PKCS12签署一个字符串 [英] PKCS12 sign a string

问题描述

我有一个用C＃编写的代码来签名和包含要发送到Web服务的字符串，此代码接收格式为.pfx的证书和证书密码。

I have a code written in C# to sign and envelop a string to be sent to a web service, this code receives a certificate in the format .pfx and the certificate password.

string myString = "Hello World";
X509Certificate2 cert = new X509Certificate2(@"<MY PFX FILE>", "<MY PASS>");
CmsSigner signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, cert);
signer.DigestAlgorithm = new Oid("<MY OID>");

ContentInfo content = new ContentInfo(new Oid("<MY OID>"), new System.Text.UTF8Encoding().GetBytes(myString));
SignedCms signedCms = new SignedCms(content, false);

signedCms.ComputeSignature(signer, false);

var asig = signedCms.Encode();

现在我需要编写一个完全相同的代码，但是在C中，在谷歌上执行了几次搜索后，我找到了一些库。使用这种类型的信息，在这个搜索中我找到了OpenSSL。



但是我没有找到我如何签名和包围信息，就像我一样在C＃做。如果有人可以帮助我，请提前感谢，我怎样才能在C中用C＃做同样的事情。



我尝试了什么：



我用libChilKat进行了一些测试，使用.pfx / .p12到Base64签名的私钥进行C RSA签名 [ ^ ]，当我用我的C＃程序和这个C ++程序加密相同的信息时，输出完全不同，而且，我没有管理如何使用OID摘要算法。 。



使用OpenSSL，我没有找到如何使用PKCS＃7认证签署消息。

Now I need to write a code that does exactly the same thing, but in C, after performing several searches on google, I found some libs. that work with this type of information, and in this search I found OpenSSL.

But I did not find how I could sign and envelop the message, just like I am doing in C#. Thanks in advance if anyone can help me, how can I do the same thing I do in C# in C.

What I have tried:

I did some tests with lib "ChilKat", C RSA Sign Using Private Key from .pfx/.p12 to Base64 Signature[^], when I encrypted the same information with my C# program and with this C++ program, the output is complete different, and, I did not managed how to use the OID digest algorithm...

With OpenSSL, I didn't find how I can sign a message use PKCS#7 certification.

推荐答案

使用OpenSSL时需要完成很多步骤：

1.首先从源（例如文件）读取pfx数据（以DER格式编码）

2.解析它以获取其内容（私钥，证书和CA）
3.使用私钥签名数据



OpenSSL提供一组功能，例如： d2i_PKCS12_fp（）将DER数据导入其内部数据结构。 d2i_PKCS12_fp从文件（由文件指针指定）读取DER格式的PKCS12数据。



使用PKCS12_parse（）获取私钥。

请参阅https://www.openssl.org/docs/man1.1.0/crypto/PKCS12_parse.html



您可以使用EVP_Sign（或其变体）签署您的数据。但是，这并没有创建PKCS＃7签名。



使用PKCS7_sign（）创建PKCS＃7签名。

参见https://www.openssl.org/docs/man1.1.0/crypto/PKCS7_sign.html



祝你好运！

There are quite a few steps that need to be done when using OpenSSL:
1. First read the pfx data (encoded in DER format) from a source (e.g. file)
2. Parse it to get its contents (private key, cert and CAs)
3. Sign data using the private key

OpenSSL provides a set of functions e.g. d2i_PKCS12_fp() to import DER data to its internal data structure. d2i_PKCS12_fp reads PKCS12 data in DER format from a file (specified by file pointer).

Use PKCS12_parse() to get private key.
See https://www.openssl.org/docs/man1.1.0/crypto/PKCS12_parse.html

You may use EVP_Sign (or its variants) to sign your data. However, this doesn;t create a PKCS#7 signature.

Use PKCS7_sign() to create a PKCS#7 signature.
See https://www.openssl.org/docs/man1.1.0/crypto/PKCS7_sign.html

Good luck!

这篇关于PKCS12签署一个字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！