C# 使用X509证书进行消息签名
我使用下面的代码在asp.net web服务中使用数字证书对消息进行签名。 签名工作正常,signedMessage.ComputeSignature行需要30到40秒,因此我面临超时异常。当我在windows窗体应用程序下运行时,同样的代码以几分之一秒的速度生成结果。任何线索或帮助C# 使用X509证书进行消息签名,c#,x509,pkcs#7,C#,X509,Pkcs#7,我使用下面的代码在asp.net web服务中使用数字证书对消息进行签名。 签名工作正常,signedMessage.ComputeSignature行需要30到40秒,因此我面临超时异常。当我在windows窗体应用程序下运行时,同样的代码以几分之一秒的速度生成结果。任何线索或帮助 public static string Encrypt(string fullMessage, string certificateName, bool deAttch) { X50
public static string Encrypt(string fullMessage, string certificateName, bool deAttch)
{
X509Certificate2 signer = GetCertificate(certificateName);
byte[] contentBytes = Encoding.ASCII.GetBytes(fullMessage);
Oid contentOid = new Oid("1.2.840.113549.1.7.1", "PKCS 7 Data");
SignedCms signedMessage = new SignedCms(new ContentInfo(contentOid, contentBytes), deAttch);
signedMessage.ComputeSignature(new CmsSigner(signer));
byte[] signedBytes = signedMessage.Encode();
return Convert.ToBase64String(signedBytes).Trim();
}
我不确定这是否应该是一个答案(我不知道它会造成什么影响,但我会找到答案)。只是设置一个属性
cert.IncludeOption = X509IncludeOption.EndCertOnly;
public static string Encrypt(string fullMessage, string certificateName, bool deAttch)
{
X509Certificate2 signer = GetCertificate(certificateName);
byte[] contentBytes = Encoding.ASCII.GetBytes(fullMessage);
Oid contentOid = new Oid("1.2.840.113549.1.7.1", "PKCS 7 Data");
SignedCms signedMessage = new SignedCms(new ContentInfo(contentOid, contentBytes), deAttch);
CmsSigner cert = new CmsSigner(signer);
cert.IncludeOption = X509IncludeOption.EndCertOnly;
signedMessage.ComputeSignature(cert);
byte[] signedBytes = signedMessage.Encode();
return Convert.ToBase64String(signedBytes).Trim();
}
private static X509Certificate2 GetCertificate(string certificateName)
{
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
X509Certificate2 certificate = store.Certificates.Cast<X509Certificate2>().Where(cert => cert.Subject.IndexOf(certificateName) >= 0).FirstOrDefault();
if (certificate == null)
throw new Exception("Certificate " + certificateName + " not found.");
return certificate;
}
publicstaticstringencrypt(stringfullmessage、stringcertificateName、booldeattch)
{
X509Certificate2签名者=GetCertificate(certificateName);
byte[]contentBytes=Encoding.ASCII.GetBytes(fullMessage);
Oid contentOid=新Oid(“1.2.840.113549.1.7.1”,“PKCS 7数据”);
SignedCms signedMessage=新的SignedCms(新的ContentInfo(contentOid,contentBytes),deAttch);
CmsSigner cert=新的CmsSigner(签名者);
cert.IncludeOption=X509IncludeOption.EndCertOnly;
签名信息。计算机签名(cert);
byte[]signedBytes=signedMessage.Encode();
返回Convert.ToBase64String(signedBytes.Trim();
}
私有静态X509Certificate2 GetCertificate(字符串certificateName)
{
X509Store=新的X509Store(StoreName.My,StoreLocation.LocalMachine);
store.Open(OpenFlags.openingonly | OpenFlags.ReadOnly);
X509Certificate2 certificate=store.Certificates.Cast()。其中(cert=>cert.Subject.IndexOf(certificateName)>=0.FirstOrDefault();
如果(证书==null)
抛出新异常(“证书”+certificateName+“未找到”);
退货证明;
}
cert.IncludeOption = X509IncludeOption.EndCertOnly;
public static string Encrypt(string fullMessage, string certificateName, bool deAttch)
{
X509Certificate2 signer = GetCertificate(certificateName);
byte[] contentBytes = Encoding.ASCII.GetBytes(fullMessage);
Oid contentOid = new Oid("1.2.840.113549.1.7.1", "PKCS 7 Data");
SignedCms signedMessage = new SignedCms(new ContentInfo(contentOid, contentBytes), deAttch);
CmsSigner cert = new CmsSigner(signer);
cert.IncludeOption = X509IncludeOption.EndCertOnly;
signedMessage.ComputeSignature(cert);
byte[] signedBytes = signedMessage.Encode();
return Convert.ToBase64String(signedBytes).Trim();
}
private static X509Certificate2 GetCertificate(string certificateName)
{
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
X509Certificate2 certificate = store.Certificates.Cast<X509Certificate2>().Where(cert => cert.Subject.IndexOf(certificateName) >= 0).FirstOrDefault();
if (certificate == null)
throw new Exception("Certificate " + certificateName + " not found.");
return certificate;
}
publicstaticstringencrypt(stringfullmessage、stringcertificateName、booldeattch)
{
X509Certificate2签名者=GetCertificate(certificateName);
byte[]contentBytes=Encoding.ASCII.GetBytes(fullMessage);
Oid contentOid=新Oid(“1.2.840.113549.1.7.1”,“PKCS 7数据”);
SignedCms signedMessage=新的SignedCms(新的ContentInfo(contentOid,contentBytes),deAttch);
CmsSigner cert=新的CmsSigner(签名者);
cert.IncludeOption=X509IncludeOption.EndCertOnly;
签名信息。计算机签名(cert);
byte[]signedBytes=signedMessage.Encode();
返回Convert.ToBase64String(signedBytes.Trim();
}
私有静态X509Certificate2 GetCertificate(字符串certificateName)
{
X509Store=新的X509Store(StoreName.My,StoreLocation.LocalMachine);
store.Open(OpenFlags.openingonly | OpenFlags.ReadOnly);
X509Certificate2 certificate=store.Certificates.Cast()。其中(cert=>cert.Subject.IndexOf(certificateName)>=0.FirstOrDefault();
如果(证书==null)
抛出新异常(“证书”+certificateName+“未找到”);
退货证明;
}
cert.IncludeOption = X509IncludeOption.EndCertOnly;
public static string Encrypt(string fullMessage, string certificateName, bool deAttch)
{
X509Certificate2 signer = GetCertificate(certificateName);
byte[] contentBytes = Encoding.ASCII.GetBytes(fullMessage);
Oid contentOid = new Oid("1.2.840.113549.1.7.1", "PKCS 7 Data");
SignedCms signedMessage = new SignedCms(new ContentInfo(contentOid, contentBytes), deAttch);
CmsSigner cert = new CmsSigner(signer);
cert.IncludeOption = X509IncludeOption.EndCertOnly;
signedMessage.ComputeSignature(cert);
byte[] signedBytes = signedMessage.Encode();
return Convert.ToBase64String(signedBytes).Trim();
}
private static X509Certificate2 GetCertificate(string certificateName)
{
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
X509Certificate2 certificate = store.Certificates.Cast<X509Certificate2>().Where(cert => cert.Subject.IndexOf(certificateName) >= 0).FirstOrDefault();
if (certificate == null)
throw new Exception("Certificate " + certificateName + " not found.");
return certificate;
}
publicstaticstringencrypt(stringfullmessage、stringcertificateName、booldeattch)
{
X509Certificate2签名者=GetCertificate(certificateName);
byte[]contentBytes=Encoding.ASCII.GetBytes(fullMessage);
Oid contentOid=新Oid(“1.2.840.113549.1.7.1”,“PKCS 7数据”);
SignedCms signedMessage=新的SignedCms(新的ContentInfo(contentOid,contentBytes),deAttch);
CmsSigner cert=新的CmsSigner(签名者);
cert.IncludeOption=X509IncludeOption.EndCertOnly;
签名信息。计算机签名(cert);
byte[]signedBytes=signedMessage.Encode();
返回Convert.ToBase64String(signedBytes.Trim();
}
私有静态X509Certificate2 GetCertificate(字符串certificateName)
{
X509Store=新的X509Store(StoreName.My,StoreLocation.LocalMachine);
store.Open(OpenFlags.openingonly | OpenFlags.ReadOnly);
X509Certificate2 certificate=store.Certificates.Cast()。其中(cert=>cert.Subject.IndexOf(certificateName)>=0.FirstOrDefault();
如果(证书==null)
抛出新异常(“证书”+certificateName+“未找到”);
退货证明;
}
cert.IncludeOption = X509IncludeOption.EndCertOnly;
public static string Encrypt(string fullMessage, string certificateName, bool deAttch)
{
X509Certificate2 signer = GetCertificate(certificateName);
byte[] contentBytes = Encoding.ASCII.GetBytes(fullMessage);
Oid contentOid = new Oid("1.2.840.113549.1.7.1", "PKCS 7 Data");
SignedCms signedMessage = new SignedCms(new ContentInfo(contentOid, contentBytes), deAttch);
CmsSigner cert = new CmsSigner(signer);
cert.IncludeOption = X509IncludeOption.EndCertOnly;
signedMessage.ComputeSignature(cert);
byte[] signedBytes = signedMessage.Encode();
return Convert.ToBase64String(signedBytes).Trim();
}
private static X509Certificate2 GetCertificate(string certificateName)
{
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.OpenExistingOnly | OpenFlags.ReadOnly);
X509Certificate2 certificate = store.Certificates.Cast<X509Certificate2>().Where(cert => cert.Subject.IndexOf(certificateName) >= 0).FirstOrDefault();
if (certificate == null)
throw new Exception("Certificate " + certificateName + " not found.");
return certificate;
}
publicstaticstringencrypt(stringfullmessage、stringcertificateName、booldeattch)
{
X509Certificate2签名者=GetCertificate(certificateName);
byte[]contentBytes=Encoding.ASCII.GetBytes(fullMessage);
Oid contentOid=新Oid(“1.2.840.113549.1.7.1”,“PKCS 7数据”);
SignedCms signedMessage=新的SignedCms(新的ContentInfo(contentOid,contentBytes),deAttch);
CmsSigner cert=新的CmsSigner(签名者);
cert.IncludeOption=X509IncludeOption.EndCertOnly;
签名信息。计算机签名(cert);
byte[]signedBytes=signedMessage.Encode();
返回Convert.ToBase64String(signedBytes.Trim();