J-PKCS7 Signer/Enveloper

M. Gallant 10/08/2003

This web utility uses a combination of CAPICOM 2 and signed Java applet technologies to demonstrate digital signature generation, signature verification, enveloping (encryption to recipients) and deenveloping (decryption by recipients) of arbitrary win32 files (binary or text files) from within the IE browser context. Select a file to either sign, verify, envelope or decrypt, or type a target file path. Select any of Sign, Verify, Envelope or Decrypt File. To sign a file, you must have a certificate with associated private key in your "Personal" (or "My") CryptoAPI certificate store. The Detached Signature checkbox determines if the p7s signature includes the original file contents. To verify detached content signatures, a dialog prompts for the original source file. To envelope a file, you must have at least one public S-MIME certificate in the your "Other People" (or "AddressBook") certificate store. Depending on your email client, these certificates may be automatically added to the certificate store when you receive signed email from colleagues. If there is more than one certificate in the AddressBook, a Select Certificate dialog will be presented. Only the owner of the private key, associated with the recipient's public key can decrypt the enveloped file. Both the signing and enveloping implemented here generate binary DER pkcs7 output files. However, the verification of signatures and decryption of enveloped files supports both binary and base64 formats, including content signed as unicode data bytes (the code tries to determine how the data was encoded for signing/enveloping). File selection dialog starts in the Desktop directory. Output files have the default name "_javasciPK7". (Click the title header to hide this text).

Signing: Detached Signature

Michel I. Gallant