factory=CertificateFactory.getInstance("X.509");          
       certs[0]=(X509Certificate)factory.generateCertificate(new ByteArrayInputStream(correspondingCertificate.getValue().getByteArrayValue()));
       sap.setCrypto(null, certs, null, PdfSignatureAppearance.SELF_SIGNED);
       sap.setSignDate(java.util.Calendar.getInstance());
       sap.setExternalDigest (new byte[8192], new byte[20], "RSA");
       sap.preClose();
       MessageDigest messageDigest = MessageDigest.getInstance ("SHA1");
       byte buff[] = new byte[8192];
       int n;
       InputStream inp = sap.getRangeStream ();
       while ((n = inp.read (buff)) > 0)
            messageDigest.update (buff, 0, n);
       byte hash[] = messageDigest.digest();
       byte[] signature=session.sign(hash);
       PdfSigGenericPKCS sg = sap.getSigStandard ();
       PdfLiteral slit = (PdfLiteral)sg.get (PdfName.CONTENTS);
       byte[] outc = new byte[(slit.getPosLength () - 2) / 2];
       PdfPKCS7 sig = sg.getSigner ();
       sig.setExternalDigest (session.sign(hash), hash, "RSA");
       PdfDictionary dic = new PdfDictionary ();
       byte[] ssig = sig.getEncodedPKCS7();
       System.arraycopy (ssig, 0, outc, 0, ssig.length);
       dic.put (PdfName.CONTENTS, new PdfString (outc).setHexWriting(true));
       sap.close (dic);
       File newOne = new File("C:\\signed.pdf");
       FileOutputStream fos = new FileOutputStream(newOne);
       fos.write(baos.toByteArray());
       fos.close();
  I'm still stuck to the signature process, can anyone please tell me what I'm doing wrong and help me (snippets would be deeply appreciated), maybe even changing approach in order to be able to add a digital timestamp?
  Thank you very much in advance!
  PS: I had also tried to use the SunPKCS11 provider to access the smart card, I gave up for similar problems, but if someone has suggestions using it, they're welcome! :D

  Hello!
  I need to sign and timestamp a PDF document with a smartcard. I'm using Java 1.6, iText to manage PDF, BouncyCastle to deal with cryptography and the free IAIK WRAPPER to access the smartcard.
  I've already searched the Internet to solve my problem, read the PDF specifications about the signature and followed snippets that should've worked, but after a couple of weeks I still don't have working code, not even for the signature. All the tries I made yield messages like "Signature has been corrupted" or "Invalid signature" (I can't remember the exact messages, but they're not in English anyway :D ) when I verify the signature in Adobe Reader.
  My first goal was to use an encapsulated signature, using filter Adobe.PPKLITE, subfilter adbe.pkcs7.sha1 and a DER-Encoded PKCS#7 object as content.
  Among the tries I made, I used code such as (I don't include all modifications, just the ones I deem closer to the right approach):
       // COMMON - START
       ///// selectedKey is a iaik.pkcs.pkcs11.objects.Key instance of the private key I'm taking from the SC
       RSAPrivateKey signerPrivKey=(RSAPrivateKey)selectedKey;
       CertificateFactory certificateFactory=CertificateFactory.getInstance("X.509");
       ///// correspondingCertificate is a iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate instance of the certificate I'm taking from the SC
       byte[] derEncodedCertificate=correspondingCertificate.getValue().getByteArrayValue();
       X509Certificate signerCert=(X509Certificate)certificateFactory.generateCertificate(new ByteArrayInputStream(derEncodedCertificate));
       Provider provider=new BouncyCastleProvider();
       Security.addProvider(provider);
       ///// session is an instance of iaik.pkcs.pkcs11.Session
       session.signInit(Mechanism.SHA1_RSA_PKCS, signerPrivKey);
       File theFile = new File("C:\\toSign.pdf");
       FileInputStream fis = new FileInputStream(theFile);
       byte[] contentData = new byte[(int) theFile.length()];
       fis.read(contentData);
       fis.close();          
       PdfReader reader = new PdfReader(contentData);
       ByteArrayOutputStream baos = new ByteArrayOutputStream();
       PdfStamper stp = PdfStamper.createSignature(reader, baos, '\0');
       PdfSignatureAppearance sap = stp.getSignatureAppearance();
       // COMMON - END
       java.security.cert.X509Certificate[] certs=new java.security.cert.X509Certificate[1];
       CertificateFactory factory=CertificateFactory.getInstance("X.509");          
       certs[0]=(X509Certificate)factory.generateCertificate(new ByteArrayInputStream(correspondingCertificate.getValue().getByteArrayValue()));
       sap.setSignDate(new GregorianCalendar());
       sap.setCrypto(null, certs, null, null);
       sap.setReason("This is the reason");
       sap.setLocation("This is the Location");
       sap.setContact("This is the Contact");
       sap.setAcro6Layers(true);
       PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_SHA1);
       dic.setDate(new PdfDate(sap.getSignDate()));
       dic.setName(PdfPKCS7.getSubjectFields((X509Certificate)certs[0]).getField("CN"));
       sap.setCryptoDictionary(dic);
       int csize = 4000;
       HashMap exc = new HashMap();
       exc.put(PdfName.CONTENTS, new Integer(csize * 2 + 2));
       sap.preClose(exc);
       MessageDigest md = MessageDigest.getInstance("SHA1");
       InputStream s = sap.getRangeStream();
       int read = 0;
       byte[] buff = new byte[8192];
       while ((read = s.read(buff, 0, 8192)) > 0)
            md.update(buff, 0, read);
       byte[] signature=session.sign(buff);
       CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
       ArrayList list = new ArrayList();
       for (int i = 0; i < certs.length; i++)
            list.add(certs);
       CertStore chainStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(list), provider);
       generator.addCertificatesAndCRLs(chainStore);
       CMSProcessable content = new CMSProcessableByteArray(md.digest());
       CMSSignedData signedData = generator.generate(CMSSignedDataGenerator.ENCRYPTION_RSA, content, true, provider);
       byte[] pk = signedData.getEncoded();
       byte[] outc = new byte[csize];
       PdfDictionary dic2 = new PdfDictionary();
       System.arraycopy(pk, 0, outc, 0, pk.length);
       dic2.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true));
       sap.close(dic2);
       File newOne = new File("C:\\signed.pdf");
       FileOutputStream fos = new FileOutputStream(newOne);
       fos.write(baos.toByteArray());
       fos.close();
  I figured this is the right approach, but I need a way to generate the CMSSignedData instance, which can't be done using addSigner (the only documented way I found), since the private key is not extractable from a smart card...
  Then I decided to give up and try with a detached signature:
       // COMMON - START
       // Same as above
       // COMMON - END
       sap.setSignDate(new GregorianCalendar());
       java.security.cert.X509Certificate[] certs=new java.security.cert.X509Certificate[1];
       CertificateFactory factory=CertificateFactory.getInstance("X.509");          
       certs[0]=(X509Certificate)factory.generateCertificate(new ByteArrayInputStream(correspondingCertificate.getValue().getByteArrayValue()));
       sap.setCrypto(null, certs, null, PdfSignatureAppearance.SELF_SIGNED);
       sap.setSignDate(java.util.Calendar.getInstance());
       sap.setExternalDigest (new byte[8192], new byte[20], "RSA");
       sap.preClose();
       MessageDigest messageDigest = MessageDigest.getInstance ("SHA1");
       byte buff[] = new byte[8192];
       int n;
       InputStream inp = sap.getRangeStream ();
       while ((n = inp.read (buff)) > 0)
            messageDigest.update (buff, 0, n);
       byte hash[] = messageDigest.digest();
       byte[] signature=session.sign(hash);
       PdfSigGenericPKCS sg = sap.getSigStandard ();
       PdfLiteral slit = (PdfLiteral)sg.get (PdfName.CONTENTS);
       byte[] outc = new byte[(slit.getPosLength () - 2) / 2];
       PdfPKCS7 sig = sg.getSigner ();
       sig.setExternalDigest (session.sign(hash), hash, "RSA");
       PdfDictionary dic = new PdfDictionary ();
       byte[] ssig = sig.getEncodedPKCS7();
       System.arraycopy (ssig, 0, outc, 0, ssig.length);
       dic.put (PdfName.CONTENTS, new PdfString (outc).setHexWriting(true));
       sap.close (dic);
       File newOne = new File("C:\\signed.pdf");
       FileOutputStream fos = new FileOutputStream(newOne);
       fos.write(baos.toByteArray());
       fos.close();
  I'm still stuck to the signature process, can anyone please tell me what I'm doing wrong and help me (snippets would be deeply appreciated), maybe even changing approach in order to be able to add a digital timestamp?
  Thank you very much in advance!
  PS: I had also tried to use the SunPKCS11 provider to access the smart card, I gave up for similar problems, but if someone has suggestions using it, they're welcome! :D

• Can using BouncyCastle be an alternative to installing the policy files?

  Hey, sorry if this is a dumb question but I have been looking into this all day.
  I want to write a program that incorporates unlimited strength encryption, but installing the JCE Unlimited Strength Jurisdiction Policy Files is not an option (I can do it on one of the development machines, but I don't have write access to JAVAHOME on the other, and I can't expect every user of the program to install these files).
  Now I know that if I specify BouncyCastle as a provider when using JCE, I still have to install the above files... but what if I don't use JCE and I use the algorithms provided (handily without any form of documentation whatsoever) by BouncyCastle - can this be a workaround? I've heard conflicting views on this.
  If this isn't the case, can anyone please point me in the right direction of what I could do instead? Ie. if there was some way to include these files in the classpath rather than actually install them.
  Also, if using BC is a solution to problem, I would really appreciate it if anyone has such an example of AES-256 encryption and decryption with CBC and padding that they could point me in the direction of, I am having a real issue figuring out the BC API.
  Thank-you so much if you can help me.

  As long as you use the BouncyCastle lightweight crypto API rather than the JCE you should not encounter any of the JCE's restrictions. This means you cannot use Cipher.getInstance("Whatever/ABCCBC/TooMuchPadding", "BC"). Just include the lightweight api jar in your class path; the source is here: http://www.bouncycastle.org/download/lcrypto-jdk1<whatever>-139.zip
  I haven't played with bouncycastle in awhile, but I think something like this will get you started:
  BlockCipher aes = new AESEngine();
  CBCBlockCipher aes_cbc = new CBCBlockCipher(aes);
  byte [] key = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}; // 16 bytes for AES-128
  CipherParameters params = new KeyParameter(key);
  aes_cbc.init(true, params);
  //...

• BouncyCastle Key Store

  I am creating a CA.
  I have a self-signed certificate (selfsignedCAcert) generated using the BouncyCastle X509V3CertificateGenerator().
  I would now like to create a keystore to add more certificates later as well as include the self-signed certificate in it.
  The setCertificateEntry() method is simple:
  KeyStore ks = KeyStore.getInstance("PKCS12");ks.setCertificateEntry(alias, selfsignedCAcert);However, I would also like to store the corresponding PrivateKey in the keystore, which requires
  ks.setKeyEntry(alias, privkey, password.toCharArray(), Certificate[] chain);I have only my self signed certificate for the time being, containing RSA PublicKey, and signed with a DSA PrivateKey
  How do I generate such a keystore, store the self-signed as well as other certificates and finally call
  ks.store(stream, password);Any suggestions or code would be helpful.
  BTW, if anyone wants sample code for using X509V3CertificateGenerator(), I have it available.
  Thanks in advance.

  hey i need some help...
  why does this happen ->
  unreported exception java.security.KeyStoreException; must be caught or declared to be thrown
  KeyStore keyPairKS= KeyStore.getInstance("jks");
  i see you have a line similar to this..didn't you get an error?
  Thanks, I also need the sample code on the bouncycaslte certificate generator

• BouncyCastle Files not found at Runtime

  I am trying to do encryption/decryption using
  bouncycastle. At compile time, there is no
  problem but when I run the J2ME emulator, I get
  the error:
  java.lang.NoClassDefFoundError: org/bouncycastle/asn1/ASN1InputStream: Cannot create class in system package
  Line of code:
            InputStream in = getClass().getResourceAsStream("/public.key");
            ASN1InputStream aIn = new ASN1InputStream(in);
  I created a directory called lib under my J2ME project root directory
  and I included the files cldc_classes.jar and cldc_crypto.jar
  and those classes are in my build path. I am using Java 5 and WTK 2.5
  with proguard 4.4 and Eclipse GANYMEDE as IDE.
  Any help will be greatly appreciated.
  Thanks.
  Taji

  Okay, I finally figured out the solution to this problem. The bouncy castle jars contain some classes in the java.* package like BigInterger, SecureRandom, etc and these classes are being confused with the regular java.* system packages. So what I did was rename the java.* packages in the bouncy castle files to my own package like simpaq.* and everything worked just fine. I hope this helps someone.
  Taji

• How can a web service  be compliant with the WTK2.1?

  I'm using WTK2.1 to develop mobile clients consuming web services.
  After published a web service by Apache Axis, I use WTK2.1's Stub Generator to
  generate the stub class.
  As required by JSR172, I use the "document/literal" encoding style.
  The web service class has only one method:
  public int newUser(String userName, String password) {
  But when I use Stub Generator to generator the stub class, I get the following messages:
  ************************ Error messages begin *****************************
  warning: R2716 WSI-BasicProfile ver. 1.0, namespace attribute not allowed in doc/lit for soapbind:body: "newUser"
  warning: R2716 WSI-BasicProfile ver. 1.0, namespace attribute not allowed in doc/lit for soapbind:body: "newUser"
  warning: ignoring operation "newUser": more than one part in input message
  warning: Port "User" does not contain any usable operations
  ************************ Error messages end *****************************
  And following is the wsdl file:
  <?xml version="1.0" encoding="UTF-8"?>
  <wsdl:definitions targetNamespace="http://localhost:8080/web/services/User" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:apachesoap="http://xml.apache.org/xml-soap" xmlns:impl="http://localhost:8080/web/services/User" xmlns:intf="http://localhost:8080/web/services/User" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns1="http://ws.mauction.scucdut.edu.cn" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><wsdl:types><schema targetNamespace="http://ws.mauction.scucdut.edu.cn" xmlns="http://www.w3.org/2001/XMLSchema"><element name="userName" type="xsd:string"/><element name="password" type="xsd:string"/></schema><schema targetNamespace="http://localhost:8080/web/services/User" xmlns="http://www.w3.org/2001/XMLSchema"><element name="newUserReturn" type="xsd:int"/></schema></wsdl:types>
  <wsdl:message name="newUserRequest">
  <wsdl:part element="tns1:userName" name="userName"/>
  <wsdl:part element="tns1:password" name="password"/>
  </wsdl:message>
  <wsdl:message name="newUserResponse">
  <wsdl:part element="impl:newUserReturn" name="newUserReturn"/>
  </wsdl:message>
  <wsdl:portType name="User">
  <wsdl:operation name="newUser" parameterOrder="userName password">
  <wsdl:input message="impl:newUserRequest" name="newUserRequest"/>
  <wsdl:output message="impl:newUserResponse" name="newUserResponse"/>
  </wsdl:operation>
  </wsdl:portType>
  <wsdl:binding name="UserSoapBinding" type="impl:User">
  <wsdlsoap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
  <wsdl:operation name="newUser">
  <wsdlsoap:operation soapAction=""/>
  <wsdl:input name="newUserRequest">
  <wsdlsoap:body namespace="http://ws.mauction.scucdut.edu.cn" use="literal"/>
  </wsdl:input>
  <wsdl:output name="newUserResponse">
  <wsdlsoap:body namespace="http://localhost:8080/web/services/User" use="literal"/>
  </wsdl:output>
  </wsdl:operation>
  </wsdl:binding>
  <wsdl:service name="UserService">
  <wsdl:port binding="impl:UserSoapBinding" name="User">
  <wsdlsoap:address location="http://localhost:8080/web/services/User"/>
  </wsdl:port>
  </wsdl:service>
  </wsdl:definitions>
  So, can anybody tell me how to make the web service be used by the Stub Generator properly?

  Hi,
  I am new to WTK 2.1 and I am also using Axis to generate WSDL.
  one thing I figured out was to remove the namespace info behind all body tags.
  for instance in your code, replace:
  <wsdlsoap:body namespace="http://localhost:8080/web/services/User" use="literal"/>
  by
  <wsdlsoap:body use="literal"/>
  and it should work. don't ask me why but it worked for me.