Creating a Cerificate for Bouncy Castle Encryption

Question

I am trying to create a self-signed certificate to use for encrypting an email using bouncycaste.

What would be the best way to generate a certificate?

I have tried using openssl but I have had problems with certificate.

Here is the code I am using to encrypt, I am using 3des.

SMIMEEnvelopedGenerator gen = new SMIMEEnvelopedGenerator();
gen.addKeyTransRecipient(x509Cert); // adds an X509Certificate

MimeBodyPart encData = 
    gen.generate(mimeBodyPart, SMIMEEnvelopedGenerator.DES_EDE3_CBC, "BC");

EDIT: Sorry for being vauge but the error message I am getting doesn't seem to be very useful.

The message is as follows:

org.openas2.WrappedException: org.bouncycastle.mail.smime.SMIMEException:
 key invalid in message.

This is thrown when I call the SMIMEEnvelopedGenerator.generate method.

I am currently attaching the source code in Eclipse to see if I can get a more useful error message by stepping through the code.

Answer 1

I would use keytool or openssl to generate a self-signed certificate. If you are having problems then post them, don't just say you are having problems. If you want to generate the certificate from your java code use the org.bouncycastle.x509.X509V3CertificateGenerator class

Answer 2

You should be okay with openssl; this is the command I would use to generate a self-signed cert:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem

This will create a file called mycert.pem which contains both the private key and the self signed cert. Note in this example the key is unencrypted which is okay for testing purposes. Both key and cert are PEM encoded and include the standard header and footer lines.