OpenSSL 和 C# 之间的不同 S/MIME 签名

时间:2023-02-03
本文介绍了OpenSSL 和 C# 之间的不同 S/MIME 签名的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

我正在尝试在我的 .Net 程序中使用 OpenSSL 代码.代码如下:

I'm trying to use an OpenSSL code in my .Net program. Here's the code:

openssl pkcs12 -in "My PassKit Cert.p12" -clcerts -nokeys -out certificate.pem
openssl pkcs12 -in "My PassKit Cert.p12" -nocerts -out key.pem
smime -binary -sign -signer certificate.pem -inkey key.pem -in manifest.json -out signature -outform DER

我尝试使用 .Net OpenSSL,但我完全不知道如何使用它,而且我找不到合适的文档.我决定使用 .Net 来执行相同的签名过程,代码如下:

I tried to use .Net OpenSSL, but I absolutely have no idea how to use it, and I couldn't find a good documentation for it. I decided to use .Net to perform the same sign process, here's the code:

var dataToSign = System.IO.File.ReadAllBytes(filePathToSign);
ContentInfo contentInfo = new ContentInfo(dataToSign);

X509Certificate2 signerCert = new X509Certificate2(System.IO.File.ReadAllBytes(signerPfxCertPath), signerPfxCertPassword);

var signedCms = new SignedCms(contentInfo, true);
var signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signerCert);

signer.IncludeOption = X509IncludeOption.EndCertOnly;
signedCms.ComputeSignature(signer);

var myCmsMessage = signedCms.Encode();

var buf = Encoding.Convert(Encoding.UTF7, Encoding.UTF8, myCmsMessage);

return Encoding.UTF8.GetString(buf, 0, buf.Length);

但是 C# 和 OpenSSL 之间的结果是不一样的.有人可以帮我吗?

But the results between C# and OpenSSL are not the same. Can someone please help me out?

提前致谢!

推荐答案

我终于搞定了!

首先,你必须到这里,安装苹果ROOT证书:

First, you must go here, and install the apple ROOT cert:

http://www.apple.com/certificateauthority/

(这是第一个).将其安装到您信任的根权限中.Mac 已经有了这个.

(it's the first one). Install it into your trusted root authority. A Mac already has this.

其次,将开发者证书安装为受信任的根权限,它位于开发者门户中,您可以在其中添加设备、制作密钥等等

Second, install the developer cert as a trusted root authority, which is in the developer portal, where you go to add devices, make passkit keys, all that

https://developer.apple.com/ios/manage/证书/团队/index.action

(您需要登录)

然后您需要在开发门户中生成您的密码,下载它,将其安装在您的 Mac 上,然后将其与私钥一起导出为 .p12 文件.

then you need to generate your passkit key in the dev portal, download it, install it on your mac, then export it WITH the private key as a .p12 file.

然后您可以将此文件移动到 windows 机器并使用它.生成清单后,我使用了此代码:

you can then move this file to the windows machine and use it. I used this code, after generating the manifest:

var cert = new X509Certificate2(@"path-to-your.p12", "password");

var buffer = File.ReadAllBytes(Path.Combine(basePath, "manifest.json"));

ContentInfo cont = new ContentInfo(buffer);
var cms = new SignedCms(cont, true);
var signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, cert);

signer.IncludeOption = X509IncludeOption.ExcludeRoot;

cms.ComputeSignature(signer);

var myCmsMessage = cms.Encode();


File.WriteAllBytes(Path.Combine(basePath, "signature"), myCmsMessage);

对不起,这是相当混乱的代码,但它有效:)

Sorry, this is rather messy code, but it works :)

别忘了设置

"passTypeIdentifier" : "pass.com.yourcompany.NameOfYourPass","teamIdentifier" : "您的团队 ID",

"passTypeIdentifier" : "pass.com.yourcompany.NameOfYourPass", "teamIdentifier" : "YOUR TEAM ID",

在 pass.json 中!

in the pass.json!

这篇关于OpenSSL 和 C# 之间的不同 S/MIME 签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

上一篇:使用 CA 证书文件验证远程服务器 X509Certificate 下一篇:如何将一串文本从 Base64 解码为字节数组,并在不损坏数据的情况下获取此字节数组的字符串属性

相关文章

最新文章