我需要制作pksc#7签名。 这是我的工作(不时)代码与SignedCms:
public static string SignSignedCms(string data)
{
byte[] bData = Encoding.UTF8.GetBytes(data);
X509Certificate2 certificate = new X509Certificate2();
certificate.Import(@"D:\...file.pfx", "pwd", X509KeyStorageFlags.DefaultKeySet);
ContentInfo content = new ContentInfo(bData);
SignedCms signedCms = new SignedCms(content);
CmsSigner signer = new CmsSigner(certificate);
signer.DigestAlgorithm = new Oid("SHA256");
signedCms.ComputeSignature(signer, true);
return Convert.ToBase64String(signedCms.Encode()).TrimEnd('=').Replace('+', '-').Replace('/', '_');
}
如果data =“asdfghjkl”结果是: MIIFbAYJKoZIhvcNAQcCoIIFXTCCBVkCAQExDzANBglghkg ... IRmmg0beHTRwKd - 1857 sybols
在这种情况下,我每次都有相同的结果。
现在我需要不同的方法来制作同样的东西(为什么? - 这是另一个问题)
我找到了BouncyCastle CmsSignedDataGenerator,我有这个:
public static string SignBouncyCastle(string data)
{
byte[] bData = Encoding.UTF8.GetBytes(data);
X509Certificate2 certificate = new X509Certificate2();
certificate.Import(@"D:\...file.pfx", "pwd", 509KeyStorageFlags.Exportable);
AsymmetricKeyParameter key = DotNetUtilities.GetKeyPair(certificate.PrivateKey).Private;
CmsSignedDataGenerator gen = new CmsSignedDataGenerator();
gen.AddSigner(key, DotNetUtilities.FromX509Certificate(certificate), CmsSignedGenerator.DigestSha256);
CmsSignedData cmsSignedData = gen.Generate(new CmsProcessableByteArray(bData));
return Convert.ToBase64String(cmsSignedData.GetEncoded()).TrimEnd('=').Replace('+', '-').Replace('/', '_');
}
在这种情况下(data =“asdfghjkl”)我总是有不同的结果,如下所示: MIAGCSqGSIb3DQEHAqCAMIACAQExDzANB ... egV70FgAAAAAAAA - 811个符号!
两种方法都应该制作“分离的pkcs7-signature消息”,但BouncyCastle会做出不同的事情。
我确信SignedCms正确签名,但我无法使用它。
我应该在第二种方法中更改哪些内容以获得与SignedCms相同的结果?
SignedCms - https://msdn.microsoft.com/en-us/library/8412wc31%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396
CMSSignedDataGenerator - https://www.bouncycastle.org/docs/pkixdocs1.5on/org/bouncycastle/cms/CMSSignedDataGenerator.html
我看不出差异!