本文介绍了Bouncycastle以ASCII/二进制格式写入cms MIME头的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我使用bouncycastle c#生成cms签名的数据文件,而我的openSsl命令在下面
openssl cms -sign -in data.txt -binary -signer selfsigned.crt -inkey keypair.pem -out data.signed -keyopt rsa_padding_mode:pss 输出文件格式openssl
MIME版本:1.0内容类型:多部分/已签名;protocol ="application/pkcs7-signature";micalg ="sha-256";boundary ="---- DE5BACF44AD3EE95D349BA916BEEB444"这是S/MIME签名的消息------ DE5BACF44AD3EE95D349BA916BEEB444数据在这里------ DE5BACF44AD3EE95D349BA916BEEB444内容类型:application/pkcs7签名;名称="smime.p7s";内容传输编码:base64内容处置:附件;filename ="smime.p7s";一些BASE 64数据------ DE5BACF44AD3EE95D349BA916BEEB444--============================================== BouncyCastle的输出不一样,即以ascii格式编写的标题,类似
0€*†H†÷€0€10`†他0€*†H†÷€$€,数据在这里€0€10`†他0€*†H†÷€$€,€0€10`†他0€*†H†÷€$€,€0€10`†他0€*†H†÷€$€,€0€10`†他0€*†H†÷€$€, 如何获得与openssl相同的标题
cms符号的BouncyCastle代码
无效符号(字节[]数据,字节[] signCert,字节[]私钥){X509CertificateParser解析器=新的X509CertificateParser();X509Certificate证书=解析器.ReadCertificate(signCert);var reader = new StreamReader(new MemoryStream(privateKey),Encoding.Default);AsymmetricCipherKeyPair keyPair =(AsymmetricCipherKeyPair)new PemReader(reader).ReadObject();CmsSignedDataGenerator生成器=新的CmsSignedDataGenerator();generator.AddSigner(keyPair.Private,证书,CmsSignedGenerator.EncryptionRsaPss,CmsSignedGenerator.DigestSha256);列表< X509Certificate>certList = new List< X509Certificate>();certList.Add(certificate);CmsSignedDatasignedData = generator.Generate(CmsSignedGenerator.Data,新CmsProcessableByteArray(data),true);File.WriteAllBytes(@"c:\ data.txt.signed",signedData.GetEncoded());} 有什么想法吗?
解决方案
BouncyCastle不会生成这些标头.您需要自己执行此操作,或者使用像 MimeKit 这样的库来为您完成.>
I using bouncycastle c# to generate cms signed data file and my openSsl command is below
openssl cms -sign -in data.txt -binary -signer selfsigned.crt -inkey keypair.pem -out data.signed -keyopt rsa_padding_mode:pss
The output file form openssl
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----DE5BACF44AD3EE95D349BA916BEEB444"
This is an S/MIME signed message
------DE5BACF44AD3EE95D349BA916BEEB444
Data HERE
------DE5BACF44AD3EE95D349BA916BEEB444
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
SOME BASE 64 DATA
------DE5BACF44AD3EE95D349BA916BEEB444--
===============================================
BouncyCastle output is not that same, i.e the header written in ascii format, something like that
0€ *†H†÷
€0€10
`†He 0€ *†H†÷
€$€‚
Data HERE
€0€10
`†He 0€ *†H†÷
€$€‚ €0€10
`†He 0€ *†H†÷
€$€‚ €0€10
`†He 0€ *†H†÷
€$€‚ €0€10
`†He 0€ *†H†÷
€$€‚
How to get the same header like the openssl
BouncyCastle code for cms sign
void Sign(byte[] data, byte[] signCert, byte[] privateKey){
X509CertificateParser parser = new X509CertificateParser();
X509Certificate certificate = parser.ReadCertificate(signCert);
var reader = new StreamReader(new MemoryStream(privateKey), Encoding.Default);
AsymmetricCipherKeyPair keyPair = (AsymmetricCipherKeyPair)new PemReader(reader).ReadObject();
CmsSignedDataGenerator generator = new CmsSignedDataGenerator();
generator.AddSigner(keyPair.Private, certificate, CmsSignedGenerator.EncryptionRsaPss,
CmsSignedGenerator.DigestSha256);
List<X509Certificate> certList = new List<X509Certificate>();
certList.Add(certificate);
CmsSignedData signedData = generator.Generate(CmsSignedGenerator.Data, new
CmsProcessableByteArray(data), true);
File.WriteAllBytes(@"c:\data.txt.signed", signedData.GetEncoded());
}
Any ideas?
解决方案
BouncyCastle won't produce those headers. You would need to do that yourself or use a library like MimeKit that will do it for you.
这篇关于Bouncycastle以ASCII/二进制格式写入cms MIME头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!