Ser*_*gub 3 c# bouncycastle .net-core pkcs#7
我想使用.Net Core(2.0)创建PKCS#7独立签名。
我在这里阅读了与我的问题或多或少相关的所有答案,并找到了这个和这个答案。其他所有的人都很无助。第一个示例完全满足我的需要,但是它依赖于.NetFramework。
第二个使用Bouncy Castle库,并且做些不同但相似的事情。我发现Portable.BouncyCastle项目在.Net Core上工作。据我了解,这是我唯一的选择。
这是第一个示例中的代码,并进行了一些修改:
string s = "data string";
byte[] data = Encoding.UTF8.GetBytes(s);
X509Certificate2 certificate = null;
X509Store my = new X509Store(StoreName.My,StoreLocation.CurrentUser);
my.Open(OpenFlags.ReadOnly);
certificate = my.Certificates.Find(X509FindType.FindByThumbprint, "my thumbprint", false)[0];
if (certificate == null) throw new Exception("No certificates found.");
ContentInfo content = new ContentInfo(new Oid("1.2.840.113549.1.7.1"),data);
SignedCms signedCms = new SignedCms(content, true);
CmsSigner signer = new CmsSigner(certificate);
signer.DigestAlgorithm = new Oid("SHA256");
// create the signature
signedCms.ComputeSignature(signer);
return signedCms.Encode();
就我而言,它工作正常。signedCms.Encode()返回1835个字节,并且该值通过验证。
但是,如果我使用BounceCastle,则会得到另一个结果。这是代码:
X509Certificate2 certificate = null;
X509Store my = new X509Store(StoreName.My, StoreLocation.CurrentUser);
my.Open(OpenFlags.ReadOnly);
certificate = my.Certificates.Find(X509FindType.FindByThumbprint, "my thumbprint", false)[0];
var privKey = DotNetUtilities.GetRsaKeyPair(certificate.GetRSAPrivateKey()).Private;
var cert = DotNetUtilities.FromX509Certificate(certificate);
var content = new CmsProcessableByteArray(data);
var generator = new CmsSignedDataGenerator();
generator.AddSigner(privKey, cert, CmsSignedGenerator.EncryptionRsa, CmsSignedGenerator.DigestSha256);
var signedContent = generator.Generate(content, false);
return signedContent.GetEncoded();
signedContent.GetEncoded()返回502个字节,并且该结果无法验证。我了解自己在做错事,但我不知道该怎么办。
我应该如何使用Bouncy Castle修改示例,使其获得与上述代码相同的结果?
我发现了另一个讨论,这给了我一个线索。有一个带有示例应用程序的GitHub存储库链接。我对其进行了少许修改,现在可以正常使用了。这是代码:
X509Certificate2 certificate = null;
X509Store my = new X509Store(StoreName.My, StoreLocation.CurrentUser);
my.Open(OpenFlags.ReadOnly);
certificate = my.Certificates.Find(X509FindType.FindByThumbprint, "thumbprint", false)[0];
var privKey = DotNetUtilities.GetRsaKeyPair(certificate.GetRSAPrivateKey()).Private;
var cert = DotNetUtilities.FromX509Certificate(certificate);
var content = new CmsProcessableByteArray(data);
var generator = new CmsSignedDataGenerator();
generator.AddSigner(privKey, cert, CmsSignedGenerator.EncryptionRsa, CmsSignedGenerator.DigestSha256);
var signedContent = generator.Generate(content, false);
string hashOid = OID.SHA256;
var si = signedContent.GetSignerInfos();
var signer = si.GetSigners().Cast<SignerInformation>().First();
SignerInfo signerInfo = signer.ToSignerInfo();
Asn1EncodableVector digestAlgorithmsVector = new Asn1EncodableVector();
digestAlgorithmsVector.Add(
new AlgorithmIdentifier(
algorithm: new DerObjectIdentifier(hashOid),
parameters: DerNull.Instance));
// Construct SignedData.encapContentInfo
ContentInfo encapContentInfo = new ContentInfo(
contentType: new DerObjectIdentifier(OID.PKCS7IdData),
content: null);
Asn1EncodableVector certificatesVector = new Asn1EncodableVector();
certificatesVector.Add(X509CertificateStructure.GetInstance(Asn1Object.FromByteArray(cert.GetEncoded())));
// Construct SignedData.signerInfos
Asn1EncodableVector signerInfosVector = new Asn1EncodableVector();
signerInfosVector.Add(signerInfo.ToAsn1Object());
// Construct SignedData
SignedData signedData = new SignedData(
digestAlgorithms: new DerSet(digestAlgorithmsVector),
contentInfo: encapContentInfo,
certificates: new BerSet(certificatesVector),
crls: null,
signerInfos: new DerSet(signerInfosVector));
ContentInfo contentInfo = new ContentInfo(
contentType: new DerObjectIdentifier(OID.PKCS7IdSignedData),
content: signedData);
return contentInfo.GetDerEncoded();
| 归档时间: |
|
| 查看次数: |
2560 次 |
| 最近记录: |