问题描述

我正在尝试复制此行

openssl smime -sign -signer <chain_crt_file> -in <infile> -out <outfile> -inkey <privatekey> -outform der

进入C#但是，事实证明，它并没有我想象的那么容易.到目前为止，我只是到了这一点

into C# However it didn't turn out to be as easy as I thought. So far I came only this point

OpenSSL.Core.BIO crtBio = OpenSSL.Core.BIO.File("C:/asl/chain.crt", "r");
OpenSSL.Core.BIO keyBio = OpenSSL.Core.BIO.File("C:/asl/keydec.txt", "r");
OpenSSL.X509.X509Chain crt = new OpenSSL.X509.X509Chain(crtBio);
OpenSSL.Crypto.RSA key = OpenSSL.Crypto.RSA.FromPrivateKey(keyBio);

String str = "test";
byte[] bytes = new byte[str.Length * sizeof(char)];
System.Buffer.BlockCopy(str.ToCharArray(), 0, bytes, 0, bytes.Length);

(希望)在哪里导入链证书和已解码的私钥.现在，问题在于如何对文件进行签名并以DER的形式导出.OpenSSL.NET包装器缺少文档，我在互联网上发现的示例是如何使用公钥/私钥对消息进行加密和解密"，在这里不是这种情况.

Where (hopefully) I'm importing chain certificate and decoded private key.Now the thing is how to sign a file and export is as DER.OpenSSL.NET wrapper lacks documentation and examples I found on the internet are 'how to encrypt and decrypt messages using public/private key' which is not a case here.

要开始使用，我尝试对这个测试"字符串进行签名(因为文件输入/输出应该很简单)，但是我不知道从哪里开始.

To get started I tried to sign this "test" string (as file in/out should be pretty straightfoward) but I have no clue where to start.

问题是我需要签名这个字符串，因此我需要密钥和证书链.

The thing is that I need to sign this string thus I will need both key and certificates chain.

非常感谢您的帮助.

推荐答案

OpenSSL源可能是一个不错的起点. OpenSSL为<openssl dir>/apps/smime.c中的smime提供了源.

The OpenSSL source is probably a good place to start. OpenSSL provides the source for smime in <openssl dir>/apps/smime.c.

OpenSSL的smime实用程序仅使用适当的参数调用PKCS7_sign.从688行开始:

OpenSSL's smime utility just calls PKCS7_sign with the appropriate parameters. From around line 688:

else if (operation & SMIME_SIGNERS)
    {
    int i;
    /* If detached data content we only enable streaming if
     * S/MIME output format.
     */
    if (operation == SMIME_SIGN)
        {
        if (flags & PKCS7_DETACHED)
            {
            if (outformat == FORMAT_SMIME)
                flags |= PKCS7_STREAM;
            }
            else if (indef)
                flags |= PKCS7_STREAM;

           flags |= PKCS7_PARTIAL;
           p7 = PKCS7_sign(NULL, NULL, other, in, flags);
           if (!p7)
               goto end;
        }
        ...

了解PKCS7_sign的知识，您可以访问 PKCS7_sign(3) .或者，您可以寻找一个例子.

With knowledge of PKCS7_sign, you can visit OpenSSL's docs at PKCS7_sign(3). Or, you can hunt for an example.

我不知道您使用的包装器.

I don't know about the wrapper you are using.