C＃验证签名

Question

我有以下代码在发送之前签署我的数据（http）：

    internal static byte[] Encode(byte[] arMessage, string signerCert, string signerPassword)
            {
                X509Certificate2 cert = new X509Certificate2(signerCert, signerPassword);
                //debug data
                var msg = System.Text.ASCIIEncoding.ASCII.GetString(arMessage);
                //--
                ContentInfo contentInfo = new ContentInfo(arMessage);

                SignedCms signedCms = new SignedCms(contentInfo, true); // <- true detaches the signature
                CmsSigner cmsSigner = new CmsSigner(cert);

                signedCms.ComputeSignature(cmsSigner);
                byte[] signature = signedCms.Encode();

                return signature;
            }

执行以下操作后，我可以看到签名：

    string sig = Convert.ToBase64String(bSignature) + MESSAGE_SEPARATOR;
    //this will be included in the message:
    bSignature = System.Text.ASCIIEncoding.ASCII.GetBytes(sig);

    //debug data, see the signature:
    string deb8 = System.Text.ASCIIEncoding.ASCII.GetString(bSignature);
    //--

例如：

MIICvgYJKoZIhvcNAQcCoIICrzCCAqsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCAbgwggG0MIIBXqADAgECAhAGicJ2MhB7tUZtG3QcdWDwMA0GCSqGSIb3DQEBBAUAMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTExMDUwMzEyMTQ0NVoXDTM5MTIzMTIzNTk1OVowDzENMAsGA1UEAxMEVGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuOm4jGHUzLPNww6sx7cZJJxjLIDL/rVVLOtDd1NeA4DZZM1+lKwLpDp3FrV1CA4NP7g3weTg6Y0Jb6X7CSQHnfHRzU8LLrHgp/D9NJ39/RhsKggUteMa1FUUas0fMDMELtTO07ejNfYAhDYQiXmeg+pIMpUfeUhMicyV2xrPzG8CAwEAAaNLMEkwRwYDVR0BBEAwPoAQEuQJLQYdHU8AjWEh3BZkY6EYMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5ghAGN2wAqgBkihHPuNSqXDX0MA0GCSqGSIb3DQEBBAUAA0EAVIjI0My490lY6vKrcgorZZ8MBo3MSk9HuDRBE0SRwSQjnvPsAD0ol1ZjvzjFKA/0Vgvp1lyYquCTSL8R/uWf+TGBzzCBzAIBATAqMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5AhAGicJ2MhB7tUZtG3QcdWDwMAkGBSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEgYCuXG2CJ0G6UaO1AVMpo5ul3JkJ9EvJbdwb6sXOqOonq5qKbaGJsx0sgwoBfg3lLMP3UI9JVi4dTGG4KTzA1k/0Qt0owmEPKrDh3zVZr2hK/iHsW75sGjSgYT4hxbn6ziQ2IFoN2qCbxdXrMZ+TD0pf7o/ABdorjlvQ5USwlPKjZQ==

这是我收到的消息中的内容。 所以问题是：如何验证收件人收到的邮件的签名（是否提供了.cer文件）？ 提前致谢

编辑1：

我试图遵循Daniel Hilgarth的逻辑，但它没有奏效。 有几次我遇到了“ASN Bad tag value”异常。 为了方便起见，我硬编码了用于生成签名的消息 所以，在接收器上我有两件事：原始消息和为它生成的签名：

    //Signature from the message  (string in ASCII)
    var signatureKey = GetSignatureFromSignatureMessage(signatureMessage, boundary);
    //Original sent message (the arMessage itself used in Encode method above, converted to string from byte) 
    var messageOriginal =
        "Content-Type: application/EDIFACT\r\nContent-Transfer-Encoding: binary\r\n\r\nSome short text.\r\nVery short.";

我需要检查签名是否与此消息相对应。 所以我想尝试做这样的事情：

//contentInfo from the original message.
ContentInfo contentInfo = new ContentInfo(System.Text.ASCIIEncoding.ASCII.GetBytes(messageOriginal));

//SingedCms from the contentInfo above
SignedCms signedCms = new SignedCms(contentInfo, true);

//Here, I believe, I am attaching the signature I have to the Cms    
 signedCms.Decode(System.Text.ASCIIEncoding.ASCII.GetBytes(signatureKey));

//checking?
signedCms.CheckSignature(true);

我在解码部分得到例外。

有任何建议吗？

编辑2： 的解决方案： Daniel Hilgarth给出的方向是正确的。 我的问题是发件人几次编码密钥： Base64字节数组 - ＆gt; Base64String - ＆gt; ASCII字节数组 - ＆gt; ASCII字符串 - ＆gt;发信息 接收器已经接收到ASCII数据，执行： ASCII字符串 - ＆gt;字节数组。 我必须将所有内容转换回base64字节数组才能使其正常工作。

    //Signature from the message (ASCII String)
    var signatureKey = GetSignatureFromSignatureMessage(signatureMessage, boundary);

    //Original Byte Array (Base64)
    var sigKeyBase = Convert.FromBase64String(signatureKey);

   //Original sent message
    var messageOriginal =
        "Content-Type: application/EDIFACT\r\nContent-Transfer-Encoding: binary\r\n\r\nSome short text.\r\nVery short.";

    var messageOriginalByteASCII = System.Text.ASCIIEncoding.ASCII.GetBytes(messageOriginal);


    ContentInfo contentInfo = new ContentInfo(messageOriginalByteASCII);
    SignedCms signedCms = new SignedCms(contentInfo, true);
    signedCms.Decode(sigKeyBase);

    signedCms.CheckSignature(true);

在这种情况下，它通过检查。 附：太糟糕ChekSignature不会返回true或false。我会更舒服imho。 ：（

Answer 1

嗯...可能正在使用SignedCms.CheckSignature ?!与SignedCms.Decode一起使用。基本上，只需使用您用于签署文档的相反方式。 MSDN页面提供了具有分离签名的示例：

// Create a ContentInfo object from the inner content obtained 
// independently from encodedMessage.
ContentInfo contentInfo = new ContentInfo(innerContent);

// Create a new, detached SignedCms message.
SignedCms signedCms = new SignedCms(contentInfo, true);

// encodedMessage is the encoded message received from 
// the sender.
signedCms.Decode(encodedMessage);

// Verify the signature without validating the 
// certificate.
signedCms.CheckSignature(true);