C#验证带有分离签名的S / Mime电子邮件

时间:2019-03-22 12:02:21

标签: c# email smime

我正在尝试验证电子邮件的签名,该电子邮件以明文形式进行了数字签名。不幸的是,我只会得到一个CryptographicException: The hash value is not correct异常。该邮件看起来类似于:

MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1";
 boundary="----boundary1"
Content-Transfer-Encoding: base64

This is a multi-part message in MIME format.

------boundary1
Content-Type: multipart/mixed; boundary="----boundary2"


------boundary2
Content-Type: multipart/alternative; boundary="----boundary3"


------boundary3
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

This is only a test message to demonstrate the s/mime functionality!


------boundary3
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas=2Emicrosoft=2Ecom/office/2004/12/omml" xmlns=3D"h=
ttp://www=2Ew3=2Eorg/TR/REC-html40"><head><META HTTP-EQUIV=3D"Content-Type"=
 CONTENT=3D"text/html; charset=3Dus-ascii"><meta name=3DGenerator content=
=3D"Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
    {font-family:"Cambria Math";
    panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
    {font-family:Calibri;
    panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p=2EMsoNormal, li=2EMsoNormal, div=2EMsoNormal
    {margin:0cm;
    margin-bottom:=2E0001pt;
    font-size:11=2E0pt;
    font-family:"Calibri",sans-serif;
    mso-fareast-language:EN-US;}
a:link, span=2EMsoHyperlink
    {mso-style-priority:99;
    color:#0563C1;
    text-decoration:underline;}
a:visited, span=2EMsoHyperlinkFollowed
    {mso-style-priority:99;
    color:#954F72;
    text-decoration:underline;}
span=2EEmailStyle17
    {mso-style-type:personal-compose;
    font-family:"Calibri",sans-serif;
    color:windowtext;}
=2EMsoChpDefault
    {mso-style-type:export-only;
    font-family:"Calibri",sans-serif;
    mso-fareast-language:EN-US;}
@page WordSection1
    {size:612=2E0pt 792=2E0pt;
    margin:70=2E85pt 70=2E85pt 2=2E0cm 70=2E85pt;}
div=2EWordSection1
    {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DDE-CH link=3D"#0563C1=
" vlink=3D"#954F72"><div class=3DWordSection1><p class=3DMsoNormal><span la=
ng=3DEN-US>This is only a test message to demonstrate the s/mime functional=
ity!<o:p></o:p></span></p></div></body></html>
------boundary3--

------boundary2
Content-Type: text/plain; name="Attachment.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="Attachment.txt"

Ein Attachment zum Testen. Hallo Test.
------boundary2
Content-Type: image/bmp; name="Attachment_BMP.bmp"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Attachment_BMP.bmp"

Qk2iCAAAAAAAADYAAAAoAAAAQQAAAAsAAAABABgAAAAAAGwIAADEDgAAxA4AAAAAAAAAAAAA/Pz8
/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8
/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8
/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8
/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8APz8/ABls9iOOfz8/Pz8/Pz8/Pz8/DmO2LNlAPz8/ABlswAA
/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8
/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/AA=
------boundary2--

------boundary1
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIG8zCCAwUw
ggHtoAMCAQICEBwrUfJSoOmsSVa9IcsQo8AwDQYJKoZIhvcNAQELBQAwFTETMBEGA1UEAxMKS09D
SCBJVCBDQTAeFw0xNzA3MDQxMzAxNTVaFw0yNzA3MDQxMzExNTRaMBUxEzARBgNVBAMTCktPQ0gg
SVQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnG3s8nINQ2hLiATSRLpL24L/q
nF2x7+1ywcRarVMPPwPty3jZZfgSehjx6k4ZDbdn1Efh2P15a+DzRablxHawaHPjwXTh9yOt0QHb
Ia8nJ7sRQcdApkNXS1PXznVLwC7MBicPgA5iZU+KzpBJeZADFFu1fUVifwG7dDIu4W9Y9U4bvnM5
D0v7+4I0uLujTVKLRkB4tR1kGL9ufr+juQdIP/MaWYJyzNaqo42xOIJLSNfVRykqmqj5TIoBGmvW
AAAAACYwPQYLKoZIhvcNAQkQAgsxLqAsMBUxEzARBgNVBAMTCktPQ0ggSVQgQ0ECEx0AAAAm2YZX
1lLNNU8AAAAAACYwgZMGCSqGSIb3DQEJDzGBhTCBgjALBglghkgBZQMEASowCwYJYIZIAWUDBAEW
MAoGCCqGSIb3DQMHMAsGCWCGSAFlAwQBAjAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAw
BwYFKw4DAhowCwYJYIZIAWUDBAIDMAsGCWCGSAFlAwQCAjALBglghkgBZQMEAgEwDQYJKoZIhvcN
AQEBBQAEgYAs7lxwye9QYSvvyl0PBcZeQoyndSvDd+/KUkY4fTXn+DEk8+rDYA2ZYUCaj5rEqV75
u+tjDa4G5k0D4Os5/WlHg/1imwXE+RlxxMEazR3H6aaL5OlXcBx3R6ruP6QMHpBTG3WQ1n3CU2Pt
+Pj956yJtikctQz14UKJxEHyjOuYiAAAAAAAAA==
------boundary1--

我使用以下示例代码来验证签名:

var mail = File.ReadAllBytes("email.eml");
var contentInfo = new ContentInfo(mail);
var signedCms = new SignedCms(contentInfo, true);

// The mime part with content-type application/pkcs7-signature 
var signature = Convert.FromBase64String("MIAGCS.........");
// Some import code for certificates import omitted for brevity

signedCms.Decode(signature);
signedCms.CheckSignature(x509col, true);

所以我的问题是要知道,电子邮件的哪一部分必须传递给ContentInfo构造函数。就我的理解而言,我必须传递从Content-Type:multipart / mixed到最后一个--boundary2--的所有内容。有人做过这件事,可以指出正确的方向吗?

顺便说一句,我有一个正在运行的示例,它没有分离的签名,但是不幸的是,最常用的情况是带有分离的签名。

0 个答案:

没有答案
相关问题
最新问题