使用signtool和C#签名并验证p7文件 [英] Sign and verify p7 file using signtool and C#
问题描述
我可以使用signtool中的/p7选项对文件进行签名和时间戳记(在我的情况下,我正在对zip文件签名).我可以使用"CryptVerifyMessageSignature"来验证签名,但是提取的文件在前面有6个额外的字节.两种signtool都在添加 这些字节作为标头或提取操作将其添加.
signtool符号/p7< temp dir> /p7co 0/f my.pfx/p< password> /a myfile.zip
在调用CryptVerifyMessageSignature之后,我的解码消息以04 84 01 4a fd c1开头.最后4个字节等于整个文件的大小减去此6个字节的标头.我不知道04 84是什么.如果我写完这6个字节后的所有内容 我又有myfile.zip. signtool是否可以选择不写那些多余的字节,还是应该将解码后的消息读入其中?
谢谢
-戴夫
戴夫,
>>我可以使用CryptVerifyMessageSignature来验证签名,但是提取的文件在前面有6个额外的字节. signtool会将这些字节添加为标头,或者提取操作将其添加为标头.
那很奇怪,您如何在前面检查这些字节?由于您使用了签名工具对文件进行签名,因此我怀疑.NET Framework中的数字签名有问题.
这里有一篇文章介绍了如何使用.NET中的X509证书来开始使用数字签名.
请仔细阅读本文,以确保您不会错过任何内容.
注意:此响应包含对第三方万维网站点的引用. Microsoft提供此信息是为了方便 Microsoft不会控制这些站点,并且未测试这些站点上发现的任何软件或信息;因此,Microsoft无法做出任何陈述 signtool sign /p7 <temp dir> /p7co 0 /f my.pfx /p <password> /a myfile.zip
After calling CryptVerifyMessageSignature, my decoded message starts with 04 84 01 4a fd c1. The last 4 bytes are equal to the size of the whole file minus this 6 byte header. I don't know what the 04 84 is. If I write out everything after these 6 bytes I have myfile.zip again. Is there an option for signtool to not write those extra bytes or is there a structure I'm supposed to read the decoded message into?
Thanks,
-Dave
解决方案Hi Dave,
>>I can verify the signature using CryptVerifyMessageSignature, but the extracted file has 6 extra bytes at the front. Either signtool is adding those bytes as a header or the extraction is adding it.
That's weird, how do you check these bytes at the front? Since you have used Sign tool to signs files, I suspect that there is something wrong with Digital Signatures in .NET Framework.
Here is an article explains how to get started with digital signatures, using X509 certificates in .NET.
Please go through this article to make sure if you miss something.
Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites;Therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.
Best regards,
Kristin
这篇关于使用signtool和C#签名并验证p7文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
