使用预先计算的签名在c#中创建PKCS#7签名的消息 [英] Create a PKCS#7 signed message in c# with a precomputed signature
问题描述
我正在尝试用C#创建PKCS#7签名的消息。数字签名是在HSM中单独计算的,因此我已经有了签名的值,我只想创建一个包含它的PKCS#7结构。
I'm trying to create a PKCS#7 signed message in C#. The digital signature is being computed separately in an HSM so I already have the value of the signature, I just want to create a PKCS#7 structure that contains it.
I已经研究过在System.Security.Cryptography.Pkcs命名空间中使用SignedCms,但这似乎没有提供预计算签名的选项。
I've looked into using the SignedCms in the System.Security.Cryptography.Pkcs namespace but this doesn't seem to have an option for providing a precomputed signature.
当我已经拥有数字签名的值时,在C#中生成PKCS#7结构的最佳方法是什么?
What is the best way to generate a PKCS#7 structure in C# when I already have the value of the digital signature?
推荐答案
AFAIK您无法使用内置 .NET类来做到这一点。
AFAIK you cannot do that with "built-in" .NET classes.
但是我创建了一个示例应用程序- Pkcs7SignatureGenerator -使用 Pkcs11Interop (我是作者)和 Bouncy Castle 库。
However I have created an example application - Pkcs7SignatureGenerator - for CMS signature creation with Pkcs11Interop (which I am author of) and Bouncy Castle libraries.
在此应用程序中,Pkcs11Interop库通过PKCS#11 API使用存储在硬件设备中的私钥执行签名操作,而BouncyCastle库负责构建CMS(PKCS#7)签名结构。
In this application Pkcs11Interop library performs signing operation via PKCS#11 API with the private key stored in the hardware device and BouncyCastle library is responsible for construction of a CMS (PKCS#7) signature structure.
这篇关于使用预先计算的签名在c#中创建PKCS#7签名的消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!