OpenSSL和C#之间的不同S/MIME签名 [英] Different S/MIME signature between OpenSSL and C#

问题描述

我正在尝试在.Net程序中使用OpenSSL代码.这是代码:

I'm trying to use an OpenSSL code in my .Net program. Here's the code:

openssl pkcs12 -in "My PassKit Cert.p12" -clcerts -nokeys -out certificate.pem
openssl pkcs12 -in "My PassKit Cert.p12" -nocerts -out key.pem
smime -binary -sign -signer certificate.pem -inkey key.pem -in manifest.json -out signature -outform DER

我尝试使用.Net OpenSSL，但是我绝对不知道如何使用它，而且我也找不到适合它的文档.我决定使用.Net来执行相同的签名过程，这是代码:

I tried to use .Net OpenSSL, but I absolutely have no idea how to use it, and I couldn't find a good documentation for it. I decided to use .Net to perform the same sign process, here's the code:

var dataToSign = System.IO.File.ReadAllBytes(filePathToSign);
ContentInfo contentInfo = new ContentInfo(dataToSign);

X509Certificate2 signerCert = new X509Certificate2(System.IO.File.ReadAllBytes(signerPfxCertPath), signerPfxCertPassword);

var signedCms = new SignedCms(contentInfo, true);
var signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signerCert);

signer.IncludeOption = X509IncludeOption.EndCertOnly;
signedCms.ComputeSignature(signer);

var myCmsMessage = signedCms.Encode();

var buf = Encoding.Convert(Encoding.UTF7, Encoding.UTF8, myCmsMessage);

return Encoding.UTF8.GetString(buf, 0, buf.Length);

但是C#和OpenSSL之间的结果并不相同.有人可以帮我吗?

But the results between C# and OpenSSL are not the same. Can someone please help me out?

提前谢谢！

推荐答案

我终于完成了这项工作！

I got this working in the end!

首先，您必须去这里，并安装apple ROOT证书:

First, you must go here, and install the apple ROOT cert:

http://www.apple.com/certificateauthority/

(这是第一个).将其安装到您受信任的根权限中. Mac已经有了这个.

(it's the first one). Install it into your trusted root authority. A Mac already has this.

第二，将开发者证书安装为受信任的根颁发机构，该证书位于开发者门户中，您可以在其中添加设备，创建密码包密钥等等.

Second, install the developer cert as a trusted root authority, which is in the developer portal, where you go to add devices, make passkit keys, all that

https://developer.apple.com/ios/manage/证书/团队/index.action

(您需要登录)

然后，您需要在开发门户中生成密码包密钥，下载它，将其安装在您的Mac上，然后使用私钥将其导出为.p12文件.

then you need to generate your passkit key in the dev portal, download it, install it on your mac, then export it WITH the private key as a .p12 file.

然后您可以将该文件移动到Windows计算机并使用它.生成清单后，我使用了以下代码:

you can then move this file to the windows machine and use it. I used this code, after generating the manifest:

var cert = new X509Certificate2(@"path-to-your.p12", "password");

var buffer = File.ReadAllBytes(Path.Combine(basePath, "manifest.json"));

ContentInfo cont = new ContentInfo(buffer);
var cms = new SignedCms(cont, true);
var signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, cert);

signer.IncludeOption = X509IncludeOption.ExcludeRoot;

cms.ComputeSignature(signer);

var myCmsMessage = cms.Encode();


File.WriteAllBytes(Path.Combine(basePath, "signature"), myCmsMessage);

对不起，这是一堆凌乱的代码，但是有效:)

Sorry, this is rather messy code, but it works :)

别忘了设置

"passTypeIdentifier":"pass.com.yourcompany.NameOfYourPass"， "teamIdentifier":您的团队ID"，

"passTypeIdentifier" : "pass.com.yourcompany.NameOfYourPass", "teamIdentifier" : "YOUR TEAM ID",

在pass.json中！

in the pass.json!

这篇关于OpenSSL和C#之间的不同S/MIME签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！