Hello,

    Thank you very much for your reply,  AnisimovSPB. Nice code, but I have always got the problem that when I succeded get the CMSSignedDataInputStream, I want do the next thing that I use the method getCMSInputStream() with the CMSSignedDataInputStream that I got, it gave me always a null.

Dose anyone know that what wrong with this CMSSignedDataInputStream,  by the way I use the keyStore like this RIMKeyStore rks = new RIMKeyStore("xxx"); and after that I add the information by useing the set.

Thanks advance and I hope you all have a nice day.

As far as I understand, you should always use current instance of DeviceKeyStore because BlackBerry searches appropriate certificates from the real keystore to check SMIME signature when you call CMSSignedDataInputStream.verify(CMSEntityIdentifier). The DeviceKeyStore contains CA certificates, one of which could be a root for SMIME message sender's certificate. If so, it could validate user's certificate and validate it's owner signature.

Debugging the work of S/MIME library in JDE I realized that it always uses DeviceKeyStore instance during SMIME body verification. Every time I open SMIME message I sent it does something like this:

CMSContext context = CMSInputStream.getContext(Base64InputStream);

CMSInputStream cis = CMSInputStream.getCMSInputStream(context, DeviceKeyStore.getInstance(), null, true); // cis is usually an instance of CMSSignedDataInputStream

if (cis.isDataPresent()) {

    ... do something ..

    if (cis.isSignedReceiptRequested()) {

        ... do something ...

    }

    CMSInputStream internalStream = cis.getCMSInputStream();

    MIMETypeInputStream mis = new MIMEInputStream(internalStream);

    ... do something ...

}

If you want to see, how SMIME library checks SMIME message signatures and body, you should do the next things:

1) Download AEP SMIME Package

2) Install "net_rim_bb_smime.cod" .cod module into your simulator (just run the simulator and select File -> Load Java Program

3a) Install CA certificate (.cer file), then create a key pair, create public key X509 certificate which is signed by your CA and then install your private key with your public key certificate into your DeviceKeyStore using DeviceKeyStore.getInstance().set(...) method

or (more simple way)

3b) Create a key pair, then create self-signed X509 Certificate (using X509Certificate.create(..) method) and then install private key with your public key certificate into your DeviceKeyStore using DeviceKeyStore.getInstance().set(...) method

4) Select your certificate in S/MIME options

5) Go to blackberry email client, compose new email message choosing "Sign" SMIME option.

6) Send message

7) Make sure that you are in debug mode

8) Order the JDE to stop when a net.rim.device.api.crypto.cms.CMSSignedDataInputStream instance is created (make a breakpoint when instance of this class created)

9) Open the email you signed and sent

10) Observe ))

My revelation was the BB never searches digest algorithm via it's name and OID (in CMSUtilities.getSignatureDigest() method). It is a disappointing imperfection, because it doesn't let me add new digest algorithms using OIDs.add(...) and DigestFactory.register(...) methods.

It is also possible that you have zero-sized byte array of your SMIME message part. If so you need to download the remainder from your server with AttachmentDownloadManager or using "Message.addMessageListener(MessageListener)" and "Transport.more(BodyPart, boolean)" methods.