Fatal编程技术网
  • ruby/
  • Ruby 创建SMIME消息时,如何在使用OpenSSL::PKCS7.sign签名期间使用SHA1摘要

Ruby 创建SMIME消息时,如何在使用OpenSSL::PKCS7.sign签名期间使用SHA1摘要

ruby openssl

Ruby 创建SMIME消息时,如何在使用OpenSSL::PKCS7.sign签名期间使用SHA1摘要,ruby,openssl,smime,Ruby,Openssl,Smime,下面的代码 body = "This is the message body" pkcs7 = OpenSSL::PKCS7.sign @certificate, @pkey, body pkcs7.detached = true smime_signed = OpenSSL::PKCS7.write_smime pkcs7, body 将产生 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-p

下面的代码

body = "This is the message body"
pkcs7 = OpenSSL::PKCS7.sign @certificate, @pkey, body
pkcs7.detached = true
smime_signed = OpenSSL::PKCS7.write_smime pkcs7, body
将产生

MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----F1B5E0635C071F76431AEFB127A7DF88"

This is an S/MIME signed message

------F1B5E0635C071F76431AEFB127A7DF88
This is the message body
------F1B5E0635C071F76431AEFB127A7DF88
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIHSgYJKoZIhvcNAQcCoIIHOzCCBzcCAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwGgggRqMIIEZjCCA06gAwIBAgIQQNnrBxVw4uQUu6QaUH9huTANBgkq
[omitted]
是否可以为micalg设置自定义摘要,如
OpenSSL::digest::SHA1.new
?如果是,怎么做

我尝试了以下方法:

pkcs7 = OpenSSL::PKCS7.new
pkcs7.type = :signed
signer = OpenSSL::PKCS7::Signer.new(@certificate, @pkey, OpenSSL::Digest::SHA1.new)
pkcs7.add_data body
pkcs7.add_certificate(@certificate)
pkcs7.add_signer signer
pkcs7.detached = true
smime_signed = OpenSSL::PKCS7.write_smime pkcs7, body
这将产生

MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha1"; boundary="----0986A4FB87D37510B8051AB492BBF7A2"

This is an S/MIME signed message

------0986A4FB87D37510B8051AB492BBF7A2
This is the message body
------0986A4FB87D37510B8051AB492BBF7A2
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIFcwYJKoZIhvcNAQcCoIIFZDCCBWACAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
DQEHAaCCBGowggRmMIIDTqADAgECAhBA2esHFXDi5BS7pBpQf2G5MA0GCSqGSIb3
[omitted]
这似乎起作用并改变了
micalg
,但区别在于
pkcs7#数据现在返回#

那么,是否可以使用不同的摘要与
OpenSSL::PKCS7.sign
? 如果不是,那么它的等价物是什么

body = "This is the message body"
pkcs7 = OpenSSL::PKCS7.sign @certificate, @pkey, body
pkcs7.detached = true
smime_signed = OpenSSL::PKCS7.write_smime pkcs7, body
在openssl中?

我不知道是否可以使用Ruby绑定指定摘要算法,但等效的openssl命令是:

openssl smime -sign -in body.txt -out out.txt -signer cert.pem -inkey key.pem -md sha1
您可以通过以下方式验证摘要签名:

openssl smime -verify -in out.txt -noverify