如果您知道无效的证书是安全的

如果您知道无效的证书是安全的

本文介绍了如果您知道无效的证书是安全的,那么测试X509Certificate.Thumbprint属性是否安全?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用 SmtpClient.Send 以编程方式发送电子邮件.我目前在尝试发送电子邮件时收到 AuthenticationException .这是因为证书验证过程失败.

I'm attempting to send emails programmatically using SmtpClient.Send. I am currently getting an AuthenticationException when attempting to send the email. This is because of the certificate validation procedure failing.

我知道证书是正确的,但是我也理解信任所有证书并不安全,就像这样做的建议一样

I know that the certificate is the correct one, but I also understand that it's not secure to trust all certificates much like the suggestions of doing this:

ServicePointManager.ServerCertificateValidationCallback +=
     (sender, certificate, chain, sslPolicyErrors) => { return true; };

所以我想知道对已知的有效证书指纹进行 Thumbprint 的测试是否足够安全,就像这样:

So I was wondering if testing the Thumbprint for a known valid certificate thumbprint is secure enough, like so:

ServicePointManager.ServerCertificateValidationCallback +=
     (sender, certificate, chain, sslPolicyErrors) =>
     {
         if (sslPolicyErrors == SslPolicyErrors.None)
             return true;
         else if (certificate.GetCertHashString().Equals("B1248012B10248012B"))
             return true;

         return false;
     };

推荐答案

是.

指纹是证书的SHA1哈希,虽然不是绝对不可能,但很难伪造.

The thumbprint is a SHA1 hash of the certificate, and while not absolutely impossible, is extremely difficult to forge.

从技术上讲,目前尚不存在对SHA1的已知可行的第二原像攻击.

In technical terms, there are currently no known feasable second-preimage attacks on SHA1.

但是,如果有任何疑问,您可以使用指纹作为密钥来存储整个证书.然后,您可以将整个证书与您存储的受信任证书进行比较.

However, if in any doubt, you may store the whole certificate, perhaps using the fingerprint as a key. Then you can compare the whole certificate against your stored, trusted certificate.

这篇关于如果您知道无效的证书是安全的,那么测试X509Certificate.Thumbprint属性是否安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-24 19:30