带有更新证书的 SignedCms.CheckSignature() ->新连续剧?

发布于 2024-08-13 11:33:47 字数 577 浏览 5 评论 0原文

我正在使用

SignedCms.CheckSignature(certColl, true)

(certColl 中只有一个证书)来验证 pkcs-7 消息的签名。我的问题是,在签名者更新其证书后,我不想更改我的服务器上的签名者证书(公共部分):-( 签名者更新其证书后,公钥、颁发者和主题保持不变!所以这必须工作 - 至少在我看来,即使我不是一个加密极客 :-)

..但是,不幸的是 .NET-Framework 抛出一个加密异常“找不到原始签名者”,就像堆栈跟踪所说的那样:

SignerInfo.CheckSignature(X509Certificate2Collection extraStore, Boolean verifySignatureOnly)

这一定是因为签名者证书的序列号已更改,并且 SignerIdentifier 属性为只读并设置为 IssuerAndSerialNumber。

有谁知道如何解决这个问题?

或者我是否必须实现“手工”签名验证,例如:signedMessage.ComputeSignature(signer, false)?

提前致谢,祝编程愉快, 克赖勒

i am using

SignedCms.CheckSignature(certColl, true)

(with only one cert in certColl) to verify the signature of a pkcs-7 message. My problem is that i dont want to change the (public part of the) signers certificate on my server after the signer has renewed his certificate :-( The public key, issuer and subject are remaining unchanged after signer has renewed his certificate! So this has to work - at least in my opinion, even if i´m not a crypto-geek :-)

..but, unfortunately the .NET-Framework throws a Cryptographic Exception "Cannot find the original signer" like the stacktrace says exactly at:

SignerInfo.CheckSignature(X509Certificate2Collection extraStore, Boolean verifySignatureOnly)

This must be because the serial number of the signers certificate has changed and the SignerIdentifier property is readonly and set to IssuerAndSerialNumber.

Does anyone know how workaround this?

Or do i have to implement a "handmade" signature verifying with sth like: signedMessage.ComputeSignature(signer, false)?

Thanks in advance and happy programming,
Krile

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

小姐丶请自重 2024-08-20 11:33:47

对于所有对此问题感兴趣的人:

有人告诉我,这是由于 PKCS #7 规范造成的,该规范规定,SubjectKeyIdentifier 始终设置为 IssuerAndSerialNumber。

For all interested on this issue:

Someone told me that this is due to the PKCS #7 specification, which states that the SubjectKeyIdentifier is always set to IssuerAndSerialNumber.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文