C# 如何验证电子邮件中的数字签名（编码 SeveBit）

发布于 2024-12-05 23:16:15 字数 3601 浏览 8 评论 0原文

我收到消息正文和包含数字签名的 smime.p7s 文件。我想验证邮件是否由该签名签名。我正在使用以下代码。

   private bool VerifyCommand(string text, byte[] signature, string certPath)
{   
// Load the certificate file to use to verify the signature from a file
// If using web service or ASP.NET, use: X509Certificate2 cert = new X509Certificate2(Request.ClientCertificate.Certificate);
X509Certificate2 cert = new X509Certificate2(certPath);

// Get public key
RSACryptoServiceProvider csp = (RSACryptoServiceProvider)cert.PublicKey.Key;

// Hash the text, the text is the expected command by the client application.
// Remember hased data cannot be unhash. It is irreversable
SHA1Managed sha1 = new SHA1Managed();
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] data = encoding.GetBytes(text);
byte[] hash = sha1.ComputeHash(data);

// Verify the signature with the hash
return csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), signature);
}

byte[]签名是Convert.FromBase64String(mailsignature)之后邮件的签名。 string certPath 是 smime.p7s 文件的路径。（ smime.p7s 附加到邮件中）

这是正文邮件的部分：

------=_NextPart_001_0039_01CC77C1.AFC97230
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: 7bit

FINAL TEST SIGNED

------=_NextPart_001_0039_01CC77C1.AFC97230

这是签名附件的一部分：

------=_NextPart_000_0038_01CC77C1.AFC4B740
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIWADCCA7Ew
ggKZoAMCAQICEBErBTlXKN63QvT+VRPTt1EwDQYJKoZIhvcNAQEFBQAwQzEXMBUGA1UEChMOQWxj
YXRlbCBMdWNlbnQxKDAmBgNVBAMTH0FsY2F0ZWwgTHVjZW50IEludGVybmFsIFJvb3QgQ0EwHhcN
MDgxMTAzMTU0MTE2WhcNMjgxMTAzMTU0MTE2WjBDMRcwFQYDVQQKEw5BbGNhdGVsIEx1Y2VudDEo
MCYGA1UEAxMfQWxjYXRlbCBMdWNlbnQgSW50ZXJuYWwgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAL5IGBVth8afQdnpuLDI0Z37GgIcPWznOOzFJUV1gVbztqQ5CIxkVL4K
...................

我使用的方法正确吗？编码是写的吗？或者我必须使用7位？

在此输入代码

谢谢 Henning Krause。我进行了搜索，但我再次陷入困境:(。

public static bool Verify(byte[] signature, X509Certificate2 certificate)
{
   X509Certificate2 cert=new X509Certificate2(@"D:\Work\Digital Signature\smime.p7s");
   certificate = cert;

    if(signature == null)
        throw new ArgumentNullException("signature");
    if(certificate == null)
        throw new ArgumentNullException("certificate");

    //the text from the body of the mail    
    string text = "FINAL TEST SIGNED";
    //hash the text 
     // Methode 3 for Hashing
            System.Security.Cryptography.SHA1 hash3 = System.Security.Cryptography.SHA1.Create();
            System.Text.UnicodeEncoding encoder = new System.Text.UnicodeEncoding();
            byte[] combined = encoder.GetBytes(text);
            byte[] hash3byte = hash3.ComputeHash(combined);

    //Adding the text from the email, to a contentInfo 
      ContentInfo content = new ContentInfo(hash3byte);

    // decode the signature
    SignedCms verifyCms = new SignedCms(content,true);
    verifyCms.Decode(signature);

    // verify it
    try
    {
        verifyCms.CheckSignature(new X509Certificate2Collection(certificate), false);
        return true;
    }
    catch(CryptographicException)
    {
        return false;
    }
}

我收到 CryptographicException“哈希值不正确。” 我只尝试了 verifyCms.CheckSignature(true); （同样的错误）我尝试在 ContentInfo 中添加整个邮件（发件人、主题、正文、HTML 部分...）（相同的错误）

您能否更具体地说明如何使用 SignedCms 来解决我的问题？

原文

I get the message body and the smime.p7s file that contains the digital signature. And I want to verify if the mail is signed by that signature.
I'm using the following code.

   private bool VerifyCommand(string text, byte[] signature, string certPath)
{   
// Load the certificate file to use to verify the signature from a file
// If using web service or ASP.NET, use: X509Certificate2 cert = new X509Certificate2(Request.ClientCertificate.Certificate);
X509Certificate2 cert = new X509Certificate2(certPath);

// Get public key
RSACryptoServiceProvider csp = (RSACryptoServiceProvider)cert.PublicKey.Key;

// Hash the text, the text is the expected command by the client application.
// Remember hased data cannot be unhash. It is irreversable
SHA1Managed sha1 = new SHA1Managed();
UnicodeEncoding encoding = new UnicodeEncoding();
byte[] data = encoding.GetBytes(text);
byte[] hash = sha1.ComputeHash(data);

// Verify the signature with the hash
return csp.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), signature);
}

byte[] signature is the signature from mail after Convert.FromBase64String(mailsignature).
string certPath is the path tot the smime.p7s file. ( the smime.p7s is attached to the mail)

This is the part where the body mail is:

------=_NextPart_001_0039_01CC77C1.AFC97230
Content-Type: text/plain;
    charset="us-ascii"
Content-Transfer-Encoding: 7bit

FINAL TEST SIGNED

------=_NextPart_001_0039_01CC77C1.AFC97230

This is a part of the Signature attachment:

------=_NextPart_000_0038_01CC77C1.AFC4B740
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIWADCCA7Ew
ggKZoAMCAQICEBErBTlXKN63QvT+VRPTt1EwDQYJKoZIhvcNAQEFBQAwQzEXMBUGA1UEChMOQWxj
YXRlbCBMdWNlbnQxKDAmBgNVBAMTH0FsY2F0ZWwgTHVjZW50IEludGVybmFsIFJvb3QgQ0EwHhcN
MDgxMTAzMTU0MTE2WhcNMjgxMTAzMTU0MTE2WjBDMRcwFQYDVQQKEw5BbGNhdGVsIEx1Y2VudDEo
MCYGA1UEAxMfQWxjYXRlbCBMdWNlbnQgSW50ZXJuYWwgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAL5IGBVth8afQdnpuLDI0Z37GgIcPWznOOzFJUV1gVbztqQ5CIxkVL4K
...................

Is the method that I'm using correct? is the Encoding write? or I have to use a 7-bit?

enter code here

Thnx Henning Krause. I searched, and I'm stuck again :( .

public static bool Verify(byte[] signature, X509Certificate2 certificate)
{
   X509Certificate2 cert=new X509Certificate2(@"D:\Work\Digital Signature\smime.p7s");
   certificate = cert;

    if(signature == null)
        throw new ArgumentNullException("signature");
    if(certificate == null)
        throw new ArgumentNullException("certificate");

    //the text from the body of the mail    
    string text = "FINAL TEST SIGNED";
    //hash the text 
     // Methode 3 for Hashing
            System.Security.Cryptography.SHA1 hash3 = System.Security.Cryptography.SHA1.Create();
            System.Text.UnicodeEncoding encoder = new System.Text.UnicodeEncoding();
            byte[] combined = encoder.GetBytes(text);
            byte[] hash3byte = hash3.ComputeHash(combined);

    //Adding the text from the email, to a contentInfo 
      ContentInfo content = new ContentInfo(hash3byte);

    // decode the signature
    SignedCms verifyCms = new SignedCms(content,true);
    verifyCms.Decode(signature);

    // verify it
    try
    {
        verifyCms.CheckSignature(new X509Certificate2Collection(certificate), false);
        return true;
    }
    catch(CryptographicException)
    {
        return false;
    }
}

I get the CryptographicException "The hash value is not correct."
I tried only verifyCms.CheckSignature(true); (same error)
I tried to add in ContentInfo the whole mail (Sender , Subject , Body, HTML Sectione ...) (same error)

Can you please be more specific how can I use the SignedCms for my problem?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

墨离汐 2024-12-12 23:16:15

您应该查看 SignedCMS 类。您可以使用该类根据 PKCS#7 标准验证签名。

如果您有消息和签名，您将执行以下操作：

var cmsMessage = new SignedCms(new ContentInfo(message), true)
cmsMessage.Decode(signature);
// if no CryptographicException is thrown at this point, the signature holds up. Otherwise it's broken.

You should look into the SignedCMS class. You can use that class to validate signatures according to the PKCS#7 standard.

If you have the message and the signature, you'll do the following:

var cmsMessage = new SignedCms(new ContentInfo(message), true)
cmsMessage.Decode(signature);
// if no CryptographicException is thrown at this point, the signature holds up. Otherwise it's broken.

回复收藏 0 原文

~没有更多了~