我使用bouncycastle c#生成cms签名的数据文件,我的openSsl命令在下面
openssl cms -sign -in data.txt -binary -signer selfsigned.crt -inkey keypair.pem -out data.signed -keyopt rsa_padding_mode:pss
openssl 的输出文件
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----DE5BACF44AD3EE95D349BA916BEEB444"
This is an S/MIME signed message
------DE5BACF44AD3EE95D349BA916BEEB444
Data HERE
------DE5BACF44AD3EE95D349BA916BEEB444
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
SOME BASE 64 DATA
------DE5BACF44AD3EE95D349BA916BEEB444--
===============================================
BouncyCastle的输出并不相同,即以ascii格式编写的标头,类似于
0€ *†H†÷
€0€10
`†He 0€ *†H†÷
€$€‚
Data HERE
€0€10
`†He 0€ *†H†÷
€$€‚ €0€10
`†He 0€ *†H†÷
€$€‚ €0€10
`†He 0€ *†H†÷
€$€‚ €0€10
`†He 0€ *†H†÷
€$€‚
如何获得与openssl 相同的头
厘米标志的BouncyCastle代码
void Sign(byte[] data, byte[] signCert, byte[] privateKey){
X509CertificateParser parser = new X509CertificateParser();
X509Certificate certificate = parser.ReadCertificate(signCert);
var reader = new StreamReader(new MemoryStream(privateKey), Encoding.Default);
AsymmetricCipherKeyPair keyPair = (AsymmetricCipherKeyPair)new PemReader(reader).ReadObject();
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(keyPair.Private, certificate, CmsSignedGenerator.EncryptionRsaPss,
CmsSignedGenerator.DigestSha256);
List<X509Certificate> certList = new List<X509Certificate>();
certList.Add(certificate);
CmsSignedData signedData = generator.Generate(CmsSignedGenerator.Data, new
CmsProcessableByteArray(data), true);
File.WriteAllBytes(@"c:data.txt.signed", signedData.GetEncoded());
}
有什么想法吗?
BouncyCastle不会生成这些头。你需要自己做,或者使用MimeKit这样的库来为你做。
尝试了不同的库,但没有成功,我找到了一种使用BouncyCastle实现这一点的方法,我只需要手动添加标题并修复代码即可实现
public byte[] Sign(byte[] data, byte[] signCert, byte[] privateKey)
{
X509CertificateParser parser = new X509CertificateParser();
X509Certificate certificate = parser.ReadCertificate(signCert);
var reader = new StreamReader(new MemoryStream(privateKey), Encoding.Default);
AsymmetricCipherKeyPair keyPair = (AsymmetricCipherKeyPair)new PemReader(reader).ReadObject();
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(keyPair.Private, certificate, CmsSignedGenerator.EncryptionRsaPss, CmsSignedGenerator.DigestSha256);
List<X509Certificate> certList = new List<X509Certificate>
{
certificate
};
IX509Store iX509Store = X509StoreFactory.Create("Certificate/Collection", new X509CollectionStoreParameters(certList));
generator.AddCertificates(iX509Store);
CmsSignedData signedData = generator.Generate(CmsSignedGenerator.Data, new CmsProcessableByteArray(data), true);
var signedBase64Encoded = Base64.Encode(signedData.GetEncoded());
var signedString = Encoding.UTF8.GetString(signedBase64Encoded);
signedString = "MIME-Version: 1.0n"
+ "Content-Disposition: attachment; filename="smime.p7m"n"
+ "Content-Type: application/pkcs7-mime; smime-type=signed-data; name="smime.p7m"n"
+ "Content-Transfer-Encoding: base64nn"
+ Regex.Replace(signedString, "(.{" + 64 + "})", "$1" + Environment.NewLine);
return Encoding.UTF8.GetBytes(signedString);
}