我们正在尝试使用 MimeKit 来验证数字签名的电子邮件 (.p7m( 签名。当我调用signature.Verify();时,它会抛出错误消息:
{"无法验证数字签名:非空集 必需\r参数名称:值"}。
但是同样的邮件被Limilabs.Mail成功验证。
我正在使用以下代码来验证签名。
if (message.Body is MultipartSigned)
{
var signed = (MultipartSigned)message.Body;
foreach (var signature in signed.Verify())
{
try
{
bool valid = signature.Verify();
// If valid is true, then it signifies that the signed content
// has not been modified since this particular signer signed the
// content.
// However, if it is false, then it indicates that the signed
// content has been modified.
}
catch (DigitalSignatureVerifyException)
{
// There was an error verifying the signature.
}
}
}
任何人都可以帮助我解决为什么我会收到错误?
这里的问题是,当开发人员没有显式提供用于MultipartSigned.Verify()方法调用的上下文并且也没有使用CryptographyContext.Register()注册替代 S/MIME 上下文时,默认情况下,MimeKit 使用 S/MIME 的DefaultSecureMimeContext后端。
由于DefaultSecureMimeContext从空的 S/MIME 证书数据库开始,因此它没有受信任的锚点(也称为根证书颁发机构证书(,因此在验证签名时为 S/MIME 签名者构建证书链时会引发异常。
您可以通过导入一些根证书颁发机构证书(最好包括为所述签名者构建证书链所需的证书(来解决此问题 - 或者通过使用WindowsSecureMimeContext:
if (message.Body is MultipartSigned)
{
var signed = (MultipartSigned)message.Body;
using (var ctx = new WindowsSecureMimeContext ()) {
foreach (var signature in signed.Verify(ctx))
{
try
{
bool valid = signature.Verify();
// If valid is true, then it signifies that the signed content
// has not been modified since this particular signer signed the
// content.
// However, if it is false, then it indicates that the signed
// content has been modified.
}
catch (DigitalSignatureVerifyException)
{
// There was an error verifying the signature.
}
}
}
}