Getting public key from digital signature

Question

I am working on a java based licensing project. I have a digital certificate file and the data for which the signature was generated. Is there some API or means to get the public key from these information? Basically Public Key from the data and digital certificate information.

Answer 1

The Bouncy Castle API has a SignedData class which has a method for getting certificate(s).

Answer 2

If you digital signature is of format PKCS#7 - not detached, then there is a possibility that the sender would have included the certificate as a part of the digital signature.

You will be required to parse the signature to get the certificate.

Answer 3

Your question is very vague IMHO.

I have a digital certificate file and the data for which the signature was generated

If the certificate file has the public key used to verify the signature then you can load it using standard java apis (assuming X509 Certificates).

FileInputStream fin = new FileInputStream("PathToCertificate");
CertificateFactory f = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate)f.generateCertificate(fin);
PublicKey pk = certificate.getPublicKey();

Once you have the public key you can use it to verify the signature.
Is this what you want?

Answer 4

The certificate must bear a reference to the id of the key used to certify your data. From this key, should be able to contact the corresponding certificate authority and obtain the public key by providing its id. It may be available from a public repository too.

The id of the certificate authority should also appear on this certificate.

There are APIs available for sure, but the question is, which framework are you using for digital signatures? Do you have its name? Do you know the certificate type?