使用AES和rsaEncryption(PKCS#1 v1.5填充而不是v2(OAEP)填充)的EnvelopedCMS可能吗? [英] EnvelopedCMS with AES and rsaEncryption (PKCS#1 v1.5 padding instead of v2 (OAEP) padding) possible?
问题描述
我一直在使用.NET进行加密。到目前为止,我使用3DES(Oid 1.2.840.113549.3.7)与rsaEncryption(Oid 1.2.840.113549.1.1.1,RSAES-PKCS1-v1_5)的组合。虽然第一个现在已被 AES (Oid 2.16.840.1.101.3.4.1.42)替代,但我仍然必须使用 rsaEncryption / RSAES- PKCS1-v1_5 ,而不是 RSAES-OAEP 。
I've been using .NET for cryptographic purposes a bit. Up to now, I used 3DES (Oid 1.2.840.113549.3.7) in combination with rsaEncryption (Oid 1.2.840.113549.1.1.1, RSAES-PKCS1-v1_5). While the first one has now to be replaced by AES (Oid 2.16.840.1.101.3.4.1.42), I still have to use rsaEncryption / RSAES-PKCS1-v1_5, not RSAES-OAEP.
如果我只是传递一个额外的参数,我打电话给EnvelopedCMS构造函数,我可以从3DES切换到AES:
If I just pass an additional argument to the EnvelopedCMS constructor that I'm calling, I can switch from 3DES to AES:
ContentInfo plainContent = new ContentInfo(new Oid("1.2.840.113549.1.7.1"), data);
EnvelopedCms encryptedMessage = new EnvelopedCms(plainContent); // using 3DES
// EnvelopedCms encryptedMessage = new EnvelopedCms(plainContent, new AlgorithmIdentifier(new Oid("2.16.840.1.101.3.4.1.42"))); // for AES (id-aes256-CBC)
CmsRecipient recipient = new CmsRecipient(cert);
encryptedMessage.Encrypt(recipient);
byte[] encryptedBytes = encryptedMessage.Encode();
到目前为止还没事。不幸的是,有些收件人无法解密我的邮件,尽管他们能够解密AES。看看ASN.1结构告诉我,不仅3DES改为AES,而且rsaEncryption(1.2.840.113549.1.1.1)被替换为 RSAES-OAEP (1.2.840.113549.1.1.7 )。我可以用EnvelopedCMS强制使用 RSAES-PKCS1-v1_5 吗?或者您在切换3DES-> AES时看到另一个问题?
That's fine so far. Unfortunately, some recipients cannot decrypt my messages, althought they are able to decrypt AES. Looking at the ASN.1 structure tells me that not only 3DES changed to AES, but also rsaEncryption (1.2.840.113549.1.1.1) was replaced by RSAES-OAEP (1.2.840.113549.1.1.7). Can I somehow force to still use RSAES-PKCS1-v1_5 with EnvelopedCMS? Or do you see another problem in switching 3DES->AES?
编辑:如果我无法将容易更改为v1.5的填充,还有其他选项?手动调用CryptoServiceProviders并建立我自己的PKCS#7信封?有更优雅的方式吗?
In case I cannot change the padding that easily to v1.5, what other options do I have? Manually calling the CryptoServiceProviders and build up the PKCS#7 envelope on my own? Are there more elegant ways?
推荐答案
.NET Framework EnvelopedCms构建在Windows CAPI CryptMsg *函数之上。 CryptMsgOpenToEncode支持两种编码收件人的方法,其中一种是有条件地编译的(虽然我无法识别何时不可用;我怀疑它是一个Win9x vs NT4 / WinXP兼容问题)。
The .NET Framework EnvelopedCms is built on top of Windows CAPI CryptMsg* functions. CryptMsgOpenToEncode supports two ways of encoding recipients, one of which is conditionally compiled (though I haven't been able to identify when it is not available; I suspect it's a Win9x vs NT4/WinXP compat problem).
我想看看可以翻转哪一个可以使用其他的程式码,如果这样会改变你的结果。事实证明,是的,使内部的useCms导致收件人加密算法为1.2.840.113549.1.1.1。
On a whim I looked to see what could flip it to use the other codepath, and if that would change your result here. It turns out, yes, making it internally "useCms" results in the recipient encryption algorithm being 1.2.840.113549.1.1.1.
如果您正在与其他系统进行互操作,就像这里一样,请确保证书在使用此标识表单之前具有明确的SubjectKeyIdentifier扩展名。如果没有一个显式的,.NET / Windows将构成一个隐含的值,而不是所有的CMS实现都将与这种情况下的收件人证书(例如OpenSSL)相匹配。
If you're interoperating with another system, as is the case here, make sure that the certificate has an explicit SubjectKeyIdentifier extension before using this identification form. .NET/Windows will make up an implicit value if there isn't an explicit one, and not all CMS implementations will match the recipient certificate in that case (e.g. OpenSSL).
通过将CmsRecipient更改为
You accomplish this by changing your CmsRecipient to
CmsRecipient recipient = new CmsRecipient(SubjectIdentifierType.SubjectKeyIdentifier, cert);
选项2)添加一个UnprotectedAttribute
EnvelopedCms允许将其他元数据添加到未加密的消息中。指定任何这些值使加密器/编码器使用备用的编程路径。
Option 2) Add an UnprotectedAttribute
EnvelopedCms allows for other metadata to be added onto the message unencrypted. Specifying any of these values makes the encryptor/encoder use the alternate codepath.
在调用加密之前添加
// Pkcs9DocumentName requires a non-empty string.
// You can use any AsnEncodedData value, though.
encryptedMessage.UnprotectedAttributes.Add(new Pkcs9DocumentName("a"));
每个人都在本地测试。
这篇关于使用AES和rsaEncryption(PKCS#1 v1.5填充而不是v2(OAEP)填充)的EnvelopedCMS可能吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
