My application is using java security APIs to sign a file and verify it. While signing , I am using PFX file and password as inputs and after signing I am generating a signature file using the bytes. While verification process I am using signature file ,certificate file and the signed file as inputs. I am successfully able to sign and verify using the above process. But now I have a different scenario wherein I have to use a cross certificate and timestamp also in my application for signing. I did a bit of study and found that we can get public key from cross certificate but am unable to understand as to how to use it. I have also found a method where in I can create a secret key file in which I can embed the public key and the hash of the data being signed, but I can't use this file in my parameter list being used while verification because I have to just use 3 parameters while verification i.e. 1) Path of file to be verified,2) Signature file generated as a part of signing and 3) certificate file generated corresponding to the PFX which was used while signing.
So if anyone can please help me in understanding the usage of cross certificate and using the same it in Java code, it will be great help.
Thanks
Aucun commentaire:
Enregistrer un commentaire