Java 17 Digital-Signature Module

I’m integrating with the ERI department’s API and need a compact Java 17 component that can take arbitrary JSON plus an ERI-ID and return the fully signed payload the endpoint expects. The routine has to: • read a PKCS#12 (.pfx) keystore, • sign the data with SHA256withRSA via BouncyCastle classes such as CMSSignedData and JcaCertStore, • return the signature Base64-encoded and embedded in the outgoing JSON. Alongside the signing logic, I also want a small helper in the same package that AES-encrypts and decrypts the keystore password so I never have to store it in plain text. Deliverables 1. Source code (one or more classes) that compile and run on Java 17. 2. A verification method that confirms the signature against the public certificate in the same .pfx. 3. A brief README explaining how to point the code at my actual .USB digital signature and credentials, how to call the signing method, and how to use the AES helpers for password handling. I’ll provide a sample .pfx and test credentials during development; final checks will run against the ERI sandbox. If you’ve handled PKCS#12, BouncyCastle and Java security APIs before, this should be a straightforward engagement and I’m ready to start right away.

Project ID: 39737523