OpenSSL和C#之间的不同S/MIME签名 [英] Different S/MIME signature between OpenSSL and C#
问题描述
我正在尝试在.Net程序中使用OpenSSL代码.这是代码:
I'm trying to use an OpenSSL code in my .Net program. Here's the code:
openssl pkcs12 -in "My PassKit Cert.p12" -clcerts -nokeys -out certificate.pem
openssl pkcs12 -in "My PassKit Cert.p12" -nocerts -out key.pem
smime -binary -sign -signer certificate.pem -inkey key.pem -in manifest.json -out signature -outform DER
我尝试使用.Net OpenSSL,但是我绝对不知道如何使用它,而且我也找不到适合它的文档.我决定使用.Net来执行相同的签名过程,这是代码:
I tried to use .Net OpenSSL, but I absolutely have no idea how to use it, and I couldn't find a good documentation for it. I decided to use .Net to perform the same sign process, here's the code:
var dataToSign = System.IO.File.ReadAllBytes(filePathToSign);
ContentInfo contentInfo = new ContentInfo(dataToSign);
X509Certificate2 signerCert = new X509Certificate2(System.IO.File.ReadAllBytes(signerPfxCertPath), signerPfxCertPassword);
var signedCms = new SignedCms(contentInfo, true);
var signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signerCert);
signer.IncludeOption = X509IncludeOption.EndCertOnly;
signedCms.ComputeSignature(signer);
var myCmsMessage = signedCms.Encode();
var buf = Encoding.Convert(Encoding.UTF7, Encoding.UTF8, myCmsMessage);
return Encoding.UTF8.GetString(buf, 0, buf.Length);
但是C#和OpenSSL之间的结果并不相同.有人可以帮我吗?
But the results between C# and OpenSSL are not the same. Can someone please help me out?
提前谢谢!
推荐答案
我终于完成了这项工作!
I got this working in the end!
首先,您必须去这里,并安装apple ROOT证书:
First, you must go here, and install the apple ROOT cert:
http://www.apple.com/certificateauthority/
(这是第一个).将其安装到您受信任的根权限中. Mac已经有了这个.
(it's the first one). Install it into your trusted root authority. A Mac already has this.
第二,将开发者证书安装为受信任的根颁发机构,该证书位于开发者门户中,您可以在其中添加设备,创建密码包密钥等等.
Second, install the developer cert as a trusted root authority, which is in the developer portal, where you go to add devices, make passkit keys, all that
https://developer.apple.com/ios/manage/证书/团队/index.action
(您需要登录)
然后,您需要在开发门户中生成密码包密钥,下载它,将其安装在您的Mac上,然后使用私钥将其导出为.p12文件.
then you need to generate your passkit key in the dev portal, download it, install it on your mac, then export it WITH the private key as a .p12 file.
然后您可以将该文件移动到Windows计算机并使用它.生成清单后,我使用了以下代码:
you can then move this file to the windows machine and use it. I used this code, after generating the manifest:
var cert = new X509Certificate2(@"path-to-your.p12", "password");
var buffer = File.ReadAllBytes(Path.Combine(basePath, "manifest.json"));
ContentInfo cont = new ContentInfo(buffer);
var cms = new SignedCms(cont, true);
var signer = new CmsSigner(SubjectIdentifierType.SubjectKeyIdentifier, cert);
signer.IncludeOption = X509IncludeOption.ExcludeRoot;
cms.ComputeSignature(signer);
var myCmsMessage = cms.Encode();
File.WriteAllBytes(Path.Combine(basePath, "signature"), myCmsMessage);
对不起,这是一堆凌乱的代码,但是有效:)
Sorry, this is rather messy code, but it works :)
别忘了设置
"passTypeIdentifier":"pass.com.yourcompany.NameOfYourPass", "teamIdentifier":您的团队ID",
"passTypeIdentifier" : "pass.com.yourcompany.NameOfYourPass", "teamIdentifier" : "YOUR TEAM ID",
在pass.json中!
in the pass.json!
这篇关于OpenSSL和C#之间的不同S/MIME签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!