SignedCms ComputeSignature throw CryptographicException“参数不正确”。

Question

我尝试使用http://www.debenu.com/kb/advanced-options-signing-pdf-files/签署pdf 但是在调用时会抛出异常

// Sign the file data (generates an SHA-1 hash and
// signs that hash)
byte[] enc = SignData(fileData, cert); //throw exception

这是我的SignData函数

private static byte[] SignData(byte[] inputData, X509Certificate2 cert)
{
    // Create an SHA-1 hash of the file data
    SHA1 sha = new SHA1CryptoServiceProvider();
    byte[] sha1Result = sha.ComputeHash(inputData);

    CmsSigner cmsSigner = new CmsSigner(cert);
    cmsSigner.IncludeOption = X509IncludeOption.WholeChain;
    cmsSigner.DigestAlgorithm = new Oid("SHA1");

    // Sign the hash using the certificate
    // This could be changed to use a hardware device (eg. smartcard)
    ContentInfo content = new ContentInfo(sha1Result);
    SignedCms signedCms = new SignedCms(SubjectIdentifierType.IssuerAndSerialNumber, content, true);
    signedCms.ComputeSignature(cmsSigner, false); //throw "The parameter is incorrect." 
    return signedCms.Encode();
}

获取testSig

时没关系

byte[] randomData = new byte[1];
randomData[0] = 123;
byte[] testSig = SignData(randomData, cert);

当我使用来自usb令牌的cert时抛出此错误。如果我选择其他证书有私钥，则不会抛出错误

修改 我从usb令牌导出到cer，这是它

openssl x509 -in xxx.cer -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:03:36:e0:8b:24:50:fe:01:27:6b:3c:a0:69:2a:81
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=XX, L=XX, O=XX, CN=XXXX
        Validity
            Not Before: Aug 17 04:23:59 2017 GMT
            Not After : May 15 03:35:48 2020 GMT
        Subject: UID=XXXX, CN=xxxxx, C=XX
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:a1:ec:28:55:a6:39:25:c1:f1:1f:15:60:6c:5c:
                    d1:2e:8f:1d:4d:d2:f2:66:9c:11:49:71:fd:20:ce:
                    19:cc:03:c0:0b:85:65:e9:e1:25:ae:39:3a:48:9a:
                    b6:11:a1:bf:bb:e5:b8:75:28:9d:c8:02:c3:2c:e8:
                    41:e7:ff:c1:bd:3a:10:dc:41:a8:54:b9:52:0e:14:
                    3e:36:47:d4:39:63:0d:2c:10:b2:61:94:d3:3c:a4:
                    f1:2e:9d:02:b7:90:3b:26:dc:cc:8a:d1:7e:ea:0b:
                    f3:dd:d7:34:23:b8:e4:a6:f0:c6:49:8c:b6:a1:29:
                    b9:b4:26:e8:56:b0:38:46:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access:
                OCSP - URI:http://XXX

            X509v3 Subject Key Identifier:
                00:D3:2F:BE:59:19:4B:28:8C:F1:B7:82:1D:33:E7:EA:E7:BA:21:C4
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier:
                keyid:1E:B0:0F:48:97:DF:D0:C3:67:A7:46:84:3B:58:3B:88:0D:53:94:86

            X509v3 CRL Distribution Points:
                URI:http://XXX/XXX.crl
                CRLissuer:<UNSUPPORTED>

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                E-mail Protection, 1.3.6.1.4.1.311.10.3.12
    Signature Algorithm: sha1WithRSAEncryption
        14:6d:06:dc:fc:81:de:a8:87:85:49:cf:69:54:aa:c8:55:6f:
        02:5a:d6:4d:c2:e6:f1:cd:7c:be:0e:1d:4c:1c:b1:5d:6a:8b:
        b5:c9:d0:43:cd:a5:a2:ee:81:ca:60:1b:2c:54:87:ea:c7:a1:
        49:dc:7c:73:cd:56:bd:5b:2b:65:38:49:8f:c7:11:00:09:de:
        1d:b4:46:80:af:e9:ec:0c:45:9c:4f:f2:8a:6d:b9:1a:00:d9:
        79:16:b8:78:4e:24:6a:08:6c:42:bf:bc:56:70:42:13:2b:0e:
        be:5d:c5:71:79:7e:65:f0:e9:5e:57:c8:12:a3:6f:7c:52:0f:
        c2:f1:f5:40:ea:a5:1f:92:51:a1:3f:55:75:46:5e:24:d9:3d:
        c9:71:88:70:d8:df:cb:58:fc:15:2f:d8:ea:5e:25:11:cb:27:
        10:71:1e:00:e5:f5:75:f1:cf:5e:c6:d6:8d:da:f4:76:99:0e:
        f0:2a:33:bd:f1:04:1e:4f:96:d7:53:d4:1d:f2:9a:5f:1f:d8:
        8e:81:4e:16:27:77:13:9f:50:53:82:f3:03:09:54:d6:d5:d2:
        8b:d3:fa:56:38:a3:b5:43:e4:34:2d:be:e8:9b:37:98:29:de:
        e5:d5:e7:5d:8d:de:d7:98:e2:96:cc:51:32:c2:dd:5b:4b:e8:
        3e:10:86:3f

的例外情况

   at System.Security.Cryptography.Pkcs.SignedCms.Sign(CmsSigner signer, Boolean silent)
   at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer, Boolean silent)
   at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer)
   at DebenuPDFSign.Program.SignData(Byte[] inputData, X509Certificate2 cert) in d:\Projects\c#\DebenuPDFSign\DebenuPDFSign\Program.cs:line 156
   at DebenuPDFSign.Program.Main(String[] args) in d:\Projects\c#\DebenuPDFSign\DebenuPDFSign\Program.cs:line 102