C# 在.Net Core中使用X509证书对字节数组进行签名
我想用C# 在.Net Core中使用X509证书对字节数组进行签名,c#,cryptography,.net-core,sign,pkcs#12,C#,Cryptography,.net Core,Sign,Pkcs#12,我想用X509Certificate2为字节数组签名 以下是的示例,但我需要与.Net Core相同的示例: var argCertFirmante = new X509Certificate2(file, pass); var infoContenido = new ContentInfo(argBytesMsg); var cmsFirmado = new SignedCms(infoContenido); var cmsFirmante = new CmsSigner(argCer
X509Certificate2 var argCertFirmante = new X509Certificate2(file, pass);
var infoContenido = new ContentInfo(argBytesMsg);
var cmsFirmado = new SignedCms(infoContenido);
var cmsFirmante = new CmsSigner(argCertFirmante)
{ IncludeOption = X509IncludeOption.EndCertOnly };
cmsFirmado.ComputeSignature(cmsFirmante, true);
return cmsFirmado.Encode();
- openssl smime-sign-signer ebookingv4.crt-inkey ebookingv4.key-out ticket.xml.cms-in ticket.xml-outform DER-nodetach
- openssl base64-in-ticket.xml.cms-out-ticket.xml.cms.base64
<PackageReference Include="System.Security.Cryptography.Algorithms"
Version="4.4.0-beta-24913-01" /> <PackageReference
Include="System.Security.Cryptography.Pkcs"
Version="4.5.0-preview1-26119-06" /> <PackageReference
Include="System.Security.Cryptography.X509Certificates"
Version="4.4.0-beta-24913-01" />
根据Apisof.Net的
Apisof.Net- 等待.Net Core的2.0版本,以便您能够使用,并使用
对象对数据进行签名非对称gorithm - 或者您可以使用:
具有用于算法的静态名称,并具有用于填充的默认对象。根据Apisof.Net,这两个类都是类,不会被移植到.Net核心。在这里,您可以做两件事:
- 等待.Net Core的2.0版本,以便您能够使用,并使用
对象对数据进行签名非对称gorithm - 或者您可以使用:
具有用于算法的静态名称,并具有用于填充的默认对象。SignedCms在.NET Core 1.0或1.1中不可用;2.0版也不会。(编辑:它将在即将发布的2.1版本中提供) 如果您只关心写入数据(这比读取数据容易得多),则可以使用RSA.SignData实现有限形式的数据 SignedCms生成DER编码的CMS签名数据值(),该值为
SignedData ::= SEQUENCE {
version CMSVersion,
digestAlgorithms DigestAlgorithmIdentifiers,
encapContentInfo EncapsulatedContentInfo,
certificates [0] IMPLICIT CertificateSet OPTIONAL,
crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
signerInfos SignerInfos
}
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
SignerInfos ::= SET OF SignerInfo
48656c6c6f// SEQUENCE (SignedData)
30 xa [ya [za]]
// INTEGER (Version=1)
02 01 01
// SET (OF DigestAlgorithmIdentifier (digestAlgorithms))
31 xb [yb [zb]]
// SEQUENCE (DigestAlgorithmIdentifier ::= AlgorithmIdentifier)
30 xc [yc [zc]]
// OBJECT IDENTIFIER (2.16.840.1.101.3.4.2.1 == SHA-2-256)
06 09 60 86 48 01 65 03 04 02 01
// SEQUENCE (EncapsulatedContentInfo)
30 xd [yd [zd]]
// OBJECT IDENTIFIER (1.2.840.113549.1.7.1 == pkcs7-data)
06 09 2A 86 48 86 F7 0D 01 07 01
// CONTEXT SPECIFIC 0 - CONSTRUCTED
A0 xe [ye [ze]]
// OCTET STRING (the data goes here)
04 05 48 65 6C 6C 6F // "Hello"
// CONTEXT SPECIFIC 0 - CONSTRUCTED (CertificateSet (certificates))
A0 xf [yf [zf]]
[cert.RawData goes here, which is already DER encoded]
[do you have an intermediate you want to share?
okay, write intermediate.RawData here; repeat]
// skip the crls.
// SET (OF SignerInfo (singerInfos))
31 xg [yg [zg]]
// SEQUENCE (SignerInfo)
30 xh [yh [zh]]
// INTEGER (Version=1)
02 01 01
// SEQUENCE (IssuerAndSerialNumber)
30 xi [yi [zi]]
// SEQUENCE (Issuer)
[cert.IssuerName.RawData]
// OCTECT STRING (SerialNumber)
02 xj [yj [zj]]
[cert.GetSerialNumberBytes() (see note "j")]
// SEQUENCE (DigestAlgorithm (digestAlgorithm))
30 xk [yk [zk]]
// OBJECT IDENTIFIER (2.16.840.1.101.3.4.2.1 == SHA-2-256)
06 09 60 86 48 01 65 03 04 02 01
// skip signedAttrs
// SEQUENCE (DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier)
30 xl [yl [zl]]
// OBJECT IDENTIFIER (1.2.840.113549.1.1.1 == rsaEncryption)
06 09 2A 86 48 86 F7 0D 01 01 01
// NULL (rsaEncryption says parameters must be explicit NULL)
05 00
// OCTECT STRING (signature)
04 xm [ym [zm]]
[rsa.SignData(
new byte[] { 0x48, 0x65, 0x6C, 0x6C, 0x6F },
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1)]
// skip unsignedAttrs
80 01 000D0B00 9B 5D E6 C1 51 26 A5 8B0981 9882 01 BE82 01 C282 02 AB07140B0D820494如果你走这条路,你会得到像
openssl asn1parse-i-dump-inform DERSignedData ::= SEQUENCE {
version CMSVersion,
digestAlgorithms DigestAlgorithmIdentifiers,
encapContentInfo EncapsulatedContentInfo,
certificates [0] IMPLICIT CertificateSet OPTIONAL,
crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
signerInfos SignerInfos
}
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
SignerInfos ::= SET OF SignerInfo
48 65 6C 6C 6F// SEQUENCE (SignedData)
30 xa [ya [za]]
// INTEGER (Version=1)
02 01 01
// SET (OF DigestAlgorithmIdentifier (digestAlgorithms))
31 xb [yb [zb]]
// SEQUENCE (DigestAlgorithmIdentifier ::= AlgorithmIdentifier)
30 xc [yc [zc]]
// OBJECT IDENTIFIER (2.16.840.1.101.3.4.2.1 == SHA-2-256)
06 09 60 86 48 01 65 03 04 02 01
// SEQUENCE (EncapsulatedContentInfo)
30 xd [yd [zd]]
// OBJECT IDENTIFIER (1.2.840.113549.1.7.1 == pkcs7-data)
06 09 2A 86 48 86 F7 0D 01 07 01
// CONTEXT SPECIFIC 0 - CONSTRUCTED
A0 xe [ye [ze]]
// OCTET STRING (the data goes here)
04 05 48 65 6C 6C 6F // "Hello"
// CONTEXT SPECIFIC 0 - CONSTRUCTED (CertificateSet (certificates))
A0 xf [yf [zf]]
[cert.RawData goes here, which is already DER encoded]
[do you have an intermediate you want to share?
okay, write intermediate.RawData here; repeat]
// skip the crls.
// SET (OF SignerInfo (singerInfos))
31 xg [yg [zg]]
// SEQUENCE (SignerInfo)
30 xh [yh [zh]]
// INTEGER (Version=1)
02 01 01
// SEQUENCE (IssuerAndSerialNumber)
30 xi [yi [zi]]
// SEQUENCE (Issuer)
[cert.IssuerName.RawData]
// OCTECT STRING (SerialNumber)
02 xj [yj [zj]]
[cert.GetSerialNumberBytes() (see note "j")]
// SEQUENCE (DigestAlgorithm (digestAlgorithm))
30 xk [yk [zk]]
// OBJECT IDENTIFIER (2.16.840.1.101.3.4.2.1 == SHA-2-256)
06 09 60 86 48 01 65 03 04 02 01
// skip signedAttrs
// SEQUENCE (DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier)
30 xl [yl [zl]]
// OBJECT IDENTIFIER (1.2.840.113549.1.1.1 == rsaEncryption)
06 09 2A 86 48 86 F7 0D 01 01 01
// NULL (rsaEncryption says parameters must be explicit NULL)
05 00
// OCTECT STRING (signature)
04 xm [ym [zm]]
[rsa.SignData(
new byte[] { 0x48, 0x65, 0x6C, 0x6C, 0x6F },
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1)]
// skip unsignedAttrs
80 01 000D0B9B 5D E6 C1 51 26 A5 8B00 9B 5D E6 C1 51 26 A5 8B0981 98